Skip to main content
CVE-2020-14930 HIGH POC This Week

An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Bt Ctroms Terminal
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
3.4%
CVE-2020-8184 HIGH POC PATCH This Week

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rack Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-8164 HIGH POC PATCH This Week

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Rails Debian Linux Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2020-8162 HIGH POC PATCH This Week

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Rails Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-13263 HIGH This Week

An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-13272 HIGH This Week

OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-13275 HIGH This Week

A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-5590 HIGH PATCH This Week

Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ec Cube
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2020-14019 HIGH PATCH This Week

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rtslib Fb
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-13274 HIGH This Week

A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-13273 HIGH This Week

A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-14929 HIGH PATCH This Week

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Alpine Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-14459 HIGH This Week

An issue was discovered in Mattermost Server before 5.19.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-14458 HIGH This Week

An issue was discovered in Mattermost Server before 5.19.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-14453 HIGH This Week

An issue was discovered in Mattermost Server before 5.21.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-14451 HIGH This Week

An issue was discovered in Mattermost Mobile Apps before 1.29.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Apple Mattermost Mobile
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-14450 HIGH This Week

An issue was discovered in Mattermost Server before 5.22.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-14449 HIGH This Week

An issue was discovered in Mattermost Mobile Apps before 1.30.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Mobile
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-14448 HIGH This Week

An issue was discovered in Mattermost Server before 5.23.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-14447 HIGH This Week

An issue was discovered in Mattermost Server before 5.23.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-14456 HIGH This Week

An issue was discovered in Mattermost Desktop App before 4.4.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
CVSS 3.1
7.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy