[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) Thu, 12 Sep 2024 23:48:38 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e2a9f0e3 by Moritz Muehlenhoff at 2024-09-13T08:48:04+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -114,7 +114,7 @@ CVE-2024-46673 [scsi: aacraid: Fix double-free on probe 
failure]
        - linux 6.10.9-1
        NOTE: 
https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)
 CVE-2024-8754 (An issue has been discovered in GitLab EE/CE affecting all 
versions fr ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2024-8750 (Cross-site Scripting (XSS) vulnerability in idoit pro version 
28. This ...)
        NOT-FOR-US: idoit pro
 CVE-2024-8749 (SQL injection vulnerability in idoit pro version 28. This 
vulnerabilit ...)
@@ -156,9 +156,9 @@ CVE-2024-8529 (The LearnPress \u2013 WordPress LMS Plugin 
plugin for WordPress i
 CVE-2024-8522 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress 
is vul ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-8311 (An issue was discovered with pipeline execution policies in 
GitLab EE  ...)
-       TODO: check
+       - gitlab <not-affected> (Specific to EE)
 CVE-2024-8124 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2024-8056 (The MM-Breaking News WordPress plugin through 0.7.9 does not 
escape th ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-8054 (The MM-Breaking News WordPress plugin through 0.7.9 does not 
have CSRF ...)
@@ -196,15 +196,15 @@ CVE-2024-6701 (Pega Platform versions 8.1 to Infinity 
24.1.2 are affected by an
 CVE-2024-6700 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by 
an XSS i ...)
        NOT-FOR-US: Pega Platform
 CVE-2024-6678 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2024-6658 (Improper Input Validation vulnerability of Authenticated User 
in Progr ...)
        NOT-FOR-US: Progress LoadMaster
 CVE-2024-6510 (Local Privilege Escalation in AVG Internet Security v24 on 
Windows all ...)
        NOT-FOR-US: AVG Internet Security
 CVE-2024-6446 (An issue has been discovered in GitLab affecting all versions 
starting ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2024-6389 (An issue was discovered in GitLab-CE/EE affecting all versions 
startin ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2024-6077 (A denial-of-service vulnerability exists in the Rockwell 
Automation af ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2024-6019 (The Music Request Manager WordPress plugin through 1.3 does not 
saniti ...)
@@ -216,13 +216,13 @@ CVE-2024-6017 (The Music Request Manager WordPress plugin 
through 1.3 does not h
 CVE-2024-5799 (The CM Pop-Up Banners for WordPress plugin before 1.7.3 does 
not sanit ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-5435 (An issue has been discovered discovered in GitLab EE/CE 
affecting all  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2024-4660 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
-       TODO: check
+       - gitlab <not-affected> (Specific to EE)
 CVE-2024-4612 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
-       TODO: check
+       - gitlab <not-affected> (Specific to EE)
 CVE-2024-4472 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2024-45857 (Deserialization of untrusted data can occur in versions 2.4.0 
or newer ...)
        NOT-FOR-US: Cleanlab project
 CVE-2024-45856 (A cross-site scripting (XSS) vulnerability exists in all 
versions of t ...)
@@ -317,7 +317,7 @@ CVE-2024-32842 (An unspecified SQL injection in Ivanti EPM 
before 2022 SU6, or t
 CVE-2024-32840 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or 
the 202 ...)
        NOT-FOR-US: Ivanti
 CVE-2024-2743 (An issue was discovered in GitLab-EE starting with version 13.3 
before ...)
-       TODO: check
+       - gitlab <not-affected> (Specific to EE)
 CVE-2024-2010 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
        TODO: check
 CVE-2024-29847 (Deserialization of untrusted data in the agent portal of 
Ivanti EPM be ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a9f0e3b9f3e44860c96cb3791105dfdd34d645

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a9f0e3b9f3e44860c96cb3791105dfdd34d645
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new gitlab issues

Reply via email to