CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13293
https://notcve.org/view.php?id=CVE-2020-13293
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, el uso de una rama con un nombre hexadecimal podría anular un hash existente • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13293.json https://gitlab.com/gitlab-org/gitlab/-/issues/202690 https://hackerone.com/reports/790634 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13274
https://notcve.org/view.php?id=CVE-2020-13274
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 Un problema de seguridad permitió lograr ataques de Denegación de Servicio por medio del agotamiento de la memoria al cargar artefactos maliciosos en todas las versiones anteriores de GitLab hasta la versión 13.0.1 • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13274.json https://gitlab.com/gitlab-org/gitlab/-/issues/14195 •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13276
https://notcve.org/view.php?id=CVE-2020-13276
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 El usuario puede establecer un correo electrónico como correo electrónico de notificación incluso sin verificar el nuevo correo electrónico en todas las versiones anteriores de GitLab CE/EE hasta la 13.0.1 • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13276.json https://gitlab.com/gitlab-org/gitlab/-/issues/25994 https://hackerone.com/reports/471907 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2020-14155 – pcre: Integer overflow when parsing callout numeric arguments
https://notcve.org/view.php?id=CVE-2020-14155
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2021/Feb/14 https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release https://bugs.gentoo.org/717920 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://security.netapp.com/advisory/ntap-20221028-0010 https://support.apple.com/kb/HT211931 https://support.apple.com/kb/HT212147 https://www.oracle.com/security-alerts/cp • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13271
https://notcve.org/view.php?id=CVE-2020-13271
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 Una vulnerabilidad de tipo Cross-Site Scripting Almacenado permitió la ejecución de código Javascript arbitrario en la API blobs en todas las versiones anteriores de GitLab CE/EE hasta 13.0.1 • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13271.json https://gitlab.com/gitlab-org/gitlab/-/issues/200094 https://hackerone.com/reports/672150 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •