|
212361
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository.
|
CWE-20
Improper Input Validation
|
CVE-2020-13317
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212362
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error …
|
NVD-CWE-Other
|
CVE-2020-13314
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212363
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.
|
CWE-863
Incorrect Authorization
|
CVE-2020-13313
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212364
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-13312
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212365
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the use…
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2020-13311
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212366
|
7.3 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
|
NVD-CWE-noinfo
|
CVE-2020-13318
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212367
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.
|
NVD-CWE-noinfo
|
CVE-2020-13316
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212368
|
9.8 |
CRITICAL
Network
|
erlang
|
rebar3
|
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.
|
CWE-78
OS Command
|
CVE-2020-13802
|
2024-11-21 14:01 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212369
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?ac…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13828
|
2024-11-21 14:01 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212370
|
4.6 |
MEDIUM
Physics
|
gigadevice
|
gd32f103_firmware
|
The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-13472
|
2024-11-21 14:01 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
