Export limit exceeded: 337503 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 76228 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76228 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13299 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.1 High |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. | ||||
| CVE-2020-13298 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.2 High |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. | ||||
| CVE-2020-13291 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.1 High |
| In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | ||||
| CVE-2020-13290 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page | ||||
| CVE-2020-13285 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.3 High |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. | ||||
| CVE-2020-13283 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.3 High |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. | ||||
| CVE-2020-13279 | 1 Gitlab | 1 Gitlab-vscode-extension | 2024-11-21 | 8.6 High |
| Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | ||||
| CVE-2020-13276 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.4 High |
| User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | ||||
| CVE-2020-13275 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8 High |
| A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | ||||
| CVE-2020-13274 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | ||||
| CVE-2020-13273 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | ||||
| CVE-2020-13272 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | ||||
| CVE-2020-13270 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API | ||||
| CVE-2020-13263 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | ||||
| CVE-2020-13259 | 1 Rad | 2 Secflow-1v, Secflow-1v Firmware | 2024-11-21 | 8.8 High |
| A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260. | ||||
| CVE-2020-13252 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. | ||||
| CVE-2020-13250 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4. | ||||
| CVE-2020-13249 | 4 Fedoraproject, Mariadb, Opensuse and 1 more | 7 Fedora, Connector\/c, Leap and 4 more | 2024-11-21 | 8.8 High |
| libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. | ||||
| CVE-2020-13247 | 1 Boolebox | 1 Boolebox | 2024-11-21 | 7.3 High |
| BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area. | ||||
| CVE-2020-13246 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 High |
| An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another. | ||||