Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee52cff6 by Moritz Muehlenhoff at 2025-04-04T20:48:16+02:00
record gitlab fixes in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18174,7 +18174,7 @@ CVE-2025-0108 (An authentication bypass in the Palo
Alto Networks PAN-OS softwar
CVE-2024-8266 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- gitlab <unfixed>
CVE-2024-7102 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-57605 (Cross Site Scripting vulnerability in Daylight Studio Fuel CMS
v.1.5.2 ...)
NOT-FOR-US: Daylight Studio Fuel CMS
CVE-2024-57604 (An issue in MaysWind ezBookkeeping 0.7.0 allows a remote
attacker to e ...)
@@ -35272,7 +35272,7 @@ CVE-2024-8798 (No proper validation of the length of
user input in olcp_ind_hand
CVE-2024-8650 (An issue was discovered in GitLab CE/EE affecting all versions
from 15 ...)
- gitlab <unfixed>
CVE-2024-8116 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-5333 (The Events Calendar WordPress plugin before 6.8.2.1 is missing
access ...)
NOT-FOR-US: WordPress plugin
CVE-2024-56112 (CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via
token or us ...)
@@ -35997,7 +35997,7 @@ CVE-2024-8647 (An issue was discovered in GitLab
affecting all versions starting
CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2024-8179 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-55888 (Hush Line is an open-source whistleblower management system.
Starting ...)
NOT-FOR-US: Hush Line
CVE-2024-55886 (OpenSearch Data Prepper is a component of the OpenSearch
project that ...)
@@ -40327,9 +40327,9 @@ CVE-2024-8237 (A Denial of Service (DoS) issue has been
discovered in GitLab CE/
CVE-2024-8236 (The Elementor Website Builder \u2013 More than Just a Page
Builder plu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8177 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-8114 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-53976 (Under certain circumstances, navigating to a webpage would
result in t ...)
- firefox <not-affected> (Specific to Firefox on iOS)
CVE-2024-53975 (Accessing a non-secure HTTP site that uses a non-existent port
may cau ...)
@@ -61602,7 +61602,7 @@ CVE-2024-8522 (The LearnPress \u2013 WordPress LMS
Plugin plugin for WordPress i
CVE-2024-8311 (An issue was discovered with pipeline execution policies in
GitLab EE ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-8124 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-8056 (The MM-Breaking News WordPress plugin through 0.7.9 does not
escape th ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8054 (The MM-Breaking News WordPress plugin through 0.7.9 does not
have CSRF ...)
@@ -65770,7 +65770,7 @@ CVE-2024-8076 (A vulnerability was found in TOTOLINK
AC1200 T8 4.1.5cu.862_B2023
CVE-2024-8075 (A vulnerability has been found in TOTOLINK AC1200 T8
4.1.5cu.862_B2023 ...)
NOT-FOR-US: TOTOLINK
CVE-2024-8041 (A Denial of Service (DoS) issue has been discovered in GitLab
CE/EE af ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-7848 (The User Private Files \u2013 WordPress File Sharing Plugin
plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7778 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable
to Store ...)
@@ -69696,10 +69696,10 @@ CVE-2024-0113 (NVIDIA Mellanox OS, ONYX, Skyway, and
MetroX-3 XCC contain a vuln
CVE-2024-7557 (A vulnerability was found in OpenShift AI that allows for
authenticati ...)
NOT-FOR-US: OpenShift
CVE-2024-7610 (A Denial of Service (DoS) condition has been discovered in
GitLab CE/E ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/468917
CVE-2024-7554 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/471555
CVE-2024-7490 (Improper Input Validation vulnerability in Microchip Techology
Advance ...)
NOT-FOR-US: Microchip
@@ -73558,15 +73558,15 @@ CVE-2024-1724 (In snapd versions prior to 2.62, when
using AppArmor for enforcem
CVE-2023-7271 (Privilege escalation vulnerability in the NMS module Impact:
Successfu ...)
NOT-FOR-US: Huawei
CVE-2024-7091 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-7081 (A vulnerability was found in itsourcecode Tailoring Management
System ...)
NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2024-7060 (An information disclosure vulnerability in GitLab CE/EE in
project/gro ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-7057 (An information disclosure vulnerability in GitLab CE/EE
affecting all ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-7047 (A cross site scripting vulnerability exists in GitLab CE/EE
affecting ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6972 (In affected versions of Octopus Server under certain
circumstances it ...)
NOT-FOR-US: Octopus Server
CVE-2024-5067 (An issue was discovered in GitLab EE affecting all versions
starting f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee52cff617c3553d34db5b05c8365693cd7eccca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee52cff617c3553d34db5b05c8365693cd7eccca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
