Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1bce75cd by Moritz Muehlenhoff at 2023-06-12T10:58:05+02:00 334 gitlab CVEs fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -258,7 +258,7 @@ CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0 has a System account w CVE-2023-2530 (A privilege escalation allowing remote code execution was discovered i ...) - puppet <not-affected> (Specific to Puppet Enterprise) CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-4380 (The Pinterest Automatic plugin for WordPress is vulnerable to authoriz ...) NOT-FOR-US: Pinterest Automatic plugin for WordPress CVE-2021-4379 (The WooCommerce Multi Currency plugin for WordPress is vulnerable to a ...) @@ -660,7 +660,7 @@ CVE-2013-10029 (A vulnerability classified as problematic was found in Exit Box CVE-2023-2589 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab <not-affected> (Specific to EE) CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate in fs/ ...) - linux 5.19.6-1 NOTE: https://git.kernel.org/linus/85f02d6c856b9f3a0acf5219de6e32f58b9778eb (6.0-rc2) @@ -3214,7 +3214,7 @@ CVE-2023-31404 (Under certain conditions,SAP BusinessObjects Business Intelligen CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer prior to 1 ...) NOT-FOR-US: answerdev/answer CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.) NOT-FOR-US: jsreport CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS which can ...) @@ -4650,9 +4650,9 @@ CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL Injecti CVE-2023-2200 RESERVED CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-30912 RESERVED CVE-2023-30911 @@ -4791,7 +4791,7 @@ CVE-2023-2183 (Grafana is an open-source platform for monitoring and observabili CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab <not-affected> (Specific to EE) CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions before 1 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin through ...) @@ -5096,7 +5096,7 @@ CVE-2023-2133 (Out of bounds memory access in Service Worker API in Google Chrom - chromium 112.0.5615.138-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2132 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS co ...) NOT-FOR-US: INEA ME RTU firmware CVE-2023-2130 (A vulnerability classified as critical has been found in SourceCodeste ...) @@ -5732,7 +5732,7 @@ CVE-2023-2071 CVE-2023-2070 RESERVED CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-2068 RESERVED CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) @@ -5846,11 +5846,11 @@ CVE-2023-2017 (Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0 CVE-2023-2016 RESERVED CVE-2023-2015 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-2014 (Cross-site Scripting (XSS) - Generic in GitHub repository microweber/m ...) NOT-FOR-US: microweber CVE-2023-2013 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-2012 RESERVED CVE-2022-48468 (protobuf-c before 1.4.1 has an unsigned integer overflow in parse_requ ...) @@ -6047,7 +6047,7 @@ CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due t NOTE: Fixed by: https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2...@pku.edu.cn/ NOTE: Hardening: https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2...@pku.edu.cn/ CVE-2023-2001 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server redirecti ...) NOT-FOR-US: Mattermost Desktop App CVE-2023-1999 @@ -9396,7 +9396,7 @@ CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in drive CVE-2023-1837 (Missing Authentication for critical function vulnerability in HYPR Ser ...) NOT-FOR-US: HYPR CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affecting a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not p ...) NOT-FOR-US: WordPress plugin CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives, manufactu ...) @@ -9698,7 +9698,7 @@ CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefl CVE-2023-1788 (Insufficient Session Expiration in GitHub repository firefly-iii/firef ...) NOT-FOR-US: firefly-iii CVE-2023-1787 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1786 (Sensitive data could be exposed in logs of cloud-init before version 2 ...) - cloud-init <unfixed> (bug #1035023) [bookworm] - cloud-init <no-dsa> (Minor issue) @@ -10060,7 +10060,7 @@ CVE-2023-1735 (A vulnerability classified as critical was found in SourceCodeste CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1733 (A denial of service condition exists in the Prometheus server bundled ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1732 (When sampling randomness for a shared secret, the implementation of Ky ...) NOT-FOR-US: Cloudflare CIRCL CVE-2023-1731 (In Meinbergs LTOS versions prior to V7.06.013, the configuration file ...) @@ -10133,7 +10133,7 @@ CVE-2023-29023 (A cross site scripting vulnerability was discovered in Rockwell CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1709 (The APDFL.dll contains a memory corruption vulnerability while parsing ...) NOT-FOR-US: Siemens CVE-2023-29021 @@ -10287,7 +10287,7 @@ CVE-2023-28960 (An Incorrect Permission Assignment for Critical Resource vulnera CVE-2023-28959 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions from 1. ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1707 RESERVED CVE-2023-1706 @@ -12465,7 +12465,7 @@ CVE-2023-1419 CVE-2023-1418 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System CVE-2023-1417 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1416 (A vulnerability classified as critical has been found in Simple Art Ga ...) NOT-FOR-US: Simple Art Gallery CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been decla ...) @@ -14102,7 +14102,7 @@ CVE-2023-22434 CVE-2023-1266 RESERVED CVE-2023-1265 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.139 ...) - vim <unfixed> (unimportant) NOTE: https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 @@ -14406,7 +14406,7 @@ CVE-2023-27850 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a fi CVE-2023-1205 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cr ...) NOT-FOR-US: NETGEAR CVE-2023-1204 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of Hub Bu ...) NOT-FOR-US: Devolutions CVE-2023-1202 (Permission bypass when importing or synchronizing entriesin User vault ...) @@ -14998,7 +14998,7 @@ CVE-2023-27606 CVE-2023-27605 RESERVED CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-27604 RESERVED CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn materia ...) @@ -15929,7 +15929,7 @@ CVE-2023-23554 (Uncontrolled search path element vulnerability exists in pg_ivm CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions prior t ...) NOT-FOR-US: pg_ivm CVE-2023-1098 (An information disclosure vulnerability has been discovered in GitLab ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are v ...) NOT-FOR-US: Baicells EG7035-M11 devices CVE-2023-1096 (SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susc ...) @@ -15960,7 +15960,7 @@ CVE-2023-1086 (The Preview Link Generator WordPress plugin before 1.0.4 does not CVE-2023-1085 RESERVED CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1083 RESERVED CVE-2023-1082 @@ -16099,9 +16099,9 @@ CVE-2023-1073 (A memory corruption flaw was found in the Linux kernel\u2019s hum NOTE: https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456 NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/3 CVE-2023-1072 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1071 (An issue has been discovered in GitLab affecting all versions from 15. ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilsteampas ...) - teampass <itp> (bug #730180) CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPre ...) @@ -19041,7 +19041,7 @@ CVE-2023-0922 (The Samba AD DC administration tool, when operating against a rem - samba 2:4.17.7+dfsg-1 NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all versions fro ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-48330 RESERVED CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user ...) @@ -19975,7 +19975,7 @@ CVE-2023-0840 (A vulnerability classified as problematic was found in PHPCrazy 1 CVE-2023-0839 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) NOT-FOR-US: ProMIS Process Co. InSCADA CVE-2023-0838 (An issue has been discovered in GitLab affecting versions starting fro ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0837 RESERVED CVE-2023-25780 (It is identified a vulnerability of insufficient authentication in an ...) @@ -20739,7 +20739,7 @@ CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...) NOT-FOR-US: Delta Electronics CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions before 1 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...) NOT-FOR-US: PTC CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wraparo ...) @@ -23676,7 +23676,7 @@ CVE-2023-0525 CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...) NOT-FOR-US: Tenable CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0522 (The Enable/Disable Auto Login when Register WordPress plugin through 1 ...) NOT-FOR-US: WordPress plugin CVE-2023-0521 @@ -23686,7 +23686,7 @@ CVE-2023-0520 (The RapidExpCart WordPress plugin through 1.0 does not sanitize a CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modob ...) NOT-FOR-US: Modoboa CVE-2023-0518 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2020-36659 (In Apache::Session::Browseable before 1.3.6, validity of the X.509 cer ...) {DLA-3285-1} - libapache-session-browseable-perl 1.3.7-1 @@ -23893,7 +23893,7 @@ CVE-2023-22845 (An out-of-bounds read vulnerability exists in the TGAInput::deco CVE-2023-0509 (Improper Certificate Validation in GitHub repository pyload/pyload pri ...) - pyload <itp> (bug #1001980) CVE-2023-0508 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with access to t ...) - uptimed <not-affected> (Gentoo-specific) CVE-2018-25078 (man-db before 2.8.5 on Gentoo allows local users (with access to the m ...) @@ -24021,11 +24021,11 @@ CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not pro CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...) NOT-FOR-US: VitalPBX CVE-2023-0485 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Block ...) NOT-FOR-US: WordPress plugin CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...) - resteasy <unfixed> (bug #1031728) - resteasy3.0 <unfixed> (bug #1031729) @@ -24405,7 +24405,7 @@ CVE-2023-0452 (All versions of Econolite EOS traffic control software are vulner CVE-2023-0451 (All versions of Econolite EOS traffic control software are vulnerable ...) NOT-FOR-US: Econolite EOS traffic control software CVE-2023-0450 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0449 REJECTED CVE-2023-0448 (The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GE ...) @@ -26572,7 +26572,7 @@ CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3 CVE-2023-0320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: UBYS CVE-2023-0319 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0318 RESERVED CVE-2023-0317 (Unprotected Alternate Channel vulnerability in debug console of GateM ...) @@ -27409,7 +27409,7 @@ CVE-2023-0225 (A flaw was found in Samba. An incomplete access check on dnsHostN CVE-2023-0224 RESERVED CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4886 RESERVED CVE-2022-48255 (There is a system command injection vulnerability in BiSheng-WNM FW 3. ...) @@ -28813,7 +28813,7 @@ CVE-2023-0157 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0155 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does no ...) @@ -29046,7 +29046,7 @@ CVE-2023-22459 CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel NVMe func ...) - linux <not-affected> (Vulnerable code not present in any released Debian version) CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE affecting all ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0120 RESERVED CVE-2023-0119 @@ -30064,7 +30064,7 @@ CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4 (v9.0.1144) NOTE: Crash in CLI tool, no security impact CVE-2023-0050 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.) - vim 2:9.0.1378-1 (unimportant) NOTE: https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9 @@ -30145,7 +30145,7 @@ CVE-2023-22587 CVE-2023-0043 (The Custom Add User WordPress plugin through 2.0.2 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2023-0041 (IBM Security Guardium 11.5 could allow a user to take over another use ...) NOT-FOR-US: IBM CVE-2023-22586 (The Danfoss AK-EM100 web applications allow for Local File Inclusion i ...) @@ -34915,7 +34915,7 @@ CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not val CVE-2022-4463 REJECTED CVE-2022-4462 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4461 RESERVED CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does no ...) @@ -36443,7 +36443,7 @@ CVE-2022-4379 (A use-after-free vulnerability was found in __nfs42_ssc_open() in CVE-2022-4377 (A vulnerability was found in S-CMS 5.0 Build 20220328. It has been dec ...) NOT-FOR-US: S-CMS CVE-2022-4376 (An issue has been discovered in GitLab affecting all versions before 1 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.12-1 @@ -36562,7 +36562,7 @@ CVE-2022-46793 (Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io P CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...) NOT-FOR-US: daloRADIUS CVE-2022-4365 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4364 (A vulnerability classified as critical has been found in Teledyne FLIR ...) NOT-FOR-US: Teledyne CVE-2022-4363 @@ -36656,7 +36656,7 @@ CVE-2022-4346 (The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leak CVE-2022-4343 RESERVED CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4341 (A vulnerability has been found in csliuwy coder-chain_gdut and classif ...) NOT-FOR-US: csliuwy coder-chain_gdut CVE-2022-46768 (Arbitrary file read vulnerability exists in Zabbix Web Service Report ...) @@ -37624,7 +37624,7 @@ CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained a CVE-2022-4290 RESERVED CVE-2022-4289 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4288 RESERVED CVE-2022-4287 (Authentication bypass in local application lock feature in Devolutions ...) @@ -38264,9 +38264,9 @@ CVE-2022-46281 CVE-2022-4207 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress CVE-2022-4206 (A sensitive information leak issue has been discovered in all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4205 (In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4204 RESERVED CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verificati ...) @@ -38368,7 +38368,7 @@ CVE-2022-42885 CVE-2022-42489 RESERVED CVE-2022-4201 (A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2022-4199 (The Link Library WordPress plugin before 7.4.1 does not sanitise and e ...) @@ -39420,7 +39420,7 @@ CVE-2022-43662 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in CVE-2022-41802 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...) NOT-FOR-US: OpenHarmony CVE-2022-4138 (A Cross Site Request Forgery issue has been discovered in GitLab CE/EE ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4137 RESERVED NOT-FOR-US: Keycloak @@ -39598,7 +39598,7 @@ CVE-2022-45802 (Streampark allows any users to upload a jar as application, but CVE-2022-45801 (Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. ...) NOT-FOR-US: Apache StreamPark CVE-2022-4131 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4130 (A blind site-to-site request forgery vulnerability was found in Satell ...) NOT-FOR-US: Red Hat Satellite server CVE-2022-4129 (A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2T ...) @@ -40491,7 +40491,7 @@ CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, i NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267 NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58 CVE-2022-4054 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-45462 (Alarm instance management has command injection when there is a specif ...) NOT-FOR-US: Apache DolphinScheduler CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and related V ...) @@ -40532,7 +40532,7 @@ CVE-2022-4039 CVE-2022-4038 RESERVED CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-45459 (Sensitive information disclosure due to insecure registry permissions. ...) NOT-FOR-US: Acronis CVE-2022-45458 (Sensitive information disclosure and manipulation due to improper cert ...) @@ -40624,7 +40624,7 @@ CVE-2022-4009 (In affected versions of Octopus Deploy it is possible for a user CVE-2022-4008 (In affected versions of Octopus Deploy it is possible to upload a zipb ...) NOT-FOR-US: Octopus Deploy CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all versions fro ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-4006 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WBCE CMS CVE-2022-4005 (The Donation Button WordPress plugin through 4.0.0 does not sanitize a ...) @@ -42005,7 +42005,7 @@ CVE-2022-3903 (An incorrect read request flaw was found in the Infrared Transcei - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 CVE-2022-3902 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3901 (Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute ...) NOT-FOR-US: Visioweb.js CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not properly valid ...) @@ -42677,7 +42677,7 @@ CVE-2022-41610 (Improper authorization in Intel(R) EMA Configuration Tool before CVE-2022-3871 RESERVED CVE-2022-3870 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-44783 RESERVED CVE-2022-44782 @@ -44238,11 +44238,11 @@ CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_tim NOTE: https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e (v252-rc1) NOTE: https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7 (v251.3) CVE-2022-3820 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3819 (An improper authorization issue in GitLab CE/EE affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3818 (An uncontrolled resource consumption issue when parsing URLs in GitLab ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3817 (A vulnerability has been found in Axiomatic Bento4 and classified as p ...) NOT-FOR-US: Bento4 CVE-2022-3816 (A vulnerability, which was classified as problematic, was found in Axi ...) @@ -44498,7 +44498,7 @@ CVE-2022-3795 CVE-2022-3794 (The Jeg Elementor Kit plugin for WordPress is vulnerable to authorizat ...) NOT-FOR-US: Jeg Elementor Kit plugin for WordPress CVE-2022-3793 (An improper authorization issue in GitLab CE/EE affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3792 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: GullsEye CVE-2022-3791 @@ -44791,7 +44791,7 @@ CVE-2022-3769 (The OWM Weather WordPress plugin before 5.6.9 does not properly s CVE-2022-3768 (The WPSmartContracts WordPress plugin before 1.3.12 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2022-3767 (Missing validation in DAST analyzer affecting all versions from 1.11.0 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) NOT-FOR-US: phpmyfaq CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) @@ -44871,9 +44871,9 @@ CVE-2022-44419 (In modem, there is a possible missing verification of NAS Securi CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Mia-Med CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3758 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-44418 RESERVED CVE-2022-44417 @@ -45824,7 +45824,7 @@ CVE-2022-3742 CVE-2022-3741 (Impact varies for each individual vulnerability in the application. Fo ...) NOT-FOR-US: chatwoot CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3739 RESERVED CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to download ...) @@ -47650,7 +47650,7 @@ CVE-2022-43946 (Multiple vulnerabilities including an incorrect permission assig CVE-2022-3727 RESERVED CVE-2022-3726 (Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3725 (Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allow ...) - wireshark 4.0.0-1 [bullseye] - wireshark <not-affected> (Vulnerable code not present) @@ -47735,7 +47735,7 @@ CVE-2022-3707 (A double-free memory flaw was found in the Linux kernel. The Inte NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137979 NOTE: https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz...@163.com/ CVE-2022-3706 (Improper authorization in GitLab CE/EE affecting all versions from 7.1 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-43932 (Improper neutralization of special elements in output used by a downst ...) NOT-FOR-US: Synology CVE-2022-43931 (Out-of-bounds write vulnerability in Remote Desktop Functionality in S ...) @@ -49047,7 +49047,7 @@ CVE-2022-3640 (A vulnerability, which was classified as critical, was found in L [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/0d0e2d032811280b927650ff3c15fe5020e82533 CVE-2022-3639 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3638 REJECTED CVE-2022-3637 (A vulnerability has been found in Linux Kernel and classified as probl ...) @@ -49146,7 +49146,7 @@ CVE-2022-3615 CVE-2022-3614 (In affected versions of Octopus Deploy users of certain browsers using ...) NOT-FOR-US: Octopus Deploy CVE-2022-3613 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3612 RESERVED CVE-2022-3611 @@ -49393,9 +49393,9 @@ CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8 CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate its fo ...) NOT-FOR-US: WordPress plugin CVE-2022-3573 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3572 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3571 RESERVED CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff librar ...) @@ -50638,9 +50638,9 @@ CVE-2022-3515 (A vulnerability was found in the Libksba library due to an intege NOTE: https://dev.gnupg.org/T6230 NOTE: https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b CVE-2022-3514 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3513 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to disconne ...) NOT-FOR-US: Cloudflare CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not ensure that ...) @@ -50757,15 +50757,15 @@ CVE-2022-3488 (Processing of repeated responses to the same query, where both re CVE-2022-3487 REJECTED CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3485 (In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated rem ...) NOT-FOR-US: IFM Moneo Appliance CVE-2022-3484 (The WPB Show Core WordPress plugin does not sanitize and escape a para ...) NOT-FOR-US: WordPress plugin CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3482 (An improper access control issue in GitLab CE/EE affecting all version ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2022-3480 (A remote, unauthenticated attacker could cause a denial-of-service of ...) @@ -50813,7 +50813,7 @@ CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20. CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthe ...) NOT-FOR-US: Array Networks CVE-2022-3478 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...) {DLA-3277-1} - powerline-gitstatus 1.3.2-1 @@ -51967,11 +51967,11 @@ CVE-2022-3415 (The Chat Bubble WordPress plugin before 2.3 does not sanitise and CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...) NOT-FOR-US: SourceCodester Web-Based Student Clearance System CVE-2022-3413 (Incorrect authorization during display of Audit Events in GitLab EE af ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3412 RESERVED CVE-2022-3411 (A lack of length validation in GitLab CE/EE affecting all versions fro ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3410 RESERVED CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...) @@ -53654,7 +53654,7 @@ CVE-2022-41617 (In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1 CVE-2022-36795 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-3381 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3380 (The Customizer Export/Import WordPress plugin before 0.9.5 unserialize ...) NOT-FOR-US: WordPress plugin CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not properl ...) @@ -53666,7 +53666,7 @@ CVE-2022-3377 (Horner Automation's Cscape version 9.90 SP 6 and prior does not p CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) - rdiffweb <itp> (bug #969974) CVE-2022-3375 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the content ...) NOT-FOR-US: WordPress plugin CVE-2022-3373 (Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allo ...) @@ -54430,7 +54430,7 @@ CVE-2022-3332 (A vulnerability classified as critical has been found in SourceCo CVE-2022-3331 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab <not-affected> (Only affects EE) CVE-2022-3330 (It was possible for a guest user to read a todo targeting an inaccessi ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3329 RESERVED CVE-2022-30544 (Cross-Site Request Forgery (CSRF) in MiKa'sOSM \u2013 OpenStreetMap pl ...) @@ -54502,7 +54502,7 @@ CVE-2022-3327 (Missing Authentication for Critical Function in GitHub repository CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) - rdiffweb <itp> (bug #969974) CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) {DLA-3182-1} - vim 2:9.0.0626-1 @@ -55100,7 +55100,7 @@ CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub rep CVE-2022-3289 RESERVED CVE-2022-3288 (A branch/tag name confusion in GitLab CE/EE affecting all versions pri ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish plugin ...) - fwupd 1.8.5-1 [bullseye] - fwupd <no-dsa> (Minor issue) @@ -55109,11 +55109,11 @@ CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish pl CVE-2022-3286 (Lack of IP address checking in GitLab EE affecting all versions from 1 ...) - gitlab <not-affected> (Only affects Gitlab EE) CVE-2022-3285 (Bypass of healthcheck endpoint allow list affecting all versions from ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3284 (Download key for a file in a vault was passed in an insecure way that ...) NOT-FOR-US: M-Files CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 ...) NOT-FOR-US: WordPress plugin CVE-2022-41326 (The web conferencing component of Mitel MiCollab through 9.6.0.13 coul ...) @@ -55145,9 +55145,9 @@ CVE-2022-41316 (HashiCorp Vault and Vault Enterprise\u2019s TLS certificate auth CVE-2022-3281 (WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller ...) NOT-FOR-US: WAGO CVE-2022-3280 (An open redirect in GitLab CE/EE affecting all versions from 10.1 prio ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3279 (An unhandled exception in job log parsing in GitLab CE/EE affecting al ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.055 ...) - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612/ @@ -55234,7 +55234,7 @@ CVE-2022-40691 (An information disclosure vulnerability exists in the web applic CVE-2022-40214 RESERVED CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3264 RESERVED CVE-2022-41310 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) @@ -60820,9 +60820,9 @@ CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=a583b6add407c17cdcd4146be3876061a5e1d555 (glibc-2.36) NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1 CVE-2022-3067 (An issue has been discovered in the Import functionality of GitLab CE/ ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3066 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...) NOT-FOR-US: jgraph/drawio CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive amount ...) @@ -60895,7 +60895,7 @@ CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticate CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injec ...) NOT-FOR-US: PowerCMS CVE-2022-3060 (Improper control of a resource identifier in Error Tracking in GitLab ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3059 (The application was vulnerable to multiple instances of SQL injection ...) NOT-FOR-US: Schoolbox CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...) @@ -61506,10 +61506,10 @@ CVE-2022-3032 (When receiving an HTML email that contained an <code>iframe</code NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3032 CVE-2022-3031 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-3030 (An improper access control issue in GitLab CE/EE affecting all version ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...) - routinator <itp> (bug #929024) CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...) @@ -61569,7 +61569,7 @@ CVE-2022-38789 (An issue was discovered in Airties Smart Wi-Fi before 2020-08-04 CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00 ...) NOT-FOR-US: Nokia CVE-2022-3018 (An information disclosure vulnerability in GitLab CE/EE affecting all ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) - froxlor <itp> (bug #581792) CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0286.) @@ -61751,7 +61751,7 @@ CVE-2022-2993 (There is an error in the condition of the last if-statement in th NOT-FOR-US: zephyr-rtos CVE-2022-2992 (A vulnerability in GitLab CE/EE affecting all versions from 11.10 prio ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's LightNVM ...) - linux 5.15.3-1 (unimportant) @@ -62143,7 +62143,7 @@ CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustl NOT-FOR-US: Mobiledoc Kit CVE-2022-2931 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...) - octoprint <itp> (bug #718591) @@ -62634,11 +62634,11 @@ CVE-2022-37333 (SQL injection vulnerability in the Exment ((PHP8) exceedone/exme NOT-FOR-US: Exment CVE-2022-2908 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2907 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2906 (An attacker can leverage this flaw to gradually erode available memory ...) - bind9 1:9.18.7-1 @@ -62654,7 +62654,7 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1 CVE-2022-2904 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...) NOT-FOR-US: WordPress plugin CVE-2022-2902 @@ -62874,12 +62874,12 @@ CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a diagnostic CVE-2022-38393 (A denial of service vulnerability exists in the cfg_server cm_processC ...) NOT-FOR-US: Asus CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/ CVE-2022-2883 (In affected versions of Octopus Deploy it is possible to upload a zipb ...) NOT-FOR-US: Octopus Deploy CVE-2022-2882 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2881 (The underlying bug might cause read past end of the buffer and either ...) - bind9 1:9.18.7-1 [bullseye] - bind9 <ignored> (Flawed code present in 9.16 but masked by the way the httpd objects are reset between messages) @@ -62983,7 +62983,7 @@ CVE-2022-2866 (FATEK FvDesigner version 1.5.103 and prior is vulnerable to an ou NOT-FOR-US: FATEK FvDesigner CVE-2022-2865 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2864 (The demon image annotation plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: demon image annotation plugin for WordPress @@ -63151,7 +63151,7 @@ CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal i CVE-2022-2827 (AMI MegaRAC User Enumeration Vulnerability) NOT-FOR-US: MegaRAC CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...) - airflow <itp> (bug #819700) CVE-2022-38361 @@ -63712,7 +63712,7 @@ CVE-2022-2763 (The WP Socializer WordPress plugin before 7.3 does not sanitise a CVE-2022-2762 (The AdminPad WordPress plugin before 2.2 does not have CSRF check when ...) NOT-FOR-US: WordPress plugin CVE-2022-2761 (An information disclosure issue in GitLab CE/EE affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal the Sp ...) NOT-FOR-US: Octopus Deploy CVE-2022-38169 @@ -65822,7 +65822,7 @@ CVE-2022-2631 (Improper Access Control in GitHub repository tooljet/tooljet prio NOT-FOR-US: ToolJet CVE-2022-2630 (An improper access control issue in GitLab CE/EE affecting all version ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2629 (The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin @@ -66583,7 +66583,7 @@ CVE-2022-37041 (An issue was discovered in ProxyServlet.java in the /proxy servl NOT-FOR-US: Zimbra CVE-2022-2592 (A lack of length validation in Snippet descriptions in GitLab CE/EE af ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2591 (A vulnerability classified as critical has been found in TEM FLEX-1085 ...) NOT-FOR-US: TEM @@ -67382,7 +67382,7 @@ CVE-2022-2541 (The uContext for Amazon plugin for WordPress is vulnerable to Cro CVE-2022-2540 (The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Si ...) NOT-FOR-US: Link Optimizer Lite plugin for WordPress CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2538 (The WP Hide & Security Enhancer WordPress plugin before 1.8 does not e ...) NOT-FOR-US: WordPress plugin CVE-2022-XXXX [spip: XSS alowing priviledge escalation] @@ -68064,10 +68064,10 @@ CVE-2022-2536 (The Transposh WordPress Translation plugin for WordPress is vulne CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not e ...) NOT-FOR-US: WordPress plugin CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2533 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2532 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...) NOT-FOR-US: WordPress plugin @@ -68101,7 +68101,7 @@ CVE-2022-36430 RESERVED CVE-2022-2527 (An issue in Incident Timelines has been discovered in GitLab CE/EE aff ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buf ...) {DSA-5228-1} @@ -68310,7 +68310,7 @@ CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnera CVE-2022-2513 (A vulnerability exists in the Intelligent Electronic Device (IED) Conn ...) NOT-FOR-US: Hitachi CVE-2022-2512 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" ...) NOT-FOR-US: BlueSpice CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" ...) @@ -68417,13 +68417,13 @@ CVE-2022-29493 (Uncaught exception in webserver for the Integrated BMC in some I CVE-2022-2501 (An improper access control issue in GitLab EE affecting all versions f ...) - gitlab <not-affected> (Specific to EE) CVE-2022-2500 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2499 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab <not-affected> (Specific to EE) CVE-2022-2498 (An issue in pipeline subscriptions in GitLab EE affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2497 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2496 RESERVED CVE-2020-36558 (A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX ...) @@ -68697,7 +68697,7 @@ CVE-2022-2458 (XML external entity injection(XXE) is a vulnerability that allows CVE-2022-2457 (A flaw was found in Red Hat Process Automation Manager 7 where an atta ...) NOT-FOR-US: Red Hat Process Automation Manager CVE-2022-2456 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-36275 RESERVED CVE-2022-36274 @@ -69039,7 +69039,7 @@ CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11 NOT-FOR-US: HashiCorp Vault CVE-2022-2455 (A business logic issue in the handling of large repositories in all ve ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-36128 RESERVED @@ -69703,7 +69703,7 @@ CVE-2022-2429 (The Ultimate SMS Notifications for WooCommerce plugin for WordPre NOT-FOR-US: Ultimate SMS Notifications for WooCommerce plugin for WordPress CVE-2022-2428 (A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting ...) [experimental] - gitlab 15.2.3+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2427 RESERVED @@ -69726,7 +69726,7 @@ CVE-2022-2419 (A vulnerability was found in URVE Web Manager. It has been declar CVE-2022-2418 (A vulnerability was found in URVE Web Manager. It has been classified ...) NOT-FOR-US: URVE Web Manager CVE-2022-2417 (Insufficient validation in GitLab CE/EE affecting all versions from 12 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2416 RESERVED CVE-2022-2415 (Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 ...) @@ -71375,7 +71375,7 @@ CVE-2022-2327 (io_uring use work_flags to determine which identity need to grab [bullseye] - linux 5.10.127-1 [buster] - linux <not-affected> (Vulnerable code introduced later) CVE-2022-2326 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-35234 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...) NOT-FOR-US: Trend Micro CVE-2022-35233 @@ -72281,7 +72281,7 @@ CVE-2022-34918 (An issue was discovered in the Linux kernel through 5.18.9. A ty NOTE: https://www.openwall.com/lists/oss-security/2022/07/02/3 NOTE: https://www.randorisec.fr/crack-linux-firewall/ CVE-2022-2307 (A lack of cascading deletes in GitLab CE/EE affecting all versions sta ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-34917 (A security vulnerability has been identified in Apache Kafka. It affec ...) - kafka <itp> (bug #786460) CVE-2022-34916 (Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote ...) @@ -72297,7 +72297,7 @@ CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/ NOTE: https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 (v9.0.0035) CVE-2022-2303 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2302 (Multiple Lenze products of the cabinet series skip the password verifi ...) NOT-FOR-US: Lenze CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.) @@ -72606,7 +72606,7 @@ CVE-2022-2272 (This vulnerability allows remote attackers to bypass authenticati CVE-2022-2271 (The WP Database Backup WordPress plugin before 5.9 does not escape som ...) NOT-FOR-US: WordPress plugin CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...) @@ -72799,9 +72799,9 @@ CVE-2022-2253 (A user with administrative privileges in Distributed Data Systems CVE-2022-2252 (Open Redirect in GitHub repository microweber/microweber prior to 1.2. ...) NOT-FOR-US: microweber CVE-2022-2251 (Improper sanitization of branch names in GitLab Runner affecting all v ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2250 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-46826 RESERVED CVE-2021-46825 (Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to ...) @@ -72884,9 +72884,9 @@ CVE-2022-34735 (The frame scheduling module has a null pointer dereference vulne CVE-2022-2245 (The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check wh ...) NOT-FOR-US: WordPress plugin CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE affecting all ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2242 (The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to i ...) NOT-FOR-US: Kuka CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does ...) @@ -72945,13 +72945,13 @@ CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8. NOTE: https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8 (v8.2.5169) NOTE: Crash in CLI tool, no security impact CVE-2022-2230 (A Stored Cross-Site Scripting vulnerability in the project settings pa ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2229 (An improper authorization issue in GitLab CE/EE affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2228 (Information exposure in GitLab EE affecting all versions from 12.0 pri ...) - gitlab <not-affected> (Specific to EE) CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE affecti ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2226 (An OpenPGP digital signature includes information about the date when ...) {DSA-5175-1} - thunderbird 1:91.11.0-1 @@ -74204,7 +74204,7 @@ CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=a CVE-2022-32284 (Use of insufficiently random values vulnerability exists in Vnet/IP co ...) NOT-FOR-US: YOKOGAWA CVE-2022-2185 (A critical issue has been discovered in GitLab affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2184 (The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a ...) NOT-FOR-US: WordPress plugin CVE-2022-2183 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) @@ -75851,7 +75851,7 @@ CVE-2022-2097 (AES OCB mode for 32-bit x86 platforms using the AES-NI assembly o CVE-2022-2096 RESERVED CVE-2022-2095 (An improper access control check in GitLab CE/EE affecting all version ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-2094 (The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escap ...) NOT-FOR-US: WordPress plugin CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not sanitize an ...) @@ -78942,7 +78942,7 @@ CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.) NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0 NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063) CVE-2022-1999 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1998 (A use after free in the Linux kernel File System notify functionality ...) - linux 5.16.7-1 [bullseye] - linux 5.10.103-1 @@ -79895,7 +79895,7 @@ CVE-2022-32160 CVE-2022-32159 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...) NOT-FOR-US: openlibrary CVE-2022-1963 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-4233 RESERVED CVE-2022-32158 (Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2. ...) @@ -79988,7 +79988,7 @@ CVE-2022-1956 (The Shortcut Macros WordPress plugin through 1.3 does not have au CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the victim's ...) NOT-FOR-US: oxen-io/session-android CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE/EE a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...) NOT-FOR-US: WordPress plugin CVE-2022-1952 (The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPres ...) @@ -80747,7 +80747,7 @@ CVE-2022-1945 (The Coming Soon & Maintenance Mode by Colorlib WordPress plugin b NOT-FOR-US: WordPress plugin CVE-2022-1944 (When the feature is configured, improper authorization in the Interact ...) [experimental] - gitlab 14.9.5+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file system ...) - linux 5.17.11-1 @@ -80814,11 +80814,11 @@ CVE-2022-31797 RESERVED CVE-2022-1936 (Incorrect authorization in GitLab EE affecting all versions from 12.0 ...) [experimental] - gitlab 14.9.5+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1935 (Incorrect authorization in GitLab EE affecting all versions from 12.0 ...) [experimental] - gitlab 14.9.5+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1934 (Use After Free in GitHub repository mruby/mruby prior to 3.2.) - mruby <not-affected> (Vulnerable code introduced after 3.0) @@ -82506,7 +82506,7 @@ CVE-2022-1822 (The Zephyr Project Manager plugin for WordPress is vulnerable to NOT-FOR-US: Zephyr Project Manager plugin for WordPress CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) [experimental] - gitlab 14.9.5+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1820 (The Keep Backup Daily plugin for WordPress is vulnerable to Reflected ...) NOT-FOR-US: Keep Backup Daily plugin for WordPress @@ -84664,7 +84664,7 @@ CVE-2022-30557 (Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confus NOT-FOR-US: Foxit PDF Reader and PDF Editor CVE-2022-1680 (An account takeover issue has been discovered in GitLab EE affecting a ...) [experimental] - gitlab 14.9.5+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel\u2019s Atheros wir ...) {DLA-3173-1 DLA-3131-1} @@ -86417,7 +86417,7 @@ CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_r [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/32452a3eb8b64e01e2be717f518c0be046975b9d (5.18-rc5) CVE-2022-1545 (It was possible to disclose details of confidential notes created via ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow i ...) {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) @@ -86773,7 +86773,7 @@ CVE-2022-1512 (The ScrollReveal.js Effects WordPress plugin through 1.2 does not CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it prior to 5 ...) - snipe-it <itp> (bug #1005172) CVE-2022-1510 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...) NOT-FOR-US: Hestia Control Panel CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a ...) @@ -87154,7 +87154,7 @@ CVE-2022-1462 (An out-of-bounds read flaw was found in the Linux kernel\u2019s T CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub reposito ...) NOT-FOR-US: OpenEMR CVE-2022-1460 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1459 (Non-Privilege User Can View Patient\u2019s Disclosures in GitHub repos ...) NOT-FOR-US: OpenEMR CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository openemr/ope ...) @@ -87676,11 +87676,11 @@ CVE-2022-1434 (The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorre NOTE: https://www.openssl.org/news/secadv/20220503.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b (openssl-3.0.3) CVE-2022-1433 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/oc ...) - octoprint <itp> (bug #718591) CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octopr ...) - octoprint <itp> (bug #718591) CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...) @@ -87742,13 +87742,13 @@ CVE-2022-29561 CVE-2022-29560 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: RUGGEDCOM CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...) NOT-FOR-US: WordPress plugin CVE-2022-1424 (The Ask me WordPress theme before 6.8.2 does not perform CSRF checks f ...) NOT-FOR-US: WordPress theme CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab CE/EE a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF tokens in ...) NOT-FOR-US: WordPress theme CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX ac ...) @@ -87863,16 +87863,16 @@ CVE-2022-29526 (Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privile NOTE: Branch.go1.18 : https://github.com/golang/go/commit/c0599c5b781de023974519194df6b0c4ebb0adff (1.18.2) NOTE: Introduced by: https://github.com/golang/go/commit/60f78765022a59725121d3b800268adffe78bde3 (go1.15rc1) CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions startin ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab CE/E ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1415 RESERVED NOT-FOR-US: drools CVE-2022-1414 (3scale API Management 2 does not perform adequate sanitation for user ...) NOT-FOR-US: 3scale API Management CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email