Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
83049c83 by Salvatore Bonaccorso at 2022-08-31T07:14:25+02:00
Add some new gitlab CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -589,6 +589,9 @@ CVE-2022-3032
RESERVED
CVE-2022-3031
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-3030
RESERVED
CVE-2022-3029
@@ -787,6 +790,9 @@ CVE-2022-2993
RESERVED
CVE-2022-2992
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's
LightNVM ...)
- linux 5.15.3-1 (unimportant)
[bullseye] - linux 5.10.120-1
@@ -1153,6 +1159,9 @@ CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in
GitHub repository bustl
NOT-FOR-US: Mobiledoc Kit
CVE-2022-2931
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2930 (Unverified Password Change in GitHub repository
octoprint/octoprint pr ...)
- octoprint <itp> (bug #718591)
CVE-2022-2929
@@ -1624,8 +1633,14 @@ CVE-2022-37333 (SQL injection vulnerability in the
Exment ((PHP8) exceedone/exme
NOT-FOR-US: Exment
CVE-2022-2908
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2907
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2906
RESERVED
CVE-2022-2905
@@ -1926,6 +1941,9 @@ CVE-2022-2866
RESERVED
CVE-2022-2865
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2864
RESERVED
CVE-2022-2863
@@ -4632,6 +4650,9 @@ CVE-2022-2631 (Improper Access Control in GitHub
repository tooljet/tooljet prio
NOT-FOR-US: ToolJet
CVE-2022-2630
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2629
RESERVED
CVE-2022-2628
@@ -5365,6 +5386,9 @@ CVE-2022-37041 (An issue was discovered in
ProxyServlet.java in the /proxy servl
NOT-FOR-US: Zimbra
CVE-2022-2592
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2591 (A vulnerability classified as critical has been found in TEM
FLEX-1085 ...)
NOT-FOR-US: TEM
CVE-2022-37040
@@ -6789,6 +6813,9 @@ CVE-2022-2534 (An issue has been discovered in GitLab
CE/EE affecting all versio
- gitlab <unfixed>
CVE-2022-2533
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2532 (The Feed Them Social WordPress plugin before 3.0.1 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2531 (An issue has been discovered in GitLab EE affecting all
versions start ...)
@@ -6821,6 +6848,9 @@ CVE-2022-36430
RESERVED
CVE-2022-2527
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a
heap-based buf ...)
- gdk-pixbuf 2.42.8+dfsg-1
[buster] - gdk-pixbuf <not-affected> (Vulnerable code not present; GIF
animation support added later)
@@ -7725,6 +7755,9 @@ CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0 through
1.9.7, 1.10.4, and 1.11
NOT-FOR-US: HashiCorp Vault
CVE-2022-2455
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-36128
RESERVED
CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to
0.5.1. The ...)
@@ -8326,6 +8359,9 @@ CVE-2022-2429
RESERVED
CVE-2022-2428
RESERVED
+ [experimental] - gitlab 15.2.3+ds1-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2427
RESERVED
CVE-2022-2426 (The Thinkific Uploader WordPress plugin through 1.0.0 does not
sanitis ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83049c833badfe4f103ea27580aa4c9e3e5ffe4c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83049c833badfe4f103ea27580aa4c9e3e5ffe4c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
