Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-12778 |
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Published: August 09, 2020; 11:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-12777 |
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. Published: August 09, 2020; 11:15:12 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-17452 |
flatCore before 1.5.7 allows upload and execution of a .php file by an admin. Published: August 09, 2020; 3:15:12 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2020-17451 |
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. Published: August 09, 2020; 3:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2020-16248 |
Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability Published: August 09, 2020; 1:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.8 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-15831 |
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-15830 |
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-15829 |
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-15828 |
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-15827 |
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-15826 |
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-15825 |
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2020-15824 |
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2020-15823 |
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-15821 |
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-15820 |
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. Published: August 08, 2020; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-15819 |
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. Published: August 08, 2020; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-15818 |
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. Published: August 08, 2020; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-15817 |
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. Published: August 08, 2020; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2019-19704 |
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. Published: August 08, 2020; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |