Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
248eb37d by Moritz Muehlenhoff at 2025-04-03T12:33:50+02:00
gitlab fixes in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28651,7 +28651,7 @@ CVE-2025-0283 (A stack-based buffer overflow in Ivanti
Connect Secure before ver
CVE-2025-0282 (A stack-based buffer overflow in Ivanti Connect Secure before
version ...)
NOT-FOR-US: Ivanti
CVE-2024-6324 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-2
CVE-2024-5610
REJECTED
CVE-2024-54010 (A vulnerability in the firewall component of HPE Aruba
Networking CX 1 ...)
@@ -50438,9 +50438,9 @@ CVE-2024-8959 (The WP Adminify \u2013 Custom WordPress
Dashboard, Login and Admi
CVE-2024-8717 (The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer \u2013
DearFlip p ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8312 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-2
CVE-2024-6826 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-2
CVE-2024-5608 (Zohocorp ManageEngine ADAudit Plus versions below 8121 are
vulnerable ...)
NOT-FOR-US: Zoho
CVE-2024-49703 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -55174,7 +55174,7 @@ CVE-2024-9201 (The SEUR plugin, in its versions prior
to 2.5.11, is vulnerable t
CVE-2024-8977 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-6530 (A cross-site scripting issue has been discovered in GitLab
affecting a ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6157 (An attacker who successfully exploited these vulnerabilities
could cau ...)
NOT-FOR-US: ABB
CVE-2024-4658 (SQL Injection: Hibernate vulnerability in TE Informatics Nova
CMS allo ...)
@@ -60235,7 +60235,7 @@ CVE-2024-8043 (The Vikinghammer Tweet WordPress plugin
through 0.2.4 does not ha
CVE-2024-7387 (A flaw was found in openshift/builder. This vulnerability
allows comma ...)
NOT-FOR-US: OpenShift
CVE-2024-6685 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-5170 (The Logo Manager For Enamad WordPress plugin through 0.7.1 does
not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4283 (An issue has been discovered in GitLab EE affecting all
versions start ...)
@@ -61181,15 +61181,15 @@ CVE-2024-6701 (Pega Platform versions 8.1 to Infinity
24.1.2 are affected by an
CVE-2024-6700 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by
an XSS i ...)
NOT-FOR-US: Pega Platform
CVE-2024-6678 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6658 (Improper Input Validation vulnerability of Authenticated User
in Progr ...)
NOT-FOR-US: Progress LoadMaster
CVE-2024-6510 (Local Privilege Escalation in AVG Internet Security v24 on
Windows all ...)
NOT-FOR-US: AVG Internet Security
CVE-2024-6446 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6389 (An issue was discovered in GitLab-CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6077 (A denial-of-service vulnerability exists in the Rockwell
Automation af ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-6019 (The Music Request Manager WordPress plugin through 1.3 does not
saniti ...)
@@ -65323,7 +65323,7 @@ CVE-2024-7110 (An issue was discovered in GitLab EE
affecting all versions start
CVE-2024-6870 (The Responsive Lightbox & Gallery plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6502 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-45201 (An issue was discovered in llama_index before 0.10.38.
download/integr ...)
NOT-FOR-US: llama_index
CVE-2024-45193 (An issue was discovered in Matrix libolm through 3.2.16. There
is Ed25 ...)
@@ -69255,7 +69255,7 @@ CVE-2024-7123
CVE-2024-7121
REJECTED
CVE-2024-6329 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/468937
NOTE: https://hackerone.com/reports/2542483
CVE-2024-5423 (Multiple Denial of Service (DoS) conditions has been discovered
in Git ...)
@@ -76500,20 +76500,20 @@ CVE-2016-15039 (A vulnerability classified as
critical was found in mhuertos php
NOTE:
https://github.com/leenooks/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036
(1.2.4)
CVE-2024-5528 (An issue was discovered in GitLab CE/EE affecting all versions
prior t ...)
[experimental] - gitlab 16.11.6-1
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-2880 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
[experimental] - gitlab 16.11.6-1
- gitlab 17.3.5-2
CVE-2024-6595 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
[experimental] - gitlab 16.11.6-1
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-5470 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2024-5257 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2024-6385 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
[experimental] - gitlab 16.11.6-1
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6649 (A vulnerability has been found in SourceCodester Employee and
Visitor ...)
NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-6647 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
critical ...)
@@ -79654,7 +79654,7 @@ CVE-2024-6283 (The DethemeKit For Elementor plugin for
WordPress is vulnerable t
CVE-2024-6054 (The Auto Featured Image plugin for WordPress is vulnerable to
arbitrar ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5655 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-5601 (The Create by Mediavine plugin for WordPress is vulnerable to
Stored C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5430 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
@@ -83515,7 +83515,7 @@ CVE-2023-35859 (A Reflected Cross-Site Scripting (XSS)
vulnerability in the blog
CVE-2023-35858 (XPath Injection vulnerabilities in the blog and RSS functions
of Moder ...)
NOT-FOR-US: Modern Campus Omni CMS
CVE-2024-5469 (DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0
prior t ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-5787 (The PowerPack Addons for Elementor (Free Widgets, Extensions
and Templ ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5757 (The Elementor Header & Footer Builder plugin for WordPress is
vulnerab ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/248eb37d932d4c190a2ff5a1885d1ce5b21b7302
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/248eb37d932d4c190a2ff5a1885d1ce5b21b7302
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