in a pub ...) NOT-FOR-US: WordPress plugin CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...) @@ -87908,7 +87908,7 @@ CVE-2022-26424 CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software maintain ...) NOT-FOR-US: Intel CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all versions from ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-29504 REJECTED CVE-2022-29503 (A memory corruption vulnerability exists in the libpthread linuxthread ...) @@ -88587,7 +88587,7 @@ CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/k - linux 5.17.3-1 NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17) CVE-2022-1352 (Due to an insecure direct object reference vulnerability in Gitlab EE/ ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10 ...) NOT-FOR-US: pimcore CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitra ...) @@ -91396,7 +91396,7 @@ CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in d CVE-2022-1194 (The Mobile Events Manager WordPress plugin before 1.4.8 does not prope ...) NOT-FOR-US: WordPress plugin CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2021-46779 (Insufficient input validation in SVC_ECC_PRIMITIVE system call in a co ...) @@ -91588,11 +91588,11 @@ CVE-2022-28224 (Clusters using Calico (version 3.22.1 and below), Calico Enterpr CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...) NOT-FOR-US: livehelperchat CVE-2022-1190 (Improper handling of user input in GitLab CE/EE versions 8.3 prior to ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1189 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1187 (The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-1186 (The WordPress plugin Be POPIA Compliant exposed sensitive information ...) @@ -91606,7 +91606,7 @@ CVE-2022-28221 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerab CVE-2022-28220 (Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffe ...) NOT-FOR-US: Apache James CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1184 (A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() i ...) {DSA-5257-1 DLA-3173-1} - linux 5.19.6-1 @@ -91634,9 +91634,9 @@ CVE-2022-1177 (Accounting User Can Download Patient Reports in openemr in GitHub CVE-2022-1176 (Loose comparison causes IDOR on multiple endpoints in GitHub repositor ...) NOT-FOR-US: livehelperchat CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 14.4 be ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33.) NOT-FOR-US: Grav CMS CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...) @@ -91869,7 +91869,7 @@ CVE-2022-28171 (The web module in some Hikvision Hybrid SAN/Cluster Storage prod CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minew ...) NOT-FOR-US: minewebcms CVE-2022-1162 (A hardcoded password was set for accounts registered using an OmniAuth ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1161 (An attacker with the ability to modify a user program may change user ...) NOT-FOR-US: Rockwell Automation CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository vim/vi ...) @@ -91907,7 +91907,7 @@ CVE-2022-1158 (A flaw was found in KVM. When updating a guest's page table entry NOTE: https://git.kernel.org/linus/2a8859f373b0a86f0ece8ec8312607eacf12485d (5.18-rc1) NOTE: https://www.openwall.com/lists/oss-security/2022/04/08/4 CVE-2022-1157 (Missing sanitization of logged exception messages in all versions prio ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1156 (The Books & Papers WordPress plugin through 0.20210223 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2022-1155 (Old sessions are not blocked by the login enable function. in GitHub r ...) @@ -92002,7 +92002,7 @@ CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header parsi - trafficserver 9.1.3+ds-1 NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE affe ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1147 RESERVED CVE-2022-1146 (Inappropriate implementation in Resource Timing in Google Chrome prior ...) @@ -92110,7 +92110,7 @@ CVE-2022-1125 (Use after free in Portals in Google Chrome prior to 100.0.4896.60 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1124 (An improper authorization issue has been discovered in GitLab CE/EE af ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1123 (The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPr ...) NOT-FOR-US: WordPress plugin CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., ...) @@ -92131,9 +92131,9 @@ CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4. NOTE: https://github.com/uclouvain/openjpeg/issues/1368 NOTE: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d CVE-2022-1121 (A lack of appropriate timeouts in GitLab Pages included in GitLab CE/E ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting all ve ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to Arbitrary File ...) NOT-FOR-US: WordPress plugin CVE-2022-1118 (Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbenc ...) @@ -92163,7 +92163,7 @@ CVE-2022-1113 (The Flower Delivery by Florist One WordPress plugin through 3.7 d CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2020-36520 RESERVED CVE-2022-28125 @@ -92625,7 +92625,7 @@ CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby pr NOTE: https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c NOTE: Vulnerable code introduced in https://github.com/mruby/mruby/commit/b137eb2678cfba8d6ffcddff5326ebe8eb7f6a24 (3.1.0-rc) CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE affecting all ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1104 (The Popup Maker WordPress plugin before 1.16.5 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1103 (The Advanced Uploader WordPress plugin through 4.2 allows any authenti ...) @@ -92719,9 +92719,9 @@ CVE-2022-1102 (A vulnerability classified as problematic has been found in Sourc CVE-2022-1101 (A vulnerability was found in SourceCodester Royale Event Management Sy ...) NOT-FOR-US: SourceCodester CVE-2022-1100 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1099 (Adding a very large number of tags to a runner in GitLab CE/EE affecti ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-1098 (Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vu ...) NOT-FOR-US: Delta Electronics DIAEnergie CVE-2021-46742 (The multi-window module has a vulnerability of unauthorized insertion ...) @@ -98618,7 +98618,7 @@ CVE-2022-0752 (Cross-site Scripting (XSS) - Generic in GitHub repository hestiac NOT-FOR-US: Hestia Control Panel CVE-2022-0751 (Inaccurate display of Snippet files containing special characters in a ...) [experimental] - gitlab 14.6.5+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0750 (The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross ...) NOT-FOR-US: WordPress plugin @@ -98712,10 +98712,10 @@ CVE-2022-0742 (Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows NOTE: https://www.openwall.com/lists/oss-security/2022/03/15/3 CVE-2022-0741 (Improper input validation in all versions of GitLab CE/EE using sendma ...) [experimental] - gitlab 14.6.5+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0740 (Incorrect authorization in the Asana integration's branch restriction ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to properly sani ...) NOT-FOR-US: WordPress plugin CVE-2022-0738 (An issue has been discovered in GitLab affecting all versions starting ...) @@ -98727,7 +98727,7 @@ CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior NOT-FOR-US: mlflow CVE-2022-0735 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) [experimental] - gitlab 14.6.5+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2021-4223 RESERVED @@ -102129,7 +102129,7 @@ CVE-2022-0550 (Improper Input Validation vulnerability in custom report logo upl NOT-FOR-US: Nozomi Networks CVE-2022-0549 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) [experimental] - gitlab 14.6.5+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0548 RESERVED @@ -103038,10 +103038,10 @@ CVE-2022-0490 RESERVED CVE-2022-0489 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) [experimental] - gitlab 14.6.5+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0488 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/23520 CVE-2022-24399 (The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST s ...) NOT-FOR-US: SAP @@ -103273,7 +103273,7 @@ CVE-2022-0479 (The Popup Builder WordPress plugin before 4.1.1 does not sanitise CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...) - radare2 <unfixed> (bug #1014478) NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d @@ -103614,7 +103614,7 @@ CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin CVE-2022-0428 (The Content Egg WordPress plugin before 5.3.0 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in all ve ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...) NOT-FOR-US: WordPress plugin CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway integration in ...) @@ -104323,7 +104323,7 @@ CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse NOTE: Fixed by: https://github.com/python/cpython/commit/f4dac7ec55477a6c5d965e594e74bd6bda786903 (v3.7.11) NOTE: Fixed by: https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667 (v3.6.14) CVE-2022-0390 (Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin before ...) @@ -104687,7 +104687,7 @@ CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0373 (Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior ...) NOT-FOR-US: Crater CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...) @@ -104761,7 +104761,7 @@ CVE-2022-23949 (In Keylime before 6.3.0, unsanitized UUIDs can be passed by a ro CVE-2022-23948 (A flaw was found in Keylime before 6.3.0. The logic in the Keylime age ...) NOT-FOR-US: Keylime CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/350476 CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat @@ -105054,7 +105054,7 @@ CVE-2022-0346 (The XML Sitemap Generator for Google WordPress plugin before 2.0. CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...) NOT-FOR-US: WordPress plugin CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/37015 CVE-2022-0343 (A local attacker, as a different local user, may be able to send a HTT ...) NOT-FOR-US: Android @@ -106742,7 +106742,7 @@ CVE-2022-0284 (A heap-based-buffer-over-read flaw was found in ImageMagick's Get NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729 NOTE: https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7 CVE-2022-0283 (An issue has been discovered affecting GitLab versions prior to 13.5. ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/349422 CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11.) NOT-FOR-US: microweber @@ -107356,7 +107356,7 @@ CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/ CVE-2022-0250 (The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version 12. Git ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...) @@ -107386,7 +107386,7 @@ CVE-2022-0264 (A vulnerability was found in the Linux kernel's eBPF verifier whe CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...) NOT-FOR-US: livehelperchat CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) NOT-FOR-US: Orchard CMS CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) @@ -108786,7 +108786,7 @@ CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read) NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5 NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0171 (A flaw was found in the Linux kernel. The existing KVM SEV API has a v ...) {DSA-5257-1 DLA-3173-1} - linux 5.18.2-1 @@ -108804,7 +108804,7 @@ CVE-2022-0168 (A denial of service (DOS) issue was found in the Linux kernel\u20 [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037386 CVE-2022-0167 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to 5.7. ...) NOT-FOR-US: McAfee CVE-2022-0165 (The Page Builder KingComposer WordPress plugin through 2.9.6 does not ...) @@ -109535,13 +109535,13 @@ CVE-2022-22734 (The Simple Quotation WordPress plugin through 1.3.2 does not hav CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache ShardingSphere ElasticJob-UI CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0153 (SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.) NOT-FOR-US: forkcms CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0150 (The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...) @@ -109680,7 +109680,7 @@ CVE-2022-0137 (A heap buffer overflow in image_set_mask function of HTMLDOC befo NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b (v1.9.15) NOTE: Crash in CLI tool, no security impact CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0135 (An out-of-bounds write issue was found in the VirGL virtual OpenGL ren ...) {DLA-3232-1} - virglrenderer 0.10.0-1 (bug #1009073) @@ -109805,11 +109805,11 @@ CVE-2022-0127 CVE-2022-0126 RESERVED CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0123 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher allows w ...) NOT-FOR-US: Rancher CVE-2022-22677 (A logic issue in the handling of concurrent media was addressed with i ...) @@ -110288,13 +110288,13 @@ CVE-2022-0095 CVE-2022-0094 REJECTED CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0092 RESERVED CVE-2022-0091 RESERVED CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2022-0089 RESERVED CVE-2022-0088 (Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls p ...) @@ -111515,7 +111515,7 @@ CVE-2021-4192 (vim is vulnerable to Use After Free) NOTE: Crash in CLI tool, no security impact CVE-2021-4191 (An issue has been discovered in GitLab CE/EE affecting versions 13.0 t ...) [experimental] - gitlab 14.6.5+ds1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...) NOT-FOR-US: Netgear @@ -132692,41 +132692,41 @@ CVE-2021-39948 CVE-2021-39947 (In specific circumstances, trace file buffers in GitLab Runner version ...) - gitlab-ci-multi-runner 14.10.1-1 (bug #1016138) CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...) - gitlab-ci-multi-runner <not-affected> (Vulnerable code introduced later) NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630 NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/ CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39936 (Improper access control in GitLab CE/EE affecting all versions startin ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39935 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39934 (Improper access control allows any project member to retrieve the serv ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39933 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39932 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 14.3.6, b ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...) {DSA-5019-1 DLA-2849-1} - wireshark 3.6.0-1 @@ -132740,7 +132740,7 @@ CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...) {DSA-5019-1} - wireshark 3.6.0-1 @@ -132786,75 +132786,75 @@ CVE-2021-39920 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4. NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html CVE-2021-39919 (In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39918 (Incorrect Authorization in GitLab EE affecting all versions starting f ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39917 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39916 (Lack of an access control check in the External Status Check feature a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39915 (Improper access control in the GraphQL API in GitLab CE/EE affecting a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39914 (A regular expression denial of service issue in GitLab versions 8.13 t ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39913 (Accidental logging of system root password in the migration log in all ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39911 (An improper access control flaw in all versions of GitLab CE/EE starti ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...) - gitlab <not-affected> (Specific to EE) CVE-2021-39908 (In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE API since ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in all ver ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a privileged user, ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user wi ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin of a gro ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project export l ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above allowed ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker can set ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...) [experimental] - gitlab 14.6.4+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440 CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...) - gitlab <not-affected> (Specific to Enterprise Edition) CVE-2021-39888 (In all versions of GitLab EE starting from 13.10 before 14.1.7, all ve ...) - gitlab <not-affected> (Specific to Enterprise Edition) CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavored Mar ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39885 (A Stored XSS in merge request creation page in all versions of Gitlab ...) - gitlab <not-affected> (Specific to Enterprise Edition) CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...) @@ -132862,43 +132862,43 @@ CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint dis CVE-2021-39883 (Improper authorization checks in all versions of GitLab EE starting fr ...) - gitlab <not-affected> (Specific to Enterprise Edition) CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 - ruby-apollo-upload-server 2.1.0-1 [bullseye] - ruby-apollo-upload-server <no-dsa> (Minor issue) NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/330561 NOTE: https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486 CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39876 (In all versions of GitLab CE/EE since version 11.3, the endpoint for a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an improper access ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an instance that ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project exports may ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vu ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39866 (A business logic