CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 120 / 279
«« 先頭 « 前へ 1 / 14 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2020-13270 Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API 7.5 1.41% 2020-06-10 2026-06-16
CVE-2020-13272 OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow 7.5 0.58% 2020-06-19 2026-06-16
CVE-2020-13273 A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 7.5 1.19% 2020-06-19 2026-06-16
CVE-2020-13274 A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 7.5 1.15% 2020-06-19 2026-06-16
CVE-2020-13275 A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 8.0 1.04% 2020-06-19 2026-06-16
CVE-2020-13276 User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 7.4 0.67% 2020-06-19 2026-06-16
CVE-2020-13263 An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. 7.5 1.02% 2020-06-19 2026-06-16
CVE-2020-13279 Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system 8.6 1.20% 2020-06-22 2026-06-16
CVE-2020-13292 In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. 9.6 1.00% 2020-08-10 2026-06-16
CVE-2020-13290 In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page 7.5 1.11% 2020-08-12 2026-06-16
CVE-2020-13291 In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. 8.1 0.96% 2020-08-12 2026-06-16
CVE-2020-13283 For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. 7.3 0.85% 2020-08-13 2026-06-16
CVE-2020-13285 For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. 7.3 1.01% 2020-08-13 2026-06-16
CVE-2020-13299 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. 8.1 1.23% 2020-09-14 2026-06-16
CVE-2020-13300 GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. 8.0 1.29% 2020-09-14 2026-06-16
CVE-2020-13298 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. 7.2 1.24% 2020-09-14 2026-06-16
CVE-2020-13303 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project. 7.1 1.16% 2020-09-15 2026-06-16
CVE-2020-13321 A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. 8.3 1.40% 2020-09-30 2026-06-16
CVE-2020-13322 A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. 7.2 1.14% 2020-09-30 2026-06-16
CVE-2020-13323 A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos 7.7 1.09% 2020-09-30 2026-06-16
«« 先頭 « 前へ 1 / 14 次へ »
cvelogic Threat Intelligence