CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2020-10080 GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-10082 GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-10083 GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied. | 9.1 | CRITICAL | — | 0 |
| CVE-2020-10084 GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace | 5.3 | MEDIUM | — | 0 |
| CVE-2020-10085 GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-10086 GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-10087 GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. | 7.5 | HIGH | — | 0 |
| CVE-2020-10088 GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. | 8.1 | HIGH | — | 0 |
| CVE-2020-10089 GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, | 7.5 | HIGH | — | 0 |
| CVE-2020-10090 GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-10091 GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-10092 GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-10218 A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-13203 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that wou... | 8.8 | HIGH | — | 0 |
| CVE-2019-13204 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13205 All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when ... | 7.5 | HIGH | — | 0 |
| CVE-2019-13206 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application ... | 8.8 | HIGH | — | 0 |
| CVE-2019-13393 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Au... | 7.5 | HIGH | — | 0 |
| CVE-2019-13394 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13395 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings,... | 8.8 | HIGH | — | 0 |
| CVE-2020-10073 GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. | 7.5 | HIGH | — | 0 |
| CVE-2020-10074 GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10075 GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-10076 GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-10077 GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13165 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13166 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. | 7.5 | HIGH | — | 0 |
| CVE-2019-13167 Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to sessio... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-13168 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13169 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to exe... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13195 The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if ... | 7.5 | HIGH | — | 0 |
| CVE-2019-13170 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local ac... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-13171 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unaut... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13172 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execut... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13192 Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to e... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13193 Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to ... | 8.8 | HIGH | — | 0 |
| CVE-2019-13194 Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a spec... | 7.5 | HIGH | — | 0 |
| CVE-2019-13196 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application ... | 8.8 | HIGH | — | 0 |
| CVE-2019-13197 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attack... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13198 The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking o... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-13199 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local ac... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-13200 The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijackin... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-13201 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13202 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the we... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-14299 Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local acco... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-14303 Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. | 7.5 | HIGH | — | 0 |
| CVE-2019-14309 Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored... | 7.5 | HIGH | — | 0 |
| CVE-2019-3770 Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could expl... | 6.4 | MEDIUM | — | 0 |
| CVE-2019-14310 Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19611 An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. F... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.