error in the project deletion process in GitLab 13.6 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...) @@ -177227,27 +177227,27 @@ CVE-2021-22266 CVE-2021-22265 RESERVED CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22262 (Missing access control in all GitLab versions starting from 13.12 befo ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22260 (A stored Cross-Site Scripting vulnerability in the DataDog integration ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...) - gitlab <not-affected> (Specific to EE) CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater could be u ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22257 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22256 (Improper authorization in GitLab CE/EE affecting all versions since 12 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22255 (SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated ...) NOT-FOR-US: Baserow CVE-2021-22254 (Under very specific conditions a user could be impersonated using Gitl ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22253 (Improper authorization in GitLab EE affecting all versions since 13.4 ...) - gitlab <not-affected> (Specific to EE) CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecting all ...) @@ -177255,37 +177255,37 @@ CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecti CVE-2021-22251 (Improper validation of invited users' email address in GitLab EE affec ...) - gitlab <not-affected> (Specific to EE) CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions since 12.2 ...) - gitlab <not-affected> (Specific to EE) CVE-2021-22248 (Improper authorization on the pipelines page in GitLab CE/EE affecting ...) - gitlab <not-affected> (Vulnerable code intrododuced later) CVE-2021-22247 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22246 (A vulnerability was discovered in GitLab versions before 14.0.2, 13.12 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22245 (Improper validation of commit author in GitLab CE/EE affecting all ver ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22244 (Improper authorization in the vulnerability report feature in GitLab E ...) - gitlab <not-affected> (Specific to EE) CVE-2021-22243 (Under specialized conditions, GitLab CE/EE versions starting 7.10 may ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22242 (Insufficient input sanitization in Mermaid markdown in GitLab CE/EE ve ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...) - gitlab <not-affected> (Specific to EE) CVE-2021-22239 (An unauthorized user was able to insert metadata when creating new iss ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/ CVE-2021-22238 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22237 (Under specialized conditions, GitLab may allow a user with an imperson ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/ CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions genera ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/ CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...) {DSA-5019-1 DLA-2849-1} @@ -177296,29 +177296,29 @@ CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462 NOTE: Regression fix: https://gitlab.com/wireshark/wireshark/-/merge_requests/3616 CVE-2021-22234 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...) - gitlab <not-affected> (Specific to EE) CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22231 (A denial of service in user's profile page is found starting with GitL ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22230 (Improper code rendering while rendering merge requests could be exploi ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions before 1 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before versions ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22226 (Under certain conditions, some users were able to push to protected br ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version 13.11 an ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API in GitLa ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab CE/EE s ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...) {DSA-5019-1} [experimental] - wireshark 3.4.6-1~exp1 @@ -177329,36 +177329,36 @@ CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html NOTE: Caused by https://gitlab.com/wireshark/wireshark/-/commit/4bf4ee88f0544727e7f89f3f288c6afd2f650a4c CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22219 (All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all ver ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22218 (All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all ve ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22216 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions 13.11 an ...) - gitlab <not-affected> (Specific to EE) CVE-2021-22214 (When requests to the internal network for webhooks are enabled, a serv ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...) - ntpsec 1.2.0+dfsg1-4 (bug #989847) [buster] - ntpsec <not-affected> (Only affects 1.2.0) NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699 NOTE: https://gitlab.com/NTPsec/ntpsec/-/commit/b09be47d650280cc7ebdcd45dfa07eca4b9a52f8 CVE-2021-22211 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22210 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...) {DSA-5019-1 DLA-2849-1} [experimental] - wireshark 3.4.6-1~exp1 @@ -177368,9 +177368,9 @@ CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3. NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html CVE-2021-22206 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22205 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in ExifTo ...) {DSA-4910-1 DLA-2663-1} - libimage-exiftool-perl 12.16+dfsg-2 (bug #987505) @@ -177378,29 +177378,29 @@ CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in NOTE: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 NOTE: https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html CVE-2021-22203 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22202 (An issue has been discovered in GitLab CE/EE affecting all previous ve ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22201 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22199 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22198 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22197 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...) NOT-FOR-US: gitlab-vscode-extension CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being stored i ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 ...) {DLA-2967-1} - wireshark 3.4.4-1 @@ -177408,44 +177408,44 @@ CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232 CVE-2021-22190 (A path traversal vulnerability via the GitLab Workhorse in all version ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by ...) [experimental] - gitlab 13.6.7-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.6.7-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...) - gitlab 13.2.3-2 CVE-2021-22186 (An authorization issue in GitLab CE/EE version 9.4 and up allowed a gr ...) [experimental] - gitlab 13.7.8+ds1-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8 and up ...) - gitlab <not-affected> (Only affects 13.8) NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.6.6-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.7.7-1 - gitlab <not-affected> (Affected version never uploaded to unstable) CVE-2021-22181 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE version 1 ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...) - wireshark 3.4.3-1 (bug #981791) [buster] - wireshark <not-affected> (Affected code not present) @@ -177460,22 +177460,22 @@ CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 all NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124 CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in a privat ...) [experimental] - gitlab 13.6.6-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...) [experimental] - gitlab 13.6.6-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows ...) - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...) - gitlab <not-affected> (Specific to EE) NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...) [experimental] - gitlab 13.6.6-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.6.6-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 CVE-2021-22166 (An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...) - gitlab <not-affected> (Only affects Gitlab 13.7.x) NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/ @@ -199075,7 +199075,7 @@ CVE-2020-26415 (Information about the starred projects for private user profiles - gitlab 13.4.7-1 CVE-2020-26414 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.5.6-1 - - gitlab <unfixed> + - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/ CVE-2020-26413 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 13.4.7-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bce75cd6c709cb70cc014e603d4075c205d6e32 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bce75cd6c709cb70cc014e603d4075c205d6e32 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits