CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2020-14155 – pcre: Integer overflow when parsing callout numeric arguments
https://notcve.org/view.php?id=CVE-2020-14155
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2021/Feb/14 https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release https://bugs.gentoo.org/717920 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://security.netapp.com/advisory/ntap-20221028-0010 https://support.apple.com/kb/HT211931 https://support.apple.com/kb/HT212147 https://www.oracle.com/security-alerts/cp • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-13269
https://notcve.org/view.php?id=CVE-2020-13269
A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 Una vulnerabilidad de tipo Cross-Site Scripting Reflejado permitió la ejecución de código Javascript arbitrario en el Static Site Editor en GitLab CE/EE versiones 12.10 y posteriores hasta 13.0.1 • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13269.json https://gitlab.com/gitlab-org/gitlab/-/issues/216528 https://hackerone.com/reports/864356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13270
https://notcve.org/view.php?id=CVE-2020-13270
Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API Una falta de comprobación de permisos en la creación de relaciones de bifurcación en GitLab CE/EE versiones 11.3 y posteriores hasta 13.0.1, permite a usuarios invitados crear una relación de bifurcación en proyectos públicos restringidos mediante la API • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13270.json https://gitlab.com/gitlab-org/gitlab/-/issues/24648 https://hackerone.com/reports/419977 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13268
https://notcve.org/view.php?id=CVE-2020-13268
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1 Se podría usar una petición especialmente diseñada para confirmar la existencia de archivos alojados en servicios de almacenamiento de objetos, sin revelar su contenido. Esta vulnerabilidad afecta a GitLab CE/EE versiones 12.10 y posteriores hasta 13.0.1 • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13268.json https://gitlab.com/gitlab-org/gitlab/-/issues/214220 https://hackerone.com/reports/848415 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13267
https://notcve.org/view.php?id=CVE-2020-13267
A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 Una vulnerabilidad de tipo Cross-Site Scripting Almacenado, permitió la ejecución en cargas útiles de Javascript en el Metrics Dashboard en GitLab CE/EE versiones 12.8 y posteriores hasta 13.0.1 • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13267.json https://gitlab.com/gitlab-org/gitlab/-/issues/211956 https://hackerone.com/reports/824773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •