|
210481
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-13312
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210482
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the use…
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2020-13311
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210483
|
7.3 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
|
NVD-CWE-noinfo
|
CVE-2020-13318
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210484
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.
|
NVD-CWE-noinfo
|
CVE-2020-13316
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210485
|
9.8 |
CRITICAL
Network
|
erlang
|
rebar3
|
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.
|
CWE-78
OS Command
|
CVE-2020-13802
|
2024-11-21 14:01 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210486
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?ac…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13828
|
2024-11-21 14:01 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210487
|
4.6 |
MEDIUM
Physics
|
gigadevice
|
gd32f103_firmware
|
The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-13472
|
2024-11-21 14:01 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210488
|
6.8 |
MEDIUM
Physics
|
apexmic
|
apm32f103_firmware
|
Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.
|
NVD-CWE-noinfo
|
CVE-2020-13471
|
2024-11-21 14:01 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210489
|
4.6 |
MEDIUM
Physics
|
gigadevice
|
gd32f103_firmware
gd32f130_firmware
|
Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-13470
|
2024-11-21 14:01 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210490
|
4.6 |
MEDIUM
Physics
|
gigadevice
|
gd32vf103_firmware
|
The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-13469
|
2024-11-21 14:01 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
