Page 77 of 1054 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-10953

https://notcve.org/view.php?id=CVE-2020-10953

27 Mar 2020 — In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. En GitLab EE versiones 11.7 hasta 12.9, la funcionalidad NPM es vulnerable a un problema de salto de ruta. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-10954

https://notcve.org/view.php?id=CVE-2020-10954

27 Mar 2020 — GitLab through 12.9 is affected by a potential DoS in repository archive download. GitLab versiones hasta 12.9, está afectado por una DoS potencial en una descarga de archivo del repositorio. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-10955 – Debian Security Advisory 4691-1

https://notcve.org/view.php?id=CVE-2020-10955

27 Mar 2020 — GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. GitLab EE/CE versiones 11.1 hasta 12.9, es vulnerable a una manipulación de parámetros en una funcionalidad de carga que permite a un usuario no autorizado leer el contenido disponible bajo carpetas específicas. Two vulnerabiliites have been discovered in PDNS Recursor, a resolving name server; a traffic amplification attack against third... • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-10956

https://notcve.org/view.php?id=CVE-2020-10956

27 Mar 2020 — GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. GitLab versiones 8.10 y posteriores a 12.9, es vulnerable a un ataque de tipo SSRF en una funcionalidad de nota de importación de proyecto. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-10073

https://notcve.org/view.php?id=CVE-2020-10073

13 Mar 2020 — GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. GitLab EE versiones 12.4.2 hasta 12.8.1, permite una Denegación de Servicio. Se detectó internamente que una potencial denegación de servicio que involucra las comprobaciones de permisos podría impactar a una página de inicio de proyecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-10074

https://notcve.org/view.php?id=CVE-2020-10074

13 Mar 2020 — GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. GitLab versiones 10.1 hasta 12.8.1, presenta un Control de Acceso Incorrecto. Se detectó un escenario en el cual una cuenta de GitLab podría ser controlada por medio de un enlace expirado. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-10075

https://notcve.org/view.php?id=CVE-2020-10075

13 Mar 2020 — GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input. GitLab versiones 12.5 hasta 12.8.1, permite una inyección de HTML. Un encabezado de error en particular era potencialmente susceptible a una inyección o a otras vulnerabilidades por medio de una entrada sin escape. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-10076

https://notcve.org/view.php?id=CVE-2020-10076

13 Mar 2020 — GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests. GitLab versiones 12.1 hasta 12.8.1, permite un ataque de tipo XSS. Se detectó una vulnerabilidad de tipo cross-site scripting almacenado cuando se desplegaban peticiones de fusión. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-10077

https://notcve.org/view.php?id=CVE-2020-10077

13 Mar 2020 — GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. GitLab EE versiones 3.0 hasta 12.8.1, permite un ataque de tipo SSRF. Una investigación interna reveló que un servicio obsoleto en particular estaba creando un riesgo de falsificación de petición del lado del servidor. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-10078

https://notcve.org/view.php?id=CVE-2020-10078

13 Mar 2020 — GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability. GitLab versiones 12.1 hasta 12.8.1, permite un ataque de tipo XSS. Se determinó que el formulario de solicitud de una petición de fusión presenta una vulnerabilidad de tipo cross-site scripting almacenado. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •