[Git][security-tracker-team/security-tracker][master] 334 gitlab CVEs fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 12 09:58:36 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1bce75cd by Moritz Muehlenhoff at 2023-06-12T10:58:05+02:00
334 gitlab CVEs fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -258,7 +258,7 @@ CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0 has a System account w
CVE-2023-2530 (A privilege escalation allowing remote code execution was discovered i ...)
- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-4380 (The Pinterest Automatic plugin for WordPress is vulnerable to authoriz ...)
NOT-FOR-US: Pinterest Automatic plugin for WordPress
CVE-2021-4379 (The WooCommerce Multi Currency plugin for WordPress is vulnerable to a ...)
@@ -660,7 +660,7 @@ CVE-2013-10029 (A vulnerability classified as problematic was found in Exit Box
CVE-2023-2589 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate in fs/ ...)
- linux 5.19.6-1
NOTE: https://git.kernel.org/linus/85f02d6c856b9f3a0acf5219de6e32f58b9778eb (6.0-rc2)
@@ -3214,7 +3214,7 @@ CVE-2023-31404 (Under certain conditions,SAP BusinessObjects Business Intelligen
CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer prior to 1 ...)
NOT-FOR-US: answerdev/answer
CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.)
NOT-FOR-US: jsreport
CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS which can ...)
@@ -4650,9 +4650,9 @@ CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL Injecti
CVE-2023-2200
RESERVED
CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-30912
RESERVED
CVE-2023-30911
@@ -4791,7 +4791,7 @@ CVE-2023-2183 (Grafana is an open-source platform for monitoring and observabili
CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin through ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin through ...)
@@ -5096,7 +5096,7 @@ CVE-2023-2133 (Out of bounds memory access in Service Worker API in Google Chrom
- chromium 112.0.5615.138-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2132 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS co ...)
NOT-FOR-US: INEA ME RTU firmware
CVE-2023-2130 (A vulnerability classified as critical has been found in SourceCodeste ...)
@@ -5732,7 +5732,7 @@ CVE-2023-2071
CVE-2023-2070
RESERVED
CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2068
RESERVED
CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...)
@@ -5846,11 +5846,11 @@ CVE-2023-2017 (Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0
CVE-2023-2016
RESERVED
CVE-2023-2015 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2014 (Cross-site Scripting (XSS) - Generic in GitHub repository microweber/m ...)
NOT-FOR-US: microweber
CVE-2023-2013 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2012
RESERVED
CVE-2022-48468 (protobuf-c before 1.4.1 has an unsigned integer overflow in parse_requ ...)
@@ -6047,7 +6047,7 @@ CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due t
NOTE: Fixed by: https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2000@pku.edu.cn/
NOTE: Hardening: https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2000@pku.edu.cn/
CVE-2023-2001 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server redirecti ...)
NOT-FOR-US: Mattermost Desktop App
CVE-2023-1999
@@ -9396,7 +9396,7 @@ CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in drive
CVE-2023-1837 (Missing Authentication for critical function vulnerability in HYPR Ser ...)
NOT-FOR-US: HYPR
CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not p ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives, manufactu ...)
@@ -9698,7 +9698,7 @@ CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefl
CVE-2023-1788 (Insufficient Session Expiration in GitHub repository firefly-iii/firef ...)
NOT-FOR-US: firefly-iii
CVE-2023-1787 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1786 (Sensitive data could be exposed in logs of cloud-init before version 2 ...)
- cloud-init <unfixed> (bug #1035023)
[bookworm] - cloud-init <no-dsa> (Minor issue)
@@ -10060,7 +10060,7 @@ CVE-2023-1735 (A vulnerability classified as critical was found in SourceCodeste
CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System
CVE-2023-1733 (A denial of service condition exists in the Prometheus server bundled ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1732 (When sampling randomness for a shared secret, the implementation of Ky ...)
NOT-FOR-US: Cloudflare CIRCL
CVE-2023-1731 (In Meinbergs LTOS versions prior to V7.06.013, the configuration file ...)
@@ -10133,7 +10133,7 @@ CVE-2023-29023 (A cross site scripting vulnerability was discovered in Rockwell
CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1709 (The APDFL.dll contains a memory corruption vulnerability while parsing ...)
NOT-FOR-US: Siemens
CVE-2023-29021
@@ -10287,7 +10287,7 @@ CVE-2023-28960 (An Incorrect Permission Assignment for Critical Resource vulnera
CVE-2023-28959 (An Improper Check or Handling of Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions from 1. ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1707
RESERVED
CVE-2023-1706
@@ -12465,7 +12465,7 @@ CVE-2023-1419
CVE-2023-1418 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System
CVE-2023-1417 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1416 (A vulnerability classified as critical has been found in Simple Art Ga ...)
NOT-FOR-US: Simple Art Gallery
CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been decla ...)
@@ -14102,7 +14102,7 @@ CVE-2023-22434
CVE-2023-1266
RESERVED
CVE-2023-1265 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.139 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815
@@ -14406,7 +14406,7 @@ CVE-2023-27850 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a fi
CVE-2023-1205 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cr ...)
NOT-FOR-US: NETGEAR
CVE-2023-1204 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of Hub Bu ...)
NOT-FOR-US: Devolutions
CVE-2023-1202 (Permission bypass when importing or synchronizing entriesin User vault ...)
@@ -14998,7 +14998,7 @@ CVE-2023-27606
CVE-2023-27605
RESERVED
CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-27604
RESERVED
CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn materia ...)
@@ -15929,7 +15929,7 @@ CVE-2023-23554 (Uncontrolled search path element vulnerability exists in pg_ivm
CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions prior t ...)
NOT-FOR-US: pg_ivm
CVE-2023-1098 (An information disclosure vulnerability has been discovered in GitLab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are v ...)
NOT-FOR-US: Baicells EG7035-M11 devices
CVE-2023-1096 (SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susc ...)
@@ -15960,7 +15960,7 @@ CVE-2023-1086 (The Preview Link Generator WordPress plugin before 1.0.4 does not
CVE-2023-1085
RESERVED
CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1083
RESERVED
CVE-2023-1082
@@ -16099,9 +16099,9 @@ CVE-2023-1073 (A memory corruption flaw was found in the Linux kernel\u2019s hum
NOTE: https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/3
CVE-2023-1072 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1071 (An issue has been discovered in GitLab affecting all versions from 15. ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilsteampas ...)
- teampass <itp> (bug #730180)
CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPre ...)
@@ -19041,7 +19041,7 @@ CVE-2023-0922 (The Samba AD DC administration tool, when operating against a rem
- samba 2:4.17.7+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html
CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all versions fro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-48330
RESERVED
CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user ...)
@@ -19975,7 +19975,7 @@ CVE-2023-0840 (A vulnerability classified as problematic was found in PHPCrazy 1
CVE-2023-0839 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...)
NOT-FOR-US: ProMIS Process Co. InSCADA
CVE-2023-0838 (An issue has been discovered in GitLab affecting versions starting fro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0837
RESERVED
CVE-2023-25780 (It is identified a vulnerability of insufficient authentication in an ...)
@@ -20739,7 +20739,7 @@ CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior
CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...)
NOT-FOR-US: Delta Electronics
CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...)
NOT-FOR-US: PTC
CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wraparo ...)
@@ -23676,7 +23676,7 @@ CVE-2023-0525
CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...)
NOT-FOR-US: Tenable
CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0522 (The Enable/Disable Auto Login when Register WordPress plugin through 1 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0521
@@ -23686,7 +23686,7 @@ CVE-2023-0520 (The RapidExpCart WordPress plugin through 1.0 does not sanitize a
CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modob ...)
NOT-FOR-US: Modoboa
CVE-2023-0518 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2020-36659 (In Apache::Session::Browseable before 1.3.6, validity of the X.509 cer ...)
{DLA-3285-1}
- libapache-session-browseable-perl 1.3.7-1
@@ -23893,7 +23893,7 @@ CVE-2023-22845 (An out-of-bounds read vulnerability exists in the TGAInput::deco
CVE-2023-0509 (Improper Certificate Validation in GitHub repository pyload/pyload pri ...)
- pyload <itp> (bug #1001980)
CVE-2023-0508 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with access to t ...)
- uptimed <not-affected> (Gentoo-specific)
CVE-2018-25078 (man-db before 2.8.5 on Gentoo allows local users (with access to the m ...)
@@ -24021,11 +24021,11 @@ CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not pro
CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...)
NOT-FOR-US: VitalPBX
CVE-2023-0485 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Block ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...)
- resteasy <unfixed> (bug #1031728)
- resteasy3.0 <unfixed> (bug #1031729)
@@ -24405,7 +24405,7 @@ CVE-2023-0452 (All versions of Econolite EOS traffic control software are vulner
CVE-2023-0451 (All versions of Econolite EOS traffic control software are vulnerable ...)
NOT-FOR-US: Econolite EOS traffic control software
CVE-2023-0450 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0449
REJECTED
CVE-2023-0448 (The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GE ...)
@@ -26572,7 +26572,7 @@ CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3
CVE-2023-0320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: UBYS
CVE-2023-0319 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0318
RESERVED
CVE-2023-0317 (Unprotected Alternate Channel vulnerability in debug console of GateM ...)
@@ -27409,7 +27409,7 @@ CVE-2023-0225 (A flaw was found in Samba. An incomplete access check on dnsHostN
CVE-2023-0224
RESERVED
CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4886
RESERVED
CVE-2022-48255 (There is a system command injection vulnerability in BiSheng-WNM FW 3. ...)
@@ -28813,7 +28813,7 @@ CVE-2023-0157 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does
CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0155 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does no ...)
@@ -29046,7 +29046,7 @@ CVE-2023-22459
CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel NVMe func ...)
- linux <not-affected> (Vulnerable code not present in any released Debian version)
CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE affecting all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0120
RESERVED
CVE-2023-0119
@@ -30064,7 +30064,7 @@ CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4 (v9.0.1144)
NOTE: Crash in CLI tool, no security impact
CVE-2023-0050 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.)
- vim 2:9.0.1378-1 (unimportant)
NOTE: https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9
@@ -30145,7 +30145,7 @@ CVE-2023-22587
CVE-2023-0043 (The Custom Add User WordPress plugin through 2.0.2 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2023-0041 (IBM Security Guardium 11.5 could allow a user to take over another use ...)
NOT-FOR-US: IBM
CVE-2023-22586 (The Danfoss AK-EM100 web applications allow for Local File Inclusion i ...)
@@ -34915,7 +34915,7 @@ CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not val
CVE-2022-4463
REJECTED
CVE-2022-4462 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4461
RESERVED
CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does no ...)
@@ -36443,7 +36443,7 @@ CVE-2022-4379 (A use-after-free vulnerability was found in __nfs42_ssc_open() in
CVE-2022-4377 (A vulnerability was found in S-CMS 5.0 Build 20220328. It has been dec ...)
NOT-FOR-US: S-CMS
CVE-2022-4376 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem ...)
{DLA-3245-1 DLA-3244-1}
- linux 6.0.12-1
@@ -36562,7 +36562,7 @@ CVE-2022-46793 (Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io P
CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
NOT-FOR-US: daloRADIUS
CVE-2022-4365 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4364 (A vulnerability classified as critical has been found in Teledyne FLIR ...)
NOT-FOR-US: Teledyne
CVE-2022-4363
@@ -36656,7 +36656,7 @@ CVE-2022-4346 (The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leak
CVE-2022-4343
RESERVED
CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4341 (A vulnerability has been found in csliuwy coder-chain_gdut and classif ...)
NOT-FOR-US: csliuwy coder-chain_gdut
CVE-2022-46768 (Arbitrary file read vulnerability exists in Zabbix Web Service Report ...)
@@ -37624,7 +37624,7 @@ CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained a
CVE-2022-4290
RESERVED
CVE-2022-4289 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4288
RESERVED
CVE-2022-4287 (Authentication bypass in local application lock feature in Devolutions ...)
@@ -38264,9 +38264,9 @@ CVE-2022-46281
CVE-2022-4207 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...)
NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress
CVE-2022-4206 (A sensitive information leak issue has been discovered in all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4205 (In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4204
RESERVED
CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verificati ...)
@@ -38368,7 +38368,7 @@ CVE-2022-42885
CVE-2022-42489
RESERVED
CVE-2022-4201 (A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4199 (The Link Library WordPress plugin before 7.4.1 does not sanitise and e ...)
@@ -39420,7 +39420,7 @@ CVE-2022-43662 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in
CVE-2022-41802 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...)
NOT-FOR-US: OpenHarmony
CVE-2022-4138 (A Cross Site Request Forgery issue has been discovered in GitLab CE/EE ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4137
RESERVED
NOT-FOR-US: Keycloak
@@ -39598,7 +39598,7 @@ CVE-2022-45802 (Streampark allows any users to upload a jar as application, but
CVE-2022-45801 (Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. ...)
NOT-FOR-US: Apache StreamPark
CVE-2022-4131 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4130 (A blind site-to-site request forgery vulnerability was found in Satell ...)
NOT-FOR-US: Red Hat Satellite server
CVE-2022-4129 (A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2T ...)
@@ -40491,7 +40491,7 @@ CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, i
NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58
CVE-2022-4054 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-45462 (Alarm instance management has command injection when there is a specif ...)
NOT-FOR-US: Apache DolphinScheduler
CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and related V ...)
@@ -40532,7 +40532,7 @@ CVE-2022-4039
CVE-2022-4038
RESERVED
CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-45459 (Sensitive information disclosure due to insecure registry permissions. ...)
NOT-FOR-US: Acronis
CVE-2022-45458 (Sensitive information disclosure and manipulation due to improper cert ...)
@@ -40624,7 +40624,7 @@ CVE-2022-4009 (In affected versions of Octopus Deploy it is possible for a user
CVE-2022-4008 (In affected versions of Octopus Deploy it is possible to upload a zipb ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all versions fro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-4006 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WBCE CMS
CVE-2022-4005 (The Donation Button WordPress plugin through 4.0.0 does not sanitize a ...)
@@ -42005,7 +42005,7 @@ CVE-2022-3903 (An incorrect read request flaw was found in the Infrared Transcei
- linux 5.19.11-1
[bullseye] - linux 5.10.148-1
CVE-2022-3902 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3901 (Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute ...)
NOT-FOR-US: Visioweb.js
CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not properly valid ...)
@@ -42677,7 +42677,7 @@ CVE-2022-41610 (Improper authorization in Intel(R) EMA Configuration Tool before
CVE-2022-3871
RESERVED
CVE-2022-3870 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-44783
RESERVED
CVE-2022-44782
@@ -44238,11 +44238,11 @@ CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_tim
NOTE: https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e (v252-rc1)
NOTE: https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7 (v251.3)
CVE-2022-3820 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3819 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3818 (An uncontrolled resource consumption issue when parsing URLs in GitLab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3817 (A vulnerability has been found in Axiomatic Bento4 and classified as p ...)
NOT-FOR-US: Bento4
CVE-2022-3816 (A vulnerability, which was classified as problematic, was found in Axi ...)
@@ -44498,7 +44498,7 @@ CVE-2022-3795
CVE-2022-3794 (The Jeg Elementor Kit plugin for WordPress is vulnerable to authorizat ...)
NOT-FOR-US: Jeg Elementor Kit plugin for WordPress
CVE-2022-3793 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3792 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: GullsEye
CVE-2022-3791
@@ -44791,7 +44791,7 @@ CVE-2022-3769 (The OWM Weather WordPress plugin before 5.6.9 does not properly s
CVE-2022-3768 (The WPSmartContracts WordPress plugin before 1.3.12 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3767 (Missing validation in DAST analyzer affecting all versions from 1.11.0 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...)
NOT-FOR-US: phpmyfaq
CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
@@ -44871,9 +44871,9 @@ CVE-2022-44419 (In modem, there is a possible missing verification of NAS Securi
CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Mia-Med
CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3758 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-44418
RESERVED
CVE-2022-44417
@@ -45824,7 +45824,7 @@ CVE-2022-3742
CVE-2022-3741 (Impact varies for each individual vulnerability in the application. Fo ...)
NOT-FOR-US: chatwoot
CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3739
RESERVED
CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to download ...)
@@ -47650,7 +47650,7 @@ CVE-2022-43946 (Multiple vulnerabilities including an incorrect permission assig
CVE-2022-3727
RESERVED
CVE-2022-3726 (Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3725 (Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allow ...)
- wireshark 4.0.0-1
[bullseye] - wireshark <not-affected> (Vulnerable code not present)
@@ -47735,7 +47735,7 @@ CVE-2022-3707 (A double-free memory flaw was found in the Linux kernel. The Inte
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137979
NOTE: https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/
CVE-2022-3706 (Improper authorization in GitLab CE/EE affecting all versions from 7.1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-43932 (Improper neutralization of special elements in output used by a downst ...)
NOT-FOR-US: Synology
CVE-2022-43931 (Out-of-bounds write vulnerability in Remote Desktop Functionality in S ...)
@@ -49047,7 +49047,7 @@ CVE-2022-3640 (A vulnerability, which was classified as critical, was found in L
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/0d0e2d032811280b927650ff3c15fe5020e82533
CVE-2022-3639 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3638
REJECTED
CVE-2022-3637 (A vulnerability has been found in Linux Kernel and classified as probl ...)
@@ -49146,7 +49146,7 @@ CVE-2022-3615
CVE-2022-3614 (In affected versions of Octopus Deploy users of certain browsers using ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-3613 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3612
RESERVED
CVE-2022-3611
@@ -49393,9 +49393,9 @@ CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8
CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate its fo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3573 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3572 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3571
RESERVED
CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff librar ...)
@@ -50638,9 +50638,9 @@ CVE-2022-3515 (A vulnerability was found in the Libksba library due to an intege
NOTE: https://dev.gnupg.org/T6230
NOTE: https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b
CVE-2022-3514 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3513 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to disconne ...)
NOT-FOR-US: Cloudflare
CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not ensure that ...)
@@ -50757,15 +50757,15 @@ CVE-2022-3488 (Processing of repeated responses to the same query, where both re
CVE-2022-3487
REJECTED
CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3485 (In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated rem ...)
NOT-FOR-US: IFM Moneo Appliance
CVE-2022-3484 (The WPB Show Core WordPress plugin does not sanitize and escape a para ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3482 (An improper access control issue in GitLab CE/EE affecting all version ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3480 (A remote, unauthenticated attacker could cause a denial-of-service of ...)
@@ -50813,7 +50813,7 @@ CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.
CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthe ...)
NOT-FOR-US: Array Networks
CVE-2022-3478 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...)
{DLA-3277-1}
- powerline-gitstatus 1.3.2-1
@@ -51967,11 +51967,11 @@ CVE-2022-3415 (The Chat Bubble WordPress plugin before 2.3 does not sanitise and
CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-3413 (Incorrect authorization during display of Audit Events in GitLab EE af ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3412
RESERVED
CVE-2022-3411 (A lack of length validation in GitLab CE/EE affecting all versions fro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3410
RESERVED
CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...)
@@ -53654,7 +53654,7 @@ CVE-2022-41617 (In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1
CVE-2022-36795 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-3381 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3380 (The Customizer Export/Import WordPress plugin before 0.9.5 unserialize ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not properl ...)
@@ -53666,7 +53666,7 @@ CVE-2022-3377 (Horner Automation's Cscape version 9.90 SP 6 and prior does not p
CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3375 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the content ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3373 (Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allo ...)
@@ -54430,7 +54430,7 @@ CVE-2022-3332 (A vulnerability classified as critical has been found in SourceCo
CVE-2022-3331 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Only affects EE)
CVE-2022-3330 (It was possible for a guest user to read a todo targeting an inaccessi ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3329
RESERVED
CVE-2022-30544 (Cross-Site Request Forgery (CSRF) in MiKa'sOSM \u2013 OpenStreetMap pl ...)
@@ -54502,7 +54502,7 @@ CVE-2022-3327 (Missing Authentication for Critical Function in GitHub repository
CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
{DLA-3182-1}
- vim 2:9.0.0626-1
@@ -55100,7 +55100,7 @@ CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub rep
CVE-2022-3289
RESERVED
CVE-2022-3288 (A branch/tag name confusion in GitLab CE/EE affecting all versions pri ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish plugin ...)
- fwupd 1.8.5-1
[bullseye] - fwupd <no-dsa> (Minor issue)
@@ -55109,11 +55109,11 @@ CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish pl
CVE-2022-3286 (Lack of IP address checking in GitLab EE affecting all versions from 1 ...)
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3285 (Bypass of healthcheck endpoint allow list affecting all versions from ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3284 (Download key for a file in a vault was passed in an insecure way that ...)
NOT-FOR-US: M-Files
CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41326 (The web conferencing component of Mitel MiCollab through 9.6.0.13 coul ...)
@@ -55145,9 +55145,9 @@ CVE-2022-41316 (HashiCorp Vault and Vault Enterprise\u2019s TLS certificate auth
CVE-2022-3281 (WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller ...)
NOT-FOR-US: WAGO
CVE-2022-3280 (An open redirect in GitLab CE/EE affecting all versions from 10.1 prio ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3279 (An unhandled exception in job log parsing in GitLab CE/EE affecting al ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.055 ...)
- vim 2:9.0.0626-1 (unimportant)
NOTE: https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612/
@@ -55234,7 +55234,7 @@ CVE-2022-40691 (An information disclosure vulnerability exists in the web applic
CVE-2022-40214
RESERVED
CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3264
RESERVED
CVE-2022-41310 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
@@ -60820,9 +60820,9 @@ CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When
NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=a583b6add407c17cdcd4146be3876061a5e1d555 (glibc-2.36)
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1
CVE-2022-3067 (An issue has been discovered in the Import functionality of GitLab CE/ ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3066 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive amount ...)
@@ -60895,7 +60895,7 @@ CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticate
CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injec ...)
NOT-FOR-US: PowerCMS
CVE-2022-3060 (Improper control of a resource identifier in Error Tracking in GitLab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3059 (The application was vulnerable to multiple instances of SQL injection ...)
NOT-FOR-US: Schoolbox
CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...)
@@ -61506,10 +61506,10 @@ CVE-2022-3032 (When receiving an HTML email that contained an <code>iframe</code
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3032
CVE-2022-3031 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-3030 (An improper access control issue in GitLab CE/EE affecting all version ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...)
- routinator <itp> (bug #929024)
CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...)
@@ -61569,7 +61569,7 @@ CVE-2022-38789 (An issue was discovered in Airties Smart Wi-Fi before 2020-08-04
CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00 ...)
NOT-FOR-US: Nokia
CVE-2022-3018 (An information disclosure vulnerability in GitLab CE/EE affecting all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...)
- froxlor <itp> (bug #581792)
CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0286.)
@@ -61751,7 +61751,7 @@ CVE-2022-2993 (There is an error in the condition of the last if-statement in th
NOT-FOR-US: zephyr-rtos
CVE-2022-2992 (A vulnerability in GitLab CE/EE affecting all versions from 11.10 prio ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's LightNVM ...)
- linux 5.15.3-1 (unimportant)
@@ -62143,7 +62143,7 @@ CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustl
NOT-FOR-US: Mobiledoc Kit
CVE-2022-2931 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...)
- octoprint <itp> (bug #718591)
@@ -62634,11 +62634,11 @@ CVE-2022-37333 (SQL injection vulnerability in the Exment ((PHP8) exceedone/exme
NOT-FOR-US: Exment
CVE-2022-2908 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2907 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2906 (An attacker can leverage this flaw to gradually erode available memory ...)
- bind9 1:9.18.7-1
@@ -62654,7 +62654,7 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1
CVE-2022-2904 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2902
@@ -62874,12 +62874,12 @@ CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a diagnostic
CVE-2022-38393 (A denial of service vulnerability exists in the cfg_server cm_processC ...)
NOT-FOR-US: Asus
CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
CVE-2022-2883 (In affected versions of Octopus Deploy it is possible to upload a zipb ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-2882 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2881 (The underlying bug might cause read past end of the buffer and either ...)
- bind9 1:9.18.7-1
[bullseye] - bind9 <ignored> (Flawed code present in 9.16 but masked by the way the httpd objects are reset between messages)
@@ -62983,7 +62983,7 @@ CVE-2022-2866 (FATEK FvDesigner version 1.5.103 and prior is vulnerable to an ou
NOT-FOR-US: FATEK FvDesigner
CVE-2022-2865 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2864 (The demon image annotation plugin for WordPress is vulnerable to Cross ...)
NOT-FOR-US: demon image annotation plugin for WordPress
@@ -63151,7 +63151,7 @@ CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal i
CVE-2022-2827 (AMI MegaRAC User Enumeration Vulnerability)
NOT-FOR-US: MegaRAC
CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...)
- airflow <itp> (bug #819700)
CVE-2022-38361
@@ -63712,7 +63712,7 @@ CVE-2022-2763 (The WP Socializer WordPress plugin before 7.3 does not sanitise a
CVE-2022-2762 (The AdminPad WordPress plugin before 2.2 does not have CSRF check when ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2761 (An information disclosure issue in GitLab CE/EE affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal the Sp ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-38169
@@ -65822,7 +65822,7 @@ CVE-2022-2631 (Improper Access Control in GitHub repository tooljet/tooljet prio
NOT-FOR-US: ToolJet
CVE-2022-2630 (An improper access control issue in GitLab CE/EE affecting all version ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2629 (The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
@@ -66583,7 +66583,7 @@ CVE-2022-37041 (An issue was discovered in ProxyServlet.java in the /proxy servl
NOT-FOR-US: Zimbra
CVE-2022-2592 (A lack of length validation in Snippet descriptions in GitLab CE/EE af ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2591 (A vulnerability classified as critical has been found in TEM FLEX-1085 ...)
NOT-FOR-US: TEM
@@ -67382,7 +67382,7 @@ CVE-2022-2541 (The uContext for Amazon plugin for WordPress is vulnerable to Cro
CVE-2022-2540 (The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Si ...)
NOT-FOR-US: Link Optimizer Lite plugin for WordPress
CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2538 (The WP Hide & Security Enhancer WordPress plugin before 1.8 does not e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [spip: XSS alowing priviledge escalation]
@@ -68064,10 +68064,10 @@ CVE-2022-2536 (The Transposh WordPress Translation plugin for WordPress is vulne
CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2533 (An issue has been discovered in GitLab affecting all versions starting ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2532 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
@@ -68101,7 +68101,7 @@ CVE-2022-36430
RESERVED
CVE-2022-2527 (An issue in Incident Timelines has been discovered in GitLab CE/EE aff ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buf ...)
{DSA-5228-1}
@@ -68310,7 +68310,7 @@ CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnera
CVE-2022-2513 (A vulnerability exists in the Intelligent Electronic Device (IED) Conn ...)
NOT-FOR-US: Hitachi
CVE-2022-2512 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" ...)
NOT-FOR-US: BlueSpice
CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" ...)
@@ -68417,13 +68417,13 @@ CVE-2022-29493 (Uncaught exception in webserver for the Integrated BMC in some I
CVE-2022-2501 (An improper access control issue in GitLab EE affecting all versions f ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2500 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2499 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2498 (An issue in pipeline subscriptions in GitLab EE affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2497 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2496
RESERVED
CVE-2020-36558 (A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX ...)
@@ -68697,7 +68697,7 @@ CVE-2022-2458 (XML external entity injection(XXE) is a vulnerability that allows
CVE-2022-2457 (A flaw was found in Red Hat Process Automation Manager 7 where an atta ...)
NOT-FOR-US: Red Hat Process Automation Manager
CVE-2022-2456 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-36275
RESERVED
CVE-2022-36274
@@ -69039,7 +69039,7 @@ CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11
NOT-FOR-US: HashiCorp Vault
CVE-2022-2455 (A business logic issue in the handling of large repositories in all ve ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-36128
RESERVED
@@ -69703,7 +69703,7 @@ CVE-2022-2429 (The Ultimate SMS Notifications for WooCommerce plugin for WordPre
NOT-FOR-US: Ultimate SMS Notifications for WooCommerce plugin for WordPress
CVE-2022-2428 (A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting ...)
[experimental] - gitlab 15.2.3+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2427
RESERVED
@@ -69726,7 +69726,7 @@ CVE-2022-2419 (A vulnerability was found in URVE Web Manager. It has been declar
CVE-2022-2418 (A vulnerability was found in URVE Web Manager. It has been classified ...)
NOT-FOR-US: URVE Web Manager
CVE-2022-2417 (Insufficient validation in GitLab CE/EE affecting all versions from 12 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2416
RESERVED
CVE-2022-2415 (Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 ...)
