Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1bce75cd by Moritz Muehlenhoff at 2023-06-12T10:58:05+02:00
334 gitlab CVEs fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -258,7 +258,7 @@ CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0
has a System account w
CVE-2023-2530 (A privilege escalation allowing remote code execution was
discovered i ...)
- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-4380 (The Pinterest Automatic plugin for WordPress is vulnerable to
authoriz ...)
NOT-FOR-US: Pinterest Automatic plugin for WordPress
CVE-2021-4379 (The WooCommerce Multi Currency plugin for WordPress is
vulnerable to a ...)
@@ -660,7 +660,7 @@ CVE-2013-10029 (A vulnerability classified as problematic
was found in Exit Box
CVE-2023-2589 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate
in fs/ ...)
- linux 5.19.6-1
NOTE:
https://git.kernel.org/linus/85f02d6c856b9f3a0acf5219de6e32f58b9778eb (6.0-rc2)
@@ -3214,7 +3214,7 @@ CVE-2023-31404 (Under certain conditions,SAP
BusinessObjects Business Intelligen
CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer
prior to 1 ...)
NOT-FOR-US: answerdev/answer
CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to
3.11.3.)
NOT-FOR-US: jsreport
CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS
which can ...)
@@ -4650,9 +4650,9 @@ CVE-2023-2201 (The Web Directory Free for WordPress is
vulnerable to SQL Injecti
CVE-2023-2200
RESERVED
CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-30912
RESERVED
CVE-2023-30911
@@ -4791,7 +4791,7 @@ CVE-2023-2183 (Grafana is an open-source platform for
monitoring and observabili
CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin
through ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin
through ...)
@@ -5096,7 +5096,7 @@ CVE-2023-2133 (Out of bounds memory access in Service
Worker API in Google Chrom
- chromium 112.0.5615.138-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2132 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable
to OS co ...)
NOT-FOR-US: INEA ME RTU firmware
CVE-2023-2130 (A vulnerability classified as critical has been found in
SourceCodeste ...)
@@ -5732,7 +5732,7 @@ CVE-2023-2071
CVE-2023-2070
RESERVED
CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2068
RESERVED
CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin
for Word ...)
@@ -5846,11 +5846,11 @@ CVE-2023-2017 (Server-side Template Injection (SSTI) in
Shopware 6 (<= v6.4.20.0
CVE-2023-2016
RESERVED
CVE-2023-2015 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2014 (Cross-site Scripting (XSS) - Generic in GitHub repository
microweber/m ...)
NOT-FOR-US: microweber
CVE-2023-2013 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2012
RESERVED
CVE-2022-48468 (protobuf-c before 1.4.1 has an unsigned integer overflow in
parse_requ ...)
@@ -6047,7 +6047,7 @@ CVE-2023-2002 (A vulnerability was found in the HCI
sockets implementation due t
NOTE: Fixed by:
https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2...@pku.edu.cn/
NOTE: Hardening:
https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2...@pku.edu.cn/
CVE-2023-2001 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server
redirecti ...)
NOT-FOR-US: Mattermost Desktop App
CVE-2023-1999
@@ -9396,7 +9396,7 @@ CVE-2023-1838 (A use-after-free flaw was found in
vhost_net_set_backend in drive
CVE-2023-1837 (Missing Authentication for critical function vulnerability in
HYPR Ser ...)
NOT-FOR-US: HYPR
CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab
affecting a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22
does not p ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives,
manufactu ...)
@@ -9698,7 +9698,7 @@ CVE-2023-1789 (Improper Input Validation in GitHub
repository firefly-iii/firefl
CVE-2023-1788 (Insufficient Session Expiration in GitHub repository
firefly-iii/firef ...)
NOT-FOR-US: firefly-iii
CVE-2023-1787 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1786 (Sensitive data could be exposed in logs of cloud-init before
version 2 ...)
- cloud-init <unfixed> (bug #1035023)
[bookworm] - cloud-init <no-dsa> (Minor issue)
@@ -10060,7 +10060,7 @@ CVE-2023-1735 (A vulnerability classified as critical
was found in SourceCodeste
CVE-2023-1734 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System
CVE-2023-1733 (A denial of service condition exists in the Prometheus server
bundled ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1732 (When sampling randomness for a shared secret, the
implementation of Ky ...)
NOT-FOR-US: Cloudflare CIRCL
CVE-2023-1731 (In Meinbergs LTOS versions prior to V7.06.013, the
configuration file ...)
@@ -10133,7 +10133,7 @@ CVE-2023-29023 (A cross site scripting vulnerability
was discovered in Rockwell
CVE-2023-29022 (A cross site scripting vulnerability was discovered in
Rockwell Automa ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab
affecting a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1709 (The APDFL.dll contains a memory corruption vulnerability while
parsing ...)
NOT-FOR-US: Siemens
CVE-2023-29021
@@ -10287,7 +10287,7 @@ CVE-2023-28960 (An Incorrect Permission Assignment for
Critical Resource vulnera
CVE-2023-28959 (An Improper Check or Handling of Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Juniper
CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions
from 1. ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1707
RESERVED
CVE-2023-1706
@@ -12465,7 +12465,7 @@ CVE-2023-1419
CVE-2023-1418 (A vulnerability classified as problematic was found in
SourceCodester ...)
NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering
System
CVE-2023-1417 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1416 (A vulnerability classified as critical has been found in Simple
Art Ga ...)
NOT-FOR-US: Simple Art Gallery
CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has
been decla ...)
@@ -14102,7 +14102,7 @@ CVE-2023-22434
CVE-2023-1266
RESERVED
CVE-2023-1265 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to
9.0.139 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815
@@ -14406,7 +14406,7 @@ CVE-2023-27850 (NETGEAR Nighthawk WiFi6 Router prior to
V1.0.10.94 contains a fi
CVE-2023-1205 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is
vulnerable to cr ...)
NOT-FOR-US: NETGEAR
CVE-2023-1204 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of
Hub Bu ...)
NOT-FOR-US: Devolutions
CVE-2023-1202 (Permission bypass when importing or synchronizing entriesin
User vault ...)
@@ -14998,7 +14998,7 @@ CVE-2023-27606
CVE-2023-27605
RESERVED
CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-27604
RESERVED
CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn
materia ...)
@@ -15929,7 +15929,7 @@ CVE-2023-23554 (Uncontrolled search path element
vulnerability exists in pg_ivm
CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions
prior t ...)
NOT-FOR-US: pg_ivm
CVE-2023-1098 (An information disclosure vulnerability has been discovered in
GitLab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through
BCE-ODU-1.0.8 are v ...)
NOT-FOR-US: Baicells EG7035-M11 devices
CVE-2023-1096 (SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1
are susc ...)
@@ -15960,7 +15960,7 @@ CVE-2023-1086 (The Preview Link Generator WordPress
plugin before 1.0.4 does not
CVE-2023-1085
RESERVED
CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1083
RESERVED
CVE-2023-1082
@@ -16099,9 +16099,9 @@ CVE-2023-1073 (A memory corruption flaw was found in
the Linux kernel\u2019s hum
NOTE:
https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/3
CVE-2023-1072 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1071 (An issue has been discovered in GitLab affecting all versions
from 15. ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1070 (External Control of File Name or Path in GitHub repository
nilsteampas ...)
- teampass <itp> (bug #730180)
CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium
WordPre ...)
@@ -19041,7 +19041,7 @@ CVE-2023-0922 (The Samba AD DC administration tool,
when operating against a rem
- samba 2:4.17.7+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html
CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all
versions fro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-48330
RESERVED
CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a
Flowmon user ...)
@@ -19975,7 +19975,7 @@ CVE-2023-0840 (A vulnerability classified as
problematic was found in PHPCrazy 1
CVE-2023-0839 (Improper Protection for Outbound Error Messages and Alert
Signals vuln ...)
NOT-FOR-US: ProMIS Process Co. InSCADA
CVE-2023-0838 (An issue has been discovered in GitLab affecting versions
starting fro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0837
RESERVED
CVE-2023-25780 (It is identified a vulnerability of insufficient
authentication in an ...)
@@ -20739,7 +20739,7 @@ CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft
versions 1.0.0.4 and prior
CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and
prior are v ...)
NOT-FOR-US: Delta Electronics
CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0755 (The affected products are vulnerable to an improper validation
of arra ...)
NOT-FOR-US: PTC
CVE-2023-0754 (The affected products are vulnerable to an integer overflow or
wraparo ...)
@@ -23676,7 +23676,7 @@ CVE-2023-0525
CVE-2023-0524 (As part of our Security Development Lifecycle, a potential
privilege e ...)
NOT-FOR-US: Tenable
CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0522 (The Enable/Disable Auto Login when Register WordPress plugin
through 1 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0521
@@ -23686,7 +23686,7 @@ CVE-2023-0520 (The RapidExpCart WordPress plugin
through 1.0 does not sanitize a
CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository
modoboa/modob ...)
NOT-FOR-US: Modoboa
CVE-2023-0518 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2020-36659 (In Apache::Session::Browseable before 1.3.6, validity of the
X.509 cer ...)
{DLA-3285-1}
- libapache-session-browseable-perl 1.3.7-1
@@ -23893,7 +23893,7 @@ CVE-2023-22845 (An out-of-bounds read vulnerability
exists in the TGAInput::deco
CVE-2023-0509 (Improper Certificate Validation in GitHub repository
pyload/pyload pri ...)
- pyload <itp> (bug #1001980)
CVE-2023-0508 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with
access to t ...)
- uptimed <not-affected> (Gentoo-specific)
CVE-2018-25078 (man-db before 2.8.5 on Gentoo allows local users (with access
to the m ...)
@@ -24021,11 +24021,11 @@ CVE-2023-0487 (The My Sticky Elements WordPress
plugin before 2.0.9 does not pro
CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external
attacker t ...)
NOT-FOR-US: VitalPBX
CVE-2023-0485 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder &
Gutenberg Block ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the
DataSour ...)
- resteasy <unfixed> (bug #1031728)
- resteasy3.0 <unfixed> (bug #1031729)
@@ -24405,7 +24405,7 @@ CVE-2023-0452 (All versions of Econolite EOS traffic
control software are vulner
CVE-2023-0451 (All versions of Econolite EOS traffic control software are
vulnerable ...)
NOT-FOR-US: Econolite EOS traffic control software
CVE-2023-0450 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0449
REJECTED
CVE-2023-0448 (The WP Helper Lite WordPress plugin, in versions < 4.3, returns
all GE ...)
@@ -26572,7 +26572,7 @@ CVE-2023-0321 (Campbell Scientific dataloggers CR6,
CR300, CR800, CR1000 and CR3
CVE-2023-0320 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: UBYS
CVE-2023-0319 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0318
RESERVED
CVE-2023-0317 (Unprotected Alternate Channel vulnerability in debug console of
GateM ...)
@@ -27409,7 +27409,7 @@ CVE-2023-0225 (A flaw was found in Samba. An incomplete
access check on dnsHostN
CVE-2023-0224
RESERVED
CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4886
RESERVED
CVE-2022-48255 (There is a system command injection vulnerability in
BiSheng-WNM FW 3. ...)
@@ -28813,7 +28813,7 @@ CVE-2023-0157 (The All-In-One Security (AIOS) WordPress
plugin before 5.1.5 does
CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0155 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0
does no ...)
@@ -29046,7 +29046,7 @@ CVE-2023-22459
CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel
NVMe func ...)
- linux <not-affected> (Vulnerable code not present in any released
Debian version)
CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE
affecting all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0120
RESERVED
CVE-2023-0119
@@ -30064,7 +30064,7 @@ CVE-2023-0051 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE:
https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4
(v9.0.1144)
NOTE: Crash in CLI tool, no security impact
CVE-2023-0050 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to
9.0.1143.)
- vim 2:9.0.1378-1 (unimportant)
NOTE: https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9
@@ -30145,7 +30145,7 @@ CVE-2023-22587
CVE-2023-0043 (The Custom Add User WordPress plugin through 2.0.2 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0041 (IBM Security Guardium 11.5 could allow a user to take over
another use ...)
NOT-FOR-US: IBM
CVE-2023-22586 (The Danfoss AK-EM100 web applications allow for Local File
Inclusion i ...)
@@ -34915,7 +34915,7 @@ CVE-2022-4464 (Themify Portfolio Post WordPress plugin
before 1.2.1 does not val
CVE-2022-4463
REJECTED
CVE-2022-4462 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4461
RESERVED
CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4
does no ...)
@@ -36443,7 +36443,7 @@ CVE-2022-4379 (A use-after-free vulnerability was found
in __nfs42_ssc_open() in
CVE-2022-4377 (A vulnerability was found in S-CMS 5.0 Build 20220328. It has
been dec ...)
NOT-FOR-US: S-CMS
CVE-2022-4376 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL
subsystem ...)
{DLA-3245-1 DLA-3244-1}
- linux 6.0.12-1
@@ -36562,7 +36562,7 @@ CVE-2022-46793 (Cross-Site Request Forgery (CSRF)
vulnerability in AdTribes.Io P
CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
NOT-FOR-US: daloRADIUS
CVE-2022-4365 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4364 (A vulnerability classified as critical has been found in
Teledyne FLIR ...)
NOT-FOR-US: Teledyne
CVE-2022-4363
@@ -36656,7 +36656,7 @@ CVE-2022-4346 (The All-In-One Security (AIOS) WordPress
plugin before 5.1.3 leak
CVE-2022-4343
RESERVED
CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4341 (A vulnerability has been found in csliuwy coder-chain_gdut and
classif ...)
NOT-FOR-US: csliuwy coder-chain_gdut
CVE-2022-46768 (Arbitrary file read vulnerability exists in Zabbix Web Service
Report ...)
@@ -37624,7 +37624,7 @@ CVE-2022-4291 (The aswjsflt.dll library from Avast
Antivirus windows contained a
CVE-2022-4290
RESERVED
CVE-2022-4289 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4288
RESERVED
CVE-2022-4287 (Authentication bypass in local application lock feature in
Devolutions ...)
@@ -38264,9 +38264,9 @@ CVE-2022-46281
CVE-2022-4207 (The Image Hover Effects Ultimate plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress
CVE-2022-4206 (A sensitive information leak issue has been discovered in all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4205 (In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch
with a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4204
RESERVED
CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate
verificati ...)
@@ -38368,7 +38368,7 @@ CVE-2022-42885
CVE-2022-42489
RESERVED
CVE-2022-4201 (A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to
15.4.6, ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not
sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4199 (The Link Library WordPress plugin before 7.4.1 does not
sanitise and e ...)
@@ -39420,7 +39420,7 @@ CVE-2022-43662 (Kernel subsystem within
OpenHarmony-v3.1.4 and prior versions in
CVE-2022-41802 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions
in kerne ...)
NOT-FOR-US: OpenHarmony
CVE-2022-4138 (A Cross Site Request Forgery issue has been discovered in
GitLab CE/EE ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4137
RESERVED
NOT-FOR-US: Keycloak
@@ -39598,7 +39598,7 @@ CVE-2022-45802 (Streampark allows any users to upload a
jar as application, but
CVE-2022-45801 (Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection
vulnerability. ...)
NOT-FOR-US: Apache StreamPark
CVE-2022-4131 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4130 (A blind site-to-site request forgery vulnerability was found in
Satell ...)
NOT-FOR-US: Red Hat Satellite server
CVE-2022-4129 (A flaw was found in the Linux kernel's Layer 2 Tunneling
Protocol (L2T ...)
@@ -40491,7 +40491,7 @@ CVE-2022-4055 (When xdg-mail is configured to use
thunderbird for mailto URLs, i
NOTE:
https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58
CVE-2022-4054 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-45462 (Alarm instance management has command injection when there is
a specif ...)
NOT-FOR-US: Apache DolphinScheduler
CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and
related V ...)
@@ -40532,7 +40532,7 @@ CVE-2022-4039
CVE-2022-4038
RESERVED
CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-45459 (Sensitive information disclosure due to insecure registry
permissions. ...)
NOT-FOR-US: Acronis
CVE-2022-45458 (Sensitive information disclosure and manipulation due to
improper cert ...)
@@ -40624,7 +40624,7 @@ CVE-2022-4009 (In affected versions of Octopus Deploy
it is possible for a user
CVE-2022-4008 (In affected versions of Octopus Deploy it is possible to upload
a zipb ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all
versions fro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4006 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: WBCE CMS
CVE-2022-4005 (The Donation Button WordPress plugin through 4.0.0 does not
sanitize a ...)
@@ -42005,7 +42005,7 @@ CVE-2022-3903 (An incorrect read request flaw was found
in the Infrared Transcei
- linux 5.19.11-1
[bullseye] - linux 5.10.148-1
CVE-2022-3902 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3901 (Prototype Pollution in Visioweb.js 1.10.6 allows attackers to
execute ...)
NOT-FOR-US: Visioweb.js
CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not
properly valid ...)
@@ -42677,7 +42677,7 @@ CVE-2022-41610 (Improper authorization in Intel(R) EMA
Configuration Tool before
CVE-2022-3871
RESERVED
CVE-2022-3870 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-44783
RESERVED
CVE-2022-44782
@@ -44238,11 +44238,11 @@ CVE-2022-3821 (An off-by-one Error issue was
discovered in Systemd in format_tim
NOTE:
https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e
(v252-rc1)
NOTE:
https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7
(v251.3)
CVE-2022-3820 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3819 (An improper authorization issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3818 (An uncontrolled resource consumption issue when parsing URLs in
GitLab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3817 (A vulnerability has been found in Axiomatic Bento4 and
classified as p ...)
NOT-FOR-US: Bento4
CVE-2022-3816 (A vulnerability, which was classified as problematic, was found
in Axi ...)
@@ -44498,7 +44498,7 @@ CVE-2022-3795
CVE-2022-3794 (The Jeg Elementor Kit plugin for WordPress is vulnerable to
authorizat ...)
NOT-FOR-US: Jeg Elementor Kit plugin for WordPress
CVE-2022-3793 (An improper authorization issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3792 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: GullsEye
CVE-2022-3791
@@ -44791,7 +44791,7 @@ CVE-2022-3769 (The OWM Weather WordPress plugin before
5.6.9 does not properly s
CVE-2022-3768 (The WPSmartContracts WordPress plugin before 1.3.12 does not
properly ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3767 (Missing validation in DAST analyzer affecting all versions from
1.11.0 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected in GitHub repository
thorsten/p ...)
NOT-FOR-US: phpmyfaq
CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository
thorsten/phpm ...)
@@ -44871,9 +44871,9 @@ CVE-2022-44419 (In modem, there is a possible missing
verification of NAS Securi
CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Mia-Med
CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3758 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-44418
RESERVED
CVE-2022-44417
@@ -45824,7 +45824,7 @@ CVE-2022-3742
CVE-2022-3741 (Impact varies for each individual vulnerability in the
application. Fo ...)
NOT-FOR-US: chatwoot
CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3739
RESERVED
CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to
download ...)
@@ -47650,7 +47650,7 @@ CVE-2022-43946 (Multiple vulnerabilities including an
incorrect permission assig
CVE-2022-3727
RESERVED
CVE-2022-3726 (Lack of sand-boxing of OpenAPI documents in GitLab CE/EE
affecting all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3725 (Crash in the OPUS protocol dissector in Wireshark 3.6.0 to
3.6.8 allow ...)
- wireshark 4.0.0-1
[bullseye] - wireshark <not-affected> (Vulnerable code not present)
@@ -47735,7 +47735,7 @@ CVE-2022-3707 (A double-free memory flaw was found in
the Linux kernel. The Inte
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137979
NOTE:
https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz...@163.com/
CVE-2022-3706 (Improper authorization in GitLab CE/EE affecting all versions
from 7.1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-43932 (Improper neutralization of special elements in output used by
a downst ...)
NOT-FOR-US: Synology
CVE-2022-43931 (Out-of-bounds write vulnerability in Remote Desktop
Functionality in S ...)
@@ -49047,7 +49047,7 @@ CVE-2022-3640 (A vulnerability, which was classified as
critical, was found in L
[bullseye] - linux 5.10.158-1
NOTE:
https://git.kernel.org/linus/0d0e2d032811280b927650ff3c15fe5020e82533
CVE-2022-3639 (A potential DOS vulnerability was discovered in GitLab CE/EE
affecting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3638
REJECTED
CVE-2022-3637 (A vulnerability has been found in Linux Kernel and classified
as probl ...)
@@ -49146,7 +49146,7 @@ CVE-2022-3615
CVE-2022-3614 (In affected versions of Octopus Deploy users of certain
browsers using ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-3613 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3612
RESERVED
CVE-2022-3611
@@ -49393,9 +49393,9 @@ CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for
FAdC R2 and FAdCi R2 v2.8
CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate
its fo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3573 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3572 (A cross-site scripting issue has been discovered in GitLab
CE/EE affec ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3571
RESERVED
CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff
librar ...)
@@ -50638,9 +50638,9 @@ CVE-2022-3515 (A vulnerability was found in the Libksba
library due to an intege
NOTE: https://dev.gnupg.org/T6230
NOTE: https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b
CVE-2022-3514 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3513 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to
disconne ...)
NOT-FOR-US: Cloudflare
CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not
ensure that ...)
@@ -50757,15 +50757,15 @@ CVE-2022-3488 (Processing of repeated responses to
the same query, where both re
CVE-2022-3487
REJECTED
CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3485 (In IFM Moneo Appliance with version up to 1.9.3 an
unauthenticated rem ...)
NOT-FOR-US: IFM Moneo Appliance
CVE-2022-3484 (The WPB Show Core WordPress plugin does not sanitize and escape
a para ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3482 (An improper access control issue in GitLab CE/EE affecting all
version ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does
not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3480 (A remote, unauthenticated attacker could cause a
denial-of-service of ...)
@@ -50813,7 +50813,7 @@ CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka
krb5) before 1.19.4 and 1.20.
CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows
unauthe ...)
NOT-FOR-US: Array Networks
CVE-2022-3478 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2
allows arbi ...)
{DLA-3277-1}
- powerline-gitstatus 1.3.2-1
@@ -51967,11 +51967,11 @@ CVE-2022-3415 (The Chat Bubble WordPress plugin
before 2.3 does not sanitise and
CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student
Clearanc ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-3413 (Incorrect authorization during display of Audit Events in
GitLab EE af ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3412
RESERVED
CVE-2022-3411 (A lack of length validation in GitLab CE/EE affecting all
versions fro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3410
RESERVED
CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to
cause deni ...)
@@ -53654,7 +53654,7 @@ CVE-2022-41617 (In versions 16.1.x before 16.1.3.1,
15.1.x before 15.1.6.1, 14.1
CVE-2022-36795 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before
16.1.3.1, 15. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-3381 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3380 (The Customizer Export/Import WordPress plugin before 0.9.5
unserialize ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not
properl ...)
@@ -53666,7 +53666,7 @@ CVE-2022-3377 (Horner Automation's Cscape version 9.90
SP 6 and prior does not p
CVE-2022-3376 (Weak Password Requirements in GitHub repository
ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3375 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the
content ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3373 (Out of bounds write in V8 in Google Chrome prior to
106.0.5249.91 allo ...)
@@ -54430,7 +54430,7 @@ CVE-2022-3332 (A vulnerability classified as critical
has been found in SourceCo
CVE-2022-3331 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Only affects EE)
CVE-2022-3330 (It was possible for a guest user to read a todo targeting an
inaccessi ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3329
RESERVED
CVE-2022-30544 (Cross-Site Request Forgery (CSRF) in MiKa'sOSM \u2013
OpenStreetMap pl ...)
@@ -54502,7 +54502,7 @@ CVE-2022-3327 (Missing Authentication for Critical
Function in GitHub repository
CVE-2022-3326 (Weak Password Requirements in GitHub repository
ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0. ...)
{DLA-3182-1}
- vim 2:9.0.0626-1
@@ -55100,7 +55100,7 @@ CVE-2022-3290 (Improper Handling of Length Parameter
Inconsistency in GitHub rep
CVE-2022-3289
RESERVED
CVE-2022-3288 (A branch/tag name confusion in GitLab CE/EE affecting all
versions pri ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish
plugin ...)
- fwupd 1.8.5-1
[bullseye] - fwupd <no-dsa> (Minor issue)
@@ -55109,11 +55109,11 @@ CVE-2022-3287 (When creating an OPERATOR user account
on the BMC, the redfish pl
CVE-2022-3286 (Lack of IP address checking in GitLab EE affecting all versions
from 1 ...)
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3285 (Bypass of healthcheck endpoint allow list affecting all
versions from ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3284 (Download key for a file in a vault was passed in an insecure
way that ...)
NOT-FOR-US: M-Files
CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE
affecting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before
1.3.6.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41326 (The web conferencing component of Mitel MiCollab through
9.6.0.13 coul ...)
@@ -55145,9 +55145,9 @@ CVE-2022-41316 (HashiCorp Vault and Vault
Enterprise\u2019s TLS certificate auth
CVE-2022-3281 (WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact
Controller ...)
NOT-FOR-US: WAGO
CVE-2022-3280 (An open redirect in GitLab CE/EE affecting all versions from
10.1 prio ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3279 (An unhandled exception in job log parsing in GitLab CE/EE
affecting al ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to
9.0.055 ...)
- vim 2:9.0.0626-1 (unimportant)
NOTE: https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612/
@@ -55234,7 +55234,7 @@ CVE-2022-40691 (An information disclosure vulnerability
exists in the web applic
CVE-2022-40214
RESERVED
CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab
CE/EE affec ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3264
RESERVED
CVE-2022-41310 (A malicious crafted .dwf or .pct file when consumed through
DesignRevi ...)
@@ -60820,9 +60820,9 @@ CVE-2022-39046 (An issue was discovered in the GNU C
Library (glibc) 2.36. When
NOTE: Introduced by:
https://sourceware.org/git/?p=glibc.git;a=commit;h=a583b6add407c17cdcd4146be3876061a5e1d555
(glibc-2.36)
NOTE: Fixed by:
https://sourceware.org/git/?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1
CVE-2022-3067 (An issue has been discovered in the Import functionality of
GitLab CE/ ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3066 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio
prior to 20 ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive
amount ...)
@@ -60895,7 +60895,7 @@ CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier
allow a remote unauthenticate
CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a
command injec ...)
NOT-FOR-US: PowerCMS
CVE-2022-3060 (Improper control of a resource identifier in Error Tracking in
GitLab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3059 (The application was vulnerable to multiple instances of SQL
injection ...)
NOT-FOR-US: Schoolbox
CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to
105.0.5195.52 ...)
@@ -61506,10 +61506,10 @@ CVE-2022-3032 (When receiving an HTML email that
contained an <code>iframe</code
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3032
CVE-2022-3031 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-3030 (An improper access control issue in GitLab CE/EE affecting all
version ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due
to a mi ...)
- routinator <itp> (bug #929024)
CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework
for tran ...)
@@ -61569,7 +61569,7 @@ CVE-2022-38789 (An issue was discovered in Airties
Smart Wi-Fi before 2020-08-04
CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B
1.2104.00 ...)
NOT-FOR-US: Nokia
CVE-2022-3018 (An information disclosure vulnerability in GitLab CE/EE
affecting all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository
froxlor/froxlor ...)
- froxlor <itp> (bug #581792)
CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0286.)
@@ -61751,7 +61751,7 @@ CVE-2022-2993 (There is an error in the condition of
the last if-statement in th
NOT-FOR-US: zephyr-rtos
CVE-2022-2992 (A vulnerability in GitLab CE/EE affecting all versions from
11.10 prio ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's
LightNVM ...)
- linux 5.15.3-1 (unimportant)
@@ -62143,7 +62143,7 @@ CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected
in GitHub repository bustl
NOT-FOR-US: Mobiledoc Kit
CVE-2022-2931 (A potential DOS vulnerability was discovered in GitLab CE/EE
affecting ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2930 (Unverified Password Change in GitHub repository
octoprint/octoprint pr ...)
- octoprint <itp> (bug #718591)
@@ -62634,11 +62634,11 @@ CVE-2022-37333 (SQL injection vulnerability in the
Exment ((PHP8) exceedone/exme
NOT-FOR-US: Exment
CVE-2022-2908 (A potential DoS vulnerability was discovered in Gitlab CE/EE
versions ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2907 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2906 (An attacker can leverage this flaw to gradually erode available
memory ...)
- bind9 1:9.18.7-1
@@ -62654,7 +62654,7 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was
found in the Linux kernel's
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1
CVE-2022-2904 (A cross-site scripting issue has been discovered in GitLab
CE/EE affec ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13
unserialis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2902
@@ -62874,12 +62874,12 @@ CVE-2022-38395 (HP Support Assistant uses HP
Performance Tune-up as a diagnostic
CVE-2022-38393 (A denial of service vulnerability exists in the cfg_server
cm_processC ...)
NOT-FOR-US: Asus
CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from
11.3.4 pri ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
CVE-2022-2883 (In affected versions of Octopus Deploy it is possible to upload
a zipb ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-2882 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2881 (The underlying bug might cause read past end of the buffer and
either ...)
- bind9 1:9.18.7-1
[bullseye] - bind9 <ignored> (Flawed code present in 9.16 but masked by
the way the httpd objects are reset between messages)
@@ -62983,7 +62983,7 @@ CVE-2022-2866 (FATEK FvDesigner version 1.5.103 and
prior is vulnerable to an ou
NOT-FOR-US: FATEK FvDesigner
CVE-2022-2865 (A cross-site scripting issue has been discovered in GitLab
CE/EE affec ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2864 (The demon image annotation plugin for WordPress is vulnerable
to Cross ...)
NOT-FOR-US: demon image annotation plugin for WordPress
@@ -63151,7 +63151,7 @@ CVE-2022-2828 (In affected versions of Octopus Server
it is possible to reveal i
CVE-2022-2827 (AMI MegaRAC User Enumeration Vulnerability)
NOT-FOR-US: MegaRAC
CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with
an exampl ...)
- airflow <itp> (bug #819700)
CVE-2022-38361
@@ -63712,7 +63712,7 @@ CVE-2022-2763 (The WP Socializer WordPress plugin
before 7.3 does not sanitise a
CVE-2022-2762 (The AdminPad WordPress plugin before 2.2 does not have CSRF
check when ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2761 (An information disclosure issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal
the Sp ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-38169
@@ -65822,7 +65822,7 @@ CVE-2022-2631 (Improper Access Control in GitHub
repository tooljet/tooljet prio
NOT-FOR-US: ToolJet
CVE-2022-2630 (An improper access control issue in GitLab CE/EE affecting all
version ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2629 (The Top Bar WordPress plugin before 3.0.4 does not sanitise and
escape ...)
NOT-FOR-US: WordPress plugin
@@ -66583,7 +66583,7 @@ CVE-2022-37041 (An issue was discovered in
ProxyServlet.java in the /proxy servl
NOT-FOR-US: Zimbra
CVE-2022-2592 (A lack of length validation in Snippet descriptions in GitLab
CE/EE af ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2591 (A vulnerability classified as critical has been found in TEM
FLEX-1085 ...)
NOT-FOR-US: TEM
@@ -67382,7 +67382,7 @@ CVE-2022-2541 (The uContext for Amazon plugin for
WordPress is vulnerable to Cro
CVE-2022-2540 (The Link Optimizer Lite plugin for WordPress is vulnerable to
Cross-Si ...)
NOT-FOR-US: Link Optimizer Lite plugin for WordPress
CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2538 (The WP Hide & Security Enhancer WordPress plugin before 1.8
does not e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [spip: XSS alowing priviledge escalation]
@@ -68064,10 +68064,10 @@ CVE-2022-2536 (The Transposh WordPress Translation
plugin for WordPress is vulne
CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2
does not e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2533 (An issue has been discovered in GitLab affecting all versions
starting ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2532 (The Feed Them Social WordPress plugin before 3.0.1 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
@@ -68101,7 +68101,7 @@ CVE-2022-36430
RESERVED
CVE-2022-2527 (An issue in Incident Timelines has been discovered in GitLab
CE/EE aff ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a
heap-based buf ...)
{DSA-5228-1}
@@ -68310,7 +68310,7 @@ CVE-2022-2514 (The time and filter parameters in Fava
prior to v1.22 are vulnera
CVE-2022-2513 (A vulnerability exists in the Intelligent Electronic Device
(IED) Conn ...)
NOT-FOR-US: Hitachi
CVE-2022-2512 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the
"commonuserinterface" ...)
NOT-FOR-US: BlueSpice
CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability in
"Extension:ExtendedSearch" ...)
@@ -68417,13 +68417,13 @@ CVE-2022-29493 (Uncaught exception in webserver for
the Integrated BMC in some I
CVE-2022-2501 (An improper access control issue in GitLab EE affecting all
versions f ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2500 (A cross-site scripting issue has been discovered in GitLab
CE/EE affec ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2499 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2498 (An issue in pipeline subscriptions in GitLab EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2497 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2496
RESERVED
CVE-2020-36558 (A race condition in the Linux kernel before 5.5.7 involving
VT_RESIZEX ...)
@@ -68697,7 +68697,7 @@ CVE-2022-2458 (XML external entity injection(XXE) is a
vulnerability that allows
CVE-2022-2457 (A flaw was found in Red Hat Process Automation Manager 7 where
an atta ...)
NOT-FOR-US: Red Hat Process Automation Manager
CVE-2022-2456 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-36275
RESERVED
CVE-2022-36274
@@ -69039,7 +69039,7 @@ CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0
through 1.9.7, 1.10.4, and 1.11
NOT-FOR-US: HashiCorp Vault
CVE-2022-2455 (A business logic issue in the handling of large repositories in
all ve ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-36128
RESERVED
@@ -69703,7 +69703,7 @@ CVE-2022-2429 (The Ultimate SMS Notifications for
WooCommerce plugin for WordPre
NOT-FOR-US: Ultimate SMS Notifications for WooCommerce plugin for
WordPress
CVE-2022-2428 (A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE
affecting ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2427
RESERVED
@@ -69726,7 +69726,7 @@ CVE-2022-2419 (A vulnerability was found in URVE Web
Manager. It has been declar
CVE-2022-2418 (A vulnerability was found in URVE Web Manager. It has been
classified ...)
NOT-FOR-US: URVE Web Manager
CVE-2022-2417 (Insufficient validation in GitLab CE/EE affecting all versions
from 12 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2416
RESERVED
CVE-2022-2415 (Heap buffer overflow in WebGL in Google Chrome prior to
103.0.5060.53 ...)
@@ -71375,7 +71375,7 @@ CVE-2022-2327 (io_uring use work_flags to determine
which identity need to grab
[bullseye] - linux 5.10.127-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
CVE-2022-2326 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-35234 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to
an Out- ...)
NOT-FOR-US: Trend Micro
CVE-2022-35233
@@ -72281,7 +72281,7 @@ CVE-2022-34918 (An issue was discovered in the Linux
kernel through 5.18.9. A ty
NOTE: https://www.openwall.com/lists/oss-security/2022/07/02/3
NOTE: https://www.randorisec.fr/crack-linux-firewall/
CVE-2022-2307 (A lack of cascading deletes in GitLab CE/EE affecting all
versions sta ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-34917 (A security vulnerability has been identified in Apache Kafka.
It affec ...)
- kafka <itp> (bug #786460)
CVE-2022-34916 (Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a
remote ...)
@@ -72297,7 +72297,7 @@ CVE-2022-2304 (Stack-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/
NOTE:
https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939
(v9.0.0035)
CVE-2022-2303 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2302 (Multiple Lenze products of the cabinet series skip the password
verifi ...)
NOT-FOR-US: Lenze
CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to
1.10.3.)
@@ -72606,7 +72606,7 @@ CVE-2022-2272 (This vulnerability allows remote
attackers to bypass authenticati
CVE-2022-2271 (The WP Database Backup WordPress plugin before 5.9 does not
escape som ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3
does no ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8
accept ...)
@@ -72799,9 +72799,9 @@ CVE-2022-2253 (A user with administrative privileges in
Distributed Data Systems
CVE-2022-2252 (Open Redirect in GitHub repository microweber/microweber prior
to 1.2. ...)
NOT-FOR-US: microweber
CVE-2022-2251 (Improper sanitization of branch names in GitLab Runner
affecting all v ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2250 (An open redirect vulnerability in GitLab EE/CE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-46826
RESERVED
CVE-2021-46825 (Symantec Advanced Secure Gateway (ASG) and ProxySG are
susceptible to ...)
@@ -72884,9 +72884,9 @@ CVE-2022-34735 (The frame scheduling module has a null
pointer dereference vulne
CVE-2022-2245 (The Counter Box WordPress plugin before 1.2.1 is lacking CSRF
check wh ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE
affecting all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2242 (The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is
prone to i ...)
NOT-FOR-US: Kuka
CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before
4.0.0 does ...)
@@ -72945,13 +72945,13 @@ CVE-2022-2231 (NULL Pointer Dereference in GitHub
repository vim/vim prior to 8.
NOTE:
https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8
(v8.2.5169)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2230 (A Stored Cross-Site Scripting vulnerability in the project
settings pa ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2229 (An improper authorization issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2228 (Information exposure in GitLab EE affecting all versions from
12.0 pri ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE
affecti ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2226 (An OpenPGP digital signature includes information about the
date when ...)
{DSA-5175-1}
- thunderbird 1:91.11.0-1
@@ -74204,7 +74204,7 @@ CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the
id parameter in an lvl=a
CVE-2022-32284 (Use of insufficiently random values vulnerability exists in
Vnet/IP co ...)
NOT-FOR-US: YOKOGAWA
CVE-2022-2185 (A critical issue has been discovered in GitLab affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2184 (The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input
reach a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2183 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.)
@@ -75851,7 +75851,7 @@ CVE-2022-2097 (AES OCB mode for 32-bit x86 platforms
using the AES-NI assembly o
CVE-2022-2096
RESERVED
CVE-2022-2095 (An improper access control check in GitLab CE/EE affecting all
version ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2094 (The Yellow Yard Searchbar WordPress plugin before 2.8.2 does
not escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not
sanitize an ...)
@@ -78942,7 +78942,7 @@ CVE-2022-2000 (Out-of-bounds Write in GitHub repository
vim/vim prior to 8.2.)
NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
NOTE:
https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5
(v8.2.5063)
CVE-2022-1999 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1998 (A use after free in the Linux kernel File System notify
functionality ...)
- linux 5.16.7-1
[bullseye] - linux 5.10.103-1
@@ -79895,7 +79895,7 @@ CVE-2022-32160
CVE-2022-32159 (In openlibrary versions deploy-2016-07-0 through
deploy-2021-12-22 are ...)
NOT-FOR-US: openlibrary
CVE-2022-1963 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-4233
RESERVED
CVE-2022-32158 (Splunk Enterprise deployment servers in versions before
8.1.10.1, 8.2. ...)
@@ -79988,7 +79988,7 @@ CVE-2022-1956 (The Shortcut Macros WordPress plugin
through 1.3 does not have au
CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the
victim's ...)
NOT-FOR-US: oxen-io/session-android
CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab
CE/EE a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin
before 1.2.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1952 (The Free Booking Plugin for Hotels, Restaurant and Car Rental
WordPres ...)
@@ -80747,7 +80747,7 @@ CVE-2022-1945 (The Coming Soon & Maintenance Mode by
Colorlib WordPress plugin b
NOT-FOR-US: WordPress plugin
CVE-2022-1944 (When the feature is configured, improper authorization in the
Interact ...)
[experimental] - gitlab 14.9.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file
system ...)
- linux 5.17.11-1
@@ -80814,11 +80814,11 @@ CVE-2022-31797
RESERVED
CVE-2022-1936 (Incorrect authorization in GitLab EE affecting all versions
from 12.0 ...)
[experimental] - gitlab 14.9.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1935 (Incorrect authorization in GitLab EE affecting all versions
from 12.0 ...)
[experimental] - gitlab 14.9.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1934 (Use After Free in GitHub repository mruby/mruby prior to 3.2.)
- mruby <not-affected> (Vulnerable code introduced after 3.0)
@@ -82506,7 +82506,7 @@ CVE-2022-1822 (The Zephyr Project Manager plugin for
WordPress is vulnerable to
NOT-FOR-US: Zephyr Project Manager plugin for WordPress
CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
[experimental] - gitlab 14.9.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1820 (The Keep Backup Daily plugin for WordPress is vulnerable to
Reflected ...)
NOT-FOR-US: Keep Backup Daily plugin for WordPress
@@ -84664,7 +84664,7 @@ CVE-2022-30557 (Foxit PDF Reader and PDF Editor before
11.2.2 have a Type Confus
NOT-FOR-US: Foxit PDF Reader and PDF Editor
CVE-2022-1680 (An account takeover issue has been discovered in GitLab EE
affecting a ...)
[experimental] - gitlab 14.9.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel\u2019s
Atheros wir ...)
{DLA-3173-1 DLA-3131-1}
@@ -86417,7 +86417,7 @@ CVE-2022-29968 (An issue was discovered in the Linux
kernel through 5.17.5. io_r
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/32452a3eb8b64e01e2be717f518c0be046975b9d (5.18-rc5)
CVE-2022-1545 (It was possible to disclose details of confidential notes
created via ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer
overflow i ...)
{DSA-5160-1 DLA-3055-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
@@ -86773,7 +86773,7 @@ CVE-2022-1512 (The ScrollReveal.js Effects WordPress
plugin through 1.2 does not
CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it
prior to 5 ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-1510 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository
hestiacp/hestiacp pri ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is
vulnerable to a ...)
@@ -87154,7 +87154,7 @@ CVE-2022-1462 (An out-of-bounds read flaw was found in
the Linux kernel\u2019s T
CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub
reposito ...)
NOT-FOR-US: OpenEMR
CVE-2022-1460 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1459 (Non-Privilege User Can View Patient\u2019s Disclosures in
GitHub repos ...)
NOT-FOR-US: OpenEMR
CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository
openemr/ope ...)
@@ -87676,11 +87676,11 @@ CVE-2022-1434 (The OpenSSL 3.0 implementation of the
RC4-MD5 ciphersuite incorre
NOTE: https://www.openssl.org/news/secadv/20220503.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b
(openssl-3.0.3)
CVE-2022-1433 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in GitHub repository
octoprint/oc ...)
- octoprint <itp> (bug #718591)
CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository
octoprint/octopr ...)
- octoprint <itp> (bug #718591)
CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository
pimcore/pi ...)
@@ -87742,13 +87742,13 @@ CVE-2022-29561
CVE-2022-29560 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
NOT-FOR-US: RUGGEDCOM
CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a
compani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1424 (The Ask me WordPress theme before 6.8.2 does not perform CSRF
checks f ...)
NOT-FOR-US: WordPress theme
CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab
CE/EE a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF
tokens in ...)
NOT-FOR-US: WordPress theme
CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some
AJAX ac ...)
@@ -87863,16 +87863,16 @@ CVE-2022-29526 (Go before 1.17.10 and 1.18.x before
1.18.2 has Incorrect Privile
NOTE: Branch.go1.18 :
https://github.com/golang/go/commit/c0599c5b781de023974519194df6b0c4ebb0adff
(1.18.2)
NOTE: Introduced by:
https://github.com/golang/go/commit/60f78765022a59725121d3b800268adffe78bde3
(go1.15rc1)
CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in
GitLab CE/E ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1415
RESERVED
NOT-FOR-US: drools
CVE-2022-1414 (3scale API Management 2 does not perform adequate sanitation
for user ...)
NOT-FOR-US: 3scale API Management
CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email
in a pub ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1411 (Unrestructed file upload in GitHub repository
yetiforcecompany/yetifor ...)
@@ -87908,7 +87908,7 @@ CVE-2022-26424
CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software
maintain ...)
NOT-FOR-US: Intel
CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all
versions from ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-29504
REJECTED
CVE-2022-29503 (A memory corruption vulnerability exists in the libpthread
linuxthread ...)
@@ -88587,7 +88587,7 @@ CVE-2022-1353 (A vulnerability was found in the
pfkey_register function in net/k
- linux 5.17.3-1
NOTE:
https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17)
CVE-2022-1352 (Due to an insecure direct object reference vulnerability in
Gitlab EE/ ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore
prior to 10 ...)
NOT-FOR-US: pimcore
CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs,
arbitra ...)
@@ -91396,7 +91396,7 @@ CVE-2022-1195 (A use-after-free vulnerability was found
in the Linux kernel in d
CVE-2022-1194 (The Mobile Events Manager WordPress plugin before 1.4.8 does
not prope ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to
14.7.7, ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not
saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46779 (Insufficient input validation in SVC_ECC_PRIMITIVE system call
in a co ...)
@@ -91588,11 +91588,11 @@ CVE-2022-28224 (Clusters using Calico (version 3.22.1
and below), Calico Enterpr
CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository
livehelperch ...)
NOT-FOR-US: livehelperchat
CVE-2022-1190 (Improper handling of user input in GitLab CE/EE versions 8.3
prior to ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1189 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1187 (The WordPress WP YouTube Live Plugin is vulnerable to Reflected
Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1186 (The WordPress plugin Be POPIA Compliant exposed sensitive
information ...)
@@ -91606,7 +91606,7 @@ CVE-2022-28221 (The CleanTalk AntiSpam plugin <= 5.173
for WordPress is vulnerab
CVE-2022-28220 (Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to
a buffe ...)
NOT-FOR-US: Apache James
CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in
GitLab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1184 (A use-after-free flaw was found in
fs/ext4/namei.c:dx_insert_block() i ...)
{DSA-5257-1 DLA-3173-1}
- linux 5.19.6-1
@@ -91634,9 +91634,9 @@ CVE-2022-1177 (Accounting User Can Download Patient
Reports in openemr in GitHub
CVE-2022-1176 (Loose comparison causes IDOR on multiple endpoints in GitHub
repositor ...)
NOT-FOR-US: livehelperchat
CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions
14.4 be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33.)
NOT-FOR-US: Grav CMS
CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub
repositor ...)
@@ -91869,7 +91869,7 @@ CVE-2022-28171 (The web module in some Hikvision Hybrid
SAN/Cluster Storage prod
CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository
mineweb/minew ...)
NOT-FOR-US: minewebcms
CVE-2022-1162 (A hardcoded password was set for accounts registered using an
OmniAuth ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1161 (An attacker with the ability to modify a user program may
change user ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository
vim/vi ...)
@@ -91907,7 +91907,7 @@ CVE-2022-1158 (A flaw was found in KVM. When updating a
guest's page table entry
NOTE:
https://git.kernel.org/linus/2a8859f373b0a86f0ece8ec8312607eacf12485d (5.18-rc1)
NOTE: https://www.openwall.com/lists/oss-security/2022/04/08/4
CVE-2022-1157 (Missing sanitization of logged exception messages in all
versions prio ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1156 (The Books & Papers WordPress plugin through 0.20210223 does not
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1155 (Old sessions are not blocked by the login enable function. in
GitHub r ...)
@@ -92002,7 +92002,7 @@ CVE-2022-28129 (Improper Input Validation vulnerability
in HTTP/1.1 header parsi
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab
CE/EE affe ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1147
RESERVED
CVE-2022-1146 (Inappropriate implementation in Resource Timing in Google
Chrome prior ...)
@@ -92110,7 +92110,7 @@ CVE-2022-1125 (Use after free in Portals in Google
Chrome prior to 100.0.4896.60
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1124 (An improper authorization issue has been discovered in GitLab
CE/EE af ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1123 (The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)
WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue
(e.g., ...)
@@ -92131,9 +92131,9 @@ CVE-2022-1122 (A flaw was found in the opj2_decompress
program in openjpeg2 2.4.
NOTE: https://github.com/uclouvain/openjpeg/issues/1368
NOTE:
https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
CVE-2022-1121 (A lack of appropriate timeouts in GitLab Pages included in
GitLab CE/E ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting
all ve ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to
Arbitrary File ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1118 (Connected Components Workbench (v13.00.00 and prior), ISaGRAF
Workbenc ...)
@@ -92163,7 +92163,7 @@ CVE-2022-1113 (The Flower Delivery by Florist One
WordPress plugin through 3.7 d
CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF
check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE
versions 14.9 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2020-36520
RESERVED
CVE-2022-28125
@@ -92625,7 +92625,7 @@ CVE-2022-1106 (use after free in mrb_vm_exec in GitHub
repository mruby/mruby pr
NOTE:
https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c
NOTE: Vulnerable code introduced in
https://github.com/mruby/mruby/commit/b137eb2678cfba8d6ffcddff5326ebe8eb7f6a24
(3.1.0-rc)
CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE
affecting all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1104 (The Popup Maker WordPress plugin before 1.16.5 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1103 (The Advanced Uploader WordPress plugin through 4.2 allows any
authenti ...)
@@ -92719,9 +92719,9 @@ CVE-2022-1102 (A vulnerability classified as
problematic has been found in Sourc
CVE-2022-1101 (A vulnerability was found in SourceCodester Royale Event
Management Sy ...)
NOT-FOR-US: SourceCodester
CVE-2022-1100 (A potential DOS vulnerability was discovered in GitLab CE/EE
affecting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1099 (Adding a very large number of tags to a runner in GitLab CE/EE
affecti ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1098 (Delta Electronics DIAEnergie (all versions prior to 1.8.02.004)
are vu ...)
NOT-FOR-US: Delta Electronics DIAEnergie
CVE-2021-46742 (The multi-window module has a vulnerability of unauthorized
insertion ...)
@@ -98618,7 +98618,7 @@ CVE-2022-0752 (Cross-site Scripting (XSS) - Generic in
GitHub repository hestiac
NOT-FOR-US: Hestia Control Panel
CVE-2022-0751 (Inaccurate display of Snippet files containing special
characters in a ...)
[experimental] - gitlab 14.6.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0750 (The Photoswipe Masonry Gallery WordPress plugin is vulnerable
to Cross ...)
NOT-FOR-US: WordPress plugin
@@ -98712,10 +98712,10 @@ CVE-2022-0742 (Memory leak in icmp6 implementation in
Linux Kernel 5.13+ allows
NOTE: https://www.openwall.com/lists/oss-security/2022/03/15/3
CVE-2022-0741 (Improper input validation in all versions of GitLab CE/EE using
sendma ...)
[experimental] - gitlab 14.6.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0740 (Incorrect authorization in the Asana integration's branch
restriction ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to
properly sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0738 (An issue has been discovered in GitLab affecting all versions
starting ...)
@@ -98727,7 +98727,7 @@ CVE-2022-0736 (Insecure Temporary File in GitHub
repository mlflow/mlflow prior
NOT-FOR-US: mlflow
CVE-2022-0735 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
[experimental] - gitlab 14.6.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2021-4223
RESERVED
@@ -102129,7 +102129,7 @@ CVE-2022-0550 (Improper Input Validation
vulnerability in custom report logo upl
NOT-FOR-US: Nozomi Networks
CVE-2022-0549 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
[experimental] - gitlab 14.6.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0548
RESERVED
@@ -103038,10 +103038,10 @@ CVE-2022-0490
RESERVED
CVE-2022-0489 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
[experimental] - gitlab 14.6.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0488 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/23520
CVE-2022-24399 (The SAP Focused Run (Real User Monitoring) - versions 200,
300, REST s ...)
NOT-FOR-US: SAP
@@ -103273,7 +103273,7 @@ CVE-2022-0479 (The Popup Builder WordPress plugin
before 4.1.1 does not sanitise
CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior
to 5.6. ...)
- radare2 <unfixed> (bug #1014478)
NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
@@ -103614,7 +103614,7 @@ CVE-2022-0429 (The WP Cerber Security, Anti-spam &
Malware Scan WordPress plugin
CVE-2022-0428 (The Content Egg WordPress plugin before 5.3.0 does not sanitise
and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in
all ve ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before
11.2.3 do ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway
integration in ...)
@@ -104323,7 +104323,7 @@ CVE-2022-0391 (A flaw was found in Python,
specifically within the urllib.parse
NOTE: Fixed by:
https://github.com/python/cpython/commit/f4dac7ec55477a6c5d965e594e74bd6bda786903
(v3.7.11)
NOTE: Fixed by:
https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667
(v3.6.14)
CVE-2022-0390 (Improper access control in Gitlab CE/EE versions 12.7 to
14.5.4, 14.6 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin
before ...)
@@ -104687,7 +104687,7 @@ CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in
Packagist remdex/livehelpe
CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist
remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0373 (Improper access control in GitLab CE/EE versions 12.4 to
14.5.4, 14.5 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist
bytefury/crater prior ...)
NOT-FOR-US: Crater
CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE
Services API 1. ...)
@@ -104761,7 +104761,7 @@ CVE-2022-23949 (In Keylime before 6.3.0, unsanitized
UUIDs can be passed by a ro
CVE-2022-23948 (A flaw was found in Keylime before 6.3.0. The logic in the
Keylime age ...)
NOT-FOR-US: Keylime
CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/350476
CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist
remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
@@ -105054,7 +105054,7 @@ CVE-2022-0346 (The XML Sitemap Generator for Google
WordPress plugin before 2.0.
CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin
before 1.8. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/37015
CVE-2022-0343 (A local attacker, as a different local user, may be able to
send a HTT ...)
NOT-FOR-US: Android
@@ -106742,7 +106742,7 @@ CVE-2022-0284 (A heap-based-buffer-over-read flaw was
found in ImageMagick's Get
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7
CVE-2022-0283 (An issue has been discovered affecting GitLab versions prior to
13.5. ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/349422
CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to
1.2.11.)
NOT-FOR-US: microweber
@@ -107356,7 +107356,7 @@ CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in
GitHub repository pimcore/
CVE-2022-0250 (The Redirection for Contact Form 7 WordPress plugin before
2.5.0 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version
12. Git ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does
not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified
through acce ...)
@@ -107386,7 +107386,7 @@ CVE-2022-0264 (A vulnerability was found in the Linux
kernel's eBPF verifier whe
CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository
livehelperchat/ ...)
NOT-FOR-US: livehelperchat
CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet
OrchardCore.Application.C ...)
NOT-FOR-US: Orchard CMS
CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to
deserialization ...)
@@ -108786,7 +108786,7 @@ CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds
Read)
NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5
NOTE:
https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c
CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0171 (A flaw was found in the Linux kernel. The existing KVM SEV API
has a v ...)
{DSA-5257-1 DLA-3173-1}
- linux 5.18.2-1
@@ -108804,7 +108804,7 @@ CVE-2022-0168 (A denial of service (DOS) issue was
found in the Linux kernel\u20
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037386
CVE-2022-0167 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior
to 5.7. ...)
NOT-FOR-US: McAfee
CVE-2022-0165 (The Page Builder KingComposer WordPress plugin through 2.9.6
does not ...)
@@ -109535,13 +109535,13 @@ CVE-2022-22734 (The Simple Quotation WordPress
plugin through 1.3.2 does not hav
CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0153 (SQL Injection in GitHub repository forkcms/forkcms prior to
5.11.1.)
NOT-FOR-US: forkcms
CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0150 (The WP Accessibility Helper (WAH) WordPress plugin before
0.6.0.7 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1
was affe ...)
@@ -109680,7 +109680,7 @@ CVE-2022-0137 (A heap buffer overflow in
image_set_mask function of HTMLDOC befo
NOTE: Fixed by:
https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b
(v1.9.15)
NOTE: Crash in CLI tool, no security impact
CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to
14.5.4, 14.6 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0135 (An out-of-bounds write issue was found in the VirGL virtual
OpenGL ren ...)
{DLA-3232-1}
- virglrenderer 0.10.0-1 (bug #1009073)
@@ -109805,11 +109805,11 @@ CVE-2022-0127
CVE-2022-0126
RESERVED
CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to
14.4.5 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0123 (An issue has been discovered affecting GitLab versions prior to
14.4.5 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher
allows w ...)
NOT-FOR-US: Rancher
CVE-2022-22677 (A logic issue in the handling of concurrent media was
addressed with i ...)
@@ -110288,13 +110288,13 @@ CVE-2022-0095
CVE-2022-0094
REJECTED
CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to
14.4.5 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0092
RESERVED
CVE-2022-0091
RESERVED
CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to
14.4.5 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0089
RESERVED
CVE-2022-0088 (Cross-Site Request Forgery (CSRF) in GitHub repository
yourls/yourls p ...)
@@ -111515,7 +111515,7 @@ CVE-2021-4192 (vim is vulnerable to Use After Free)
NOTE: Crash in CLI tool, no security impact
CVE-2021-4191 (An issue has been discovered in GitLab CE/EE affecting versions
13.0 t ...)
[experimental] - gitlab 14.6.5+ds1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have
sufficient pro ...)
NOT-FOR-US: Netgear
@@ -132692,41 +132692,41 @@ CVE-2021-39948
CVE-2021-39947 (In specific circumstances, trace file buffers in GitLab Runner
version ...)
- gitlab-ci-multi-runner 14.10.1-1 (bug #1016138)
CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions
14.3 to ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39943 (An authorization logic error in the External Status Check API
in GitLa ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting
all versio ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE
versions 12.0 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab
Runner af ...)
- gitlab-ci-multi-runner <not-affected> (Vulnerable code introduced
later)
NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630
NOTE:
https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/
CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since
version ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39937 (A collision in access memoization logic in all versions of
GitLab CE/E ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39936 (Improper access control in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39935 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39934 (Improper access control allows any project member to retrieve
the serv ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39933 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39932 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and
14.3.6, b ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in
Wireshark 3.4 ...)
{DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
@@ -132740,7 +132740,7 @@ CVE-2021-39928 (NULL pointer exception in the IEEE
802.11 dissector in Wireshark
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html
CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE
versions betwe ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in
Wireshark 3.4.0 ...)
{DSA-5019-1}
- wireshark 3.6.0-1
@@ -132786,75 +132786,75 @@ CVE-2021-39920 (NULL pointer exception in the
IPPUSB dissector in Wireshark 3.4.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html
CVE-2021-39919 (In all versions of GitLab CE/EE starting version 14.0 before
14.3.6, a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39918 (Incorrect Authorization in GitLab EE affecting all versions
starting f ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39917 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39916 (Lack of an access control check in the External Status Check
feature a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39915 (Improper access control in the GraphQL API in GitLab CE/EE
affecting a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39914 (A regular expression denial of service issue in GitLab
versions 8.13 t ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39913 (Accidental logging of system root password in the migration
log in all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39911 (An improper access control flaw in all versions of GitLab
CE/EE starti ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS
feature ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-39908 (In all versions of GitLab CE/EE starting from 0.8.0 before
14.2.6, all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version
13.5 and ab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE
API since ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in
all ver ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a
privileged user, ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a
user wi ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin
of a gro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with
10.8 all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical
access to a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project
export l ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above
allowed ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an
admin uses ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker
can set ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS
rebinding vul ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab
starting with v ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower
privileged ...)
[experimental] - gitlab 14.6.4+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440
CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access
tokens creat ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some
specific ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an
insecure di ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39888 (In all versions of GitLab EE starting from 13.10 before
14.1.7, all ve ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab
Flavored Mar ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39886 (Permissions rules were not applied while issues were moved
between pro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39885 (A Stored XSS in merge request creation page in all versions of
Gitlab ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint
discloses ...)
@@ -132862,43 +132862,43 @@ CVE-2021-39884 (In all versions of GitLab EE since
version 8.13, an endpoint dis
CVE-2021-39883 (Improper authorization checks in all versions of GitLab EE
starting fr ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous
users c ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the
application may ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server
Ruby gem ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
- ruby-apollo-upload-server 2.1.0-1
[bullseye] - ruby-apollo-upload-server <no-dsa> (Minor issue)
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/330561
NOTE:
https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486
CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since
version 7 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the
Jira inte ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version
12.2 th ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39876 (In all versions of GitLab CE/EE since version 11.3, the
endpoint for a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is
possible to ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the
requirement to ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content
spoofing vulne ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an
improper access ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an
instance that h ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an
instance that ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project
exports may ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an
authenticated l ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS
rebinding vu ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39866 (A business logic error in the project deletion process in
GitLab 13.6 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020
Release ...)
NOT-FOR-US: Adobe
CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and
earlier) an ...)
@@ -177227,27 +177227,27 @@ CVE-2021-22266
CVE-2021-22265
RESERVED
CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22262 (Missing access control in all GitLab versions starting from
13.12 befo ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira
integration in ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22260 (A stored Cross-Site Scripting vulnerability in the DataDog
integration ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE
starting wit ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater
could be u ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22257 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22256 (Improper authorization in GitLab CE/EE affecting all versions
since 12 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22255 (SSRF in URL file upload in Baserow <1.1.0 allows remote
authenticated ...)
NOT-FOR-US: Baserow
CVE-2021-22254 (Under very specific conditions a user could be impersonated
using Gitl ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22253 (Improper authorization in GitLab EE affecting all versions
since 13.4 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE
affecting all ...)
@@ -177255,37 +177255,37 @@ CVE-2021-22252 (A confusion between tag and branch
names in GitLab CE/EE affecti
CVE-2021-22251 (Improper validation of invited users' email address in GitLab
EE affec ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions
since 13 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions
since 12.2 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22248 (Improper authorization on the pipelines page in GitLab CE/EE
affecting ...)
- gitlab <not-affected> (Vulnerable code intrododuced later)
CVE-2021-22247 (Improper authorization in GitLab CE/EE affecting all versions
since 13 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22246 (A vulnerability was discovered in GitLab versions before
14.0.2, 13.12 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22245 (Improper validation of commit author in GitLab CE/EE affecting
all ver ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22244 (Improper authorization in the vulnerability report feature in
GitLab E ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22243 (Under specialized conditions, GitLab CE/EE versions starting
7.10 may ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22242 (Insufficient input sanitization in Mermaid markdown in GitLab
CE/EE ve ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6,
13.12.6, and 14 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22239 (An unauthorized user was able to insert metadata when creating
new iss ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22238 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22237 (Under specialized conditions, GitLab may allow a user with an
imperson ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22236 (Due to improper handling of OAuth client IDs, new
subscriptions genera ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0
to 3.2.14 ...)
{DSA-5019-1 DLA-2849-1}
@@ -177296,29 +177296,29 @@ CVE-2021-22235 (Crash in DNP dissector in Wireshark
3.4.0 to 3.4.6 and 3.2.0 to
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462
NOTE: Regression fix:
https://gitlab.com/wireshark/wireshark/-/merge_requests/3616
CVE-2021-22234 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions
13.10 an ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22232 (HTML injection was possible via the full name field before
versions 13 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22231 (A denial of service in user's profile page is found starting
with GitL ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22230 (Improper code rendering while rendering merge requests could
be exploi ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before
versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22226 (Under certain conditions, some users were able to push to
protected br ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version
13.11 an ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API
in GitLa ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab
CE/EE s ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to
3.4.5 allow ...)
{DSA-5019-1}
[experimental] - wireshark 3.4.6-1~exp1
@@ -177329,36 +177329,36 @@ CVE-2021-22222 (Infinite loop in DVB-S2-BB
dissector in Wireshark 3.4.0 to 3.4.5
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html
NOTE: Caused by
https://gitlab.com/wireshark/wireshark/-/commit/4bf4ee88f0544727e7f89f3f288c6afd2f650a4c
CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22219 (All versions of GitLab CE/EE starting from 9.5 before 13.10.5,
all ver ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22218 (All versions of GitLab CE/EE starting from 12.8 before
13.10.5, all ve ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab
CE/EE befo ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22216 (A denial of service vulnerability in all versions of GitLab
CE/EE befo ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions
13.11 an ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22214 (When requests to the internal network for webhooks are
enabled, a serv ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all
versions of G ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec
1.2.0 all ...)
- ntpsec 1.2.0+dfsg1-4 (bug #989847)
[buster] - ntpsec <not-affected> (Only affects 1.2.0)
NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699
NOTE:
https://gitlab.com/NTPsec/ntpsec/-/commit/b09be47d650280cc7ebdcd45dfa07eca4b9a52f8
CVE-2021-22211 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22210 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22208 (An issue has been discovered in GitLab affecting versions
starting wit ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark
3.4.0 to ...)
{DSA-5019-1 DLA-2849-1}
[experimental] - wireshark 3.4.6-1~exp1
@@ -177368,9 +177368,9 @@ CVE-2021-22207 (Excessive memory consumption in
MS-WSP dissector in Wireshark 3.
NOTE:
https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html
CVE-2021-22206 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22205 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22204 (Improper neutralization of user data in the DjVu file format
in ExifTo ...)
{DSA-4910-1 DLA-2663-1}
- libimage-exiftool-perl 12.16+dfsg-2 (bug #987505)
@@ -177378,29 +177378,29 @@ CVE-2021-22204 (Improper neutralization of user
data in the DjVu file format in
NOTE:
https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
NOTE:
https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html
CVE-2021-22203 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22202 (An issue has been discovered in GitLab CE/EE affecting all
previous ve ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22201 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22200 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22199 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22198 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22197 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0
and earl ...)
NOT-FOR-US: gitlab-vscode-extension
CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being
stored i ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to
3.2.11 ...)
{DLA-2967-1}
- wireshark 3.4.4-1
@@ -177408,44 +177408,44 @@ CVE-2021-22191 (Improper URL handling in Wireshark
3.4.0 to 3.4.3 and 3.2.0 to 3
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232
CVE-2021-22190 (A path traversal vulnerability via the GitLab Workhorse in all
version ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were
affected by ...)
[experimental] - gitlab 13.6.7-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions
starting ...)
[experimental] - gitlab 13.6.7-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions
of Gitla ...)
- gitlab 13.2.3-2
CVE-2021-22186 (An authorization issue in GitLab CE/EE version 9.4 and up
allowed a gr ...)
[experimental] - gitlab 13.7.8+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version
13.8 and up ...)
- gitlab <not-affected> (Only affects 13.8)
NOTE:
https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
CVE-2021-22184 (An information disclosure issue in GitLab starting from
version 12.8 a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions
starting ...)
[experimental] - gitlab 13.6.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions
starting ...)
[experimental] - gitlab 13.7.7-1
- gitlab <not-affected> (Affected version never uploaded to unstable)
CVE-2021-22181 (A denial of service vulnerability in GitLab CE/EE affecting
all versio ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2.
GitLab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE
version 1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22175 (When requests to the internal network for webhooks are
enabled, a serv ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows
denial o ...)
- wireshark 3.4.3-1 (bug #981791)
[buster] - wireshark <not-affected> (Affected code not present)
@@ -177460,22 +177460,22 @@ CVE-2021-22173 (Memory leak in USB HID dissector in
Wireshark 3.4.0 to 3.4.2 all
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124
CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in
a privat ...)
[experimental] - gitlab 13.6.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab
Pages f ...)
[experimental] - gitlab 13.6.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+
allows ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which
leaked intern ...)
- gitlab <not-affected> (Specific to EE)
NOTE:
https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
CVE-2021-22168 (A regular expression denial of service issue has been
discovered in Nu ...)
[experimental] - gitlab 13.6.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions
starting ...)
[experimental] - gitlab 13.6.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22166 (An attacker could cause a Prometheus denial of service in
GitLab 13.7+ ...)
- gitlab <not-affected> (Only affects Gitlab 13.7.x)
NOTE:
https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
@@ -199075,7 +199075,7 @@ CVE-2020-26415 (Information about the starred
projects for private user profiles
- gitlab 13.4.7-1
CVE-2020-26414 (An issue has been discovered in GitLab affecting all versions
starting ...)
[experimental] - gitlab 13.5.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE:
https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
CVE-2020-26413 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 13.4.7-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bce75cd6c709cb70cc014e603d4075c205d6e32
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bce75cd6c709cb70cc014e603d4075c205d6e32
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
