[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) Wed, 04 Oct 2023 08:02:04 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
af7e49a2 by Moritz Muehlenhoff at 2023-10-04T17:01:02+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -533,7 +533,7 @@ CVE-2023-5301 (A vulnerability classified as critical was 
found in DedeCMS 5.7.1
 CVE-2023-5300 (A vulnerability classified as critical has been found in 
TTSPlanning u ...)
        NOT-FOR-US: TTSPlanning
 CVE-2023-5207 (A vulnerability was discovered in GitLab CE and EE affecting 
all versi ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a 
crash rela ...)
        {DLA-3598-1}
        - libvpx 1.12.0-1.2
@@ -695,7 +695,7 @@ CVE-2023-41657 (Auth. (admin+) Stored Cross-Site Scripting 
(XSS) vulnerability i
 CVE-2023-41655 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Andr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-3413 (An issue has been discovered in GitLab affecting all versions 
starting ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write 
response' pac ...)
        NOT-FOR-US: Silabs
 CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible 
for a r ...)
@@ -703,7 +703,7 @@ CVE-2023-39410 (When deserializing untrusted or corrupted 
data, it is possible f
 CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 
UserFeedbac ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions 
prior to ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to  an 
Insecure File  ...)
        NOT-FOR-US: Gym Management System Project
 CVE-2023-5077 (The Vault and Vault Enterprise ("Vault") Google Cloud secrets 
engine d ...)
@@ -713,7 +713,7 @@ CVE-2023-5053 (Hospital management system version 378c157 
allows to bypass authe
 CVE-2023-5004 (Hospital management system version 378c157 allows to bypass 
authentica ...)
        NOT-FOR-US: Hospital management system
 CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions 
starting ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of 
servic ...)
        NOT-FOR-US: Zod
 CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect 
Issuer in Le ...)
@@ -760,21 +760,21 @@ CVE-2023-43014 (Asset Management System v1.0 is 
vulnerable to  an Authenticated
 CVE-2023-43013 (Asset Management System v1.0 is vulnerable to an  
unauthenticated SQL  ...)
        NOT-FOR-US: Asset Management System
 CVE-2023-3979 (An issue has been discovered in GitLab affecting all versions 
starting ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2023-3922 (An issue has been discovered in GitLab affecting all versions 
starting ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2023-3920 (An issue has been discovered in GitLab affecting all versions 
starting ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2023-3917 (Denial of Service in pipelines affecting all versions of Gitlab 
EE and ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2023-3914 (A business logic error in GitLab EE affecting all versions 
prior to 16 ...)
-       TODO: check
+       - gitlab <not-affected> (Specific to EE)
 CVE-2023-3906 (An input validation issue in the asset proxy in GitLab EE, 
affecting a ...)
-       TODO: check
+       - gitlab <not-affected> (Specific to EE)
 CVE-2023-3775 (A Vault Enterprise Sentinel Role Governing Policy created by an 
operat ...)
        NOT-FOR-US: HashiCorp Vault
 CVE-2023-3115 (An issue has been discovered in GitLab EE affecting all 
versions affec ...)
-       TODO: check
+       - gitlab <not-affected> (Specific to EE)
 CVE-2023-32477 (Dell Common Event Enabler 8.9.8.2 for Windows and prior, 
contain an im ...)
        NOT-FOR-US: Dell
 CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output 
error backt ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af7e49a2901a6e4762ca779885efe88d6efdfd16

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af7e49a2901a6e4762ca779885efe88d6efdfd16
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new gitlab issues

Reply via email to