@@ -71375,7 +71375,7 @@ CVE-2022-2327 (io_uring use work_flags to determine which identity need to grab
[bullseye] - linux 5.10.127-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
CVE-2022-2326 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-35234 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
NOT-FOR-US: Trend Micro
CVE-2022-35233
@@ -72281,7 +72281,7 @@ CVE-2022-34918 (An issue was discovered in the Linux kernel through 5.18.9. A ty
NOTE: https://www.openwall.com/lists/oss-security/2022/07/02/3
NOTE: https://www.randorisec.fr/crack-linux-firewall/
CVE-2022-2307 (A lack of cascading deletes in GitLab CE/EE affecting all versions sta ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-34917 (A security vulnerability has been identified in Apache Kafka. It affec ...)
- kafka <itp> (bug #786460)
CVE-2022-34916 (Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote ...)
@@ -72297,7 +72297,7 @@ CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/
NOTE: https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 (v9.0.0035)
CVE-2022-2303 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2302 (Multiple Lenze products of the cabinet series skip the password verifi ...)
NOT-FOR-US: Lenze
CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.)
@@ -72606,7 +72606,7 @@ CVE-2022-2272 (This vulnerability allows remote attackers to bypass authenticati
CVE-2022-2271 (The WP Database Backup WordPress plugin before 5.9 does not escape som ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...)
@@ -72799,9 +72799,9 @@ CVE-2022-2253 (A user with administrative privileges in Distributed Data Systems
CVE-2022-2252 (Open Redirect in GitHub repository microweber/microweber prior to 1.2. ...)
NOT-FOR-US: microweber
CVE-2022-2251 (Improper sanitization of branch names in GitLab Runner affecting all v ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2250 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-46826
RESERVED
CVE-2021-46825 (Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to ...)
@@ -72884,9 +72884,9 @@ CVE-2022-34735 (The frame scheduling module has a null pointer dereference vulne
CVE-2022-2245 (The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check wh ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE affecting all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2242 (The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to i ...)
NOT-FOR-US: Kuka
CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does ...)
@@ -72945,13 +72945,13 @@ CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.
NOTE: https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8 (v8.2.5169)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2230 (A Stored Cross-Site Scripting vulnerability in the project settings pa ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2229 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2228 (Information exposure in GitLab EE affecting all versions from 12.0 pri ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE affecti ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2226 (An OpenPGP digital signature includes information about the date when ...)
{DSA-5175-1}
- thunderbird 1:91.11.0-1
@@ -74204,7 +74204,7 @@ CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=a
CVE-2022-32284 (Use of insufficiently random values vulnerability exists in Vnet/IP co ...)
NOT-FOR-US: YOKOGAWA
CVE-2022-2185 (A critical issue has been discovered in GitLab affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2184 (The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2183 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.)
@@ -75851,7 +75851,7 @@ CVE-2022-2097 (AES OCB mode for 32-bit x86 platforms using the AES-NI assembly o
CVE-2022-2096
RESERVED
CVE-2022-2095 (An improper access control check in GitLab CE/EE affecting all version ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-2094 (The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not sanitize an ...)
@@ -78942,7 +78942,7 @@ CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.)
NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063)
CVE-2022-1999 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1998 (A use after free in the Linux kernel File System notify functionality ...)
- linux 5.16.7-1
[bullseye] - linux 5.10.103-1
@@ -79895,7 +79895,7 @@ CVE-2022-32160
CVE-2022-32159 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...)
NOT-FOR-US: openlibrary
CVE-2022-1963 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-4233
RESERVED
CVE-2022-32158 (Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2. ...)
@@ -79988,7 +79988,7 @@ CVE-2022-1956 (The Shortcut Macros WordPress plugin through 1.3 does not have au
CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the victim's ...)
NOT-FOR-US: oxen-io/session-android
CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE/EE a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1952 (The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPres ...)
@@ -80747,7 +80747,7 @@ CVE-2022-1945 (The Coming Soon & Maintenance Mode by Colorlib WordPress plugin b
NOT-FOR-US: WordPress plugin
CVE-2022-1944 (When the feature is configured, improper authorization in the Interact ...)
[experimental] - gitlab 14.9.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file system ...)
- linux 5.17.11-1
@@ -80814,11 +80814,11 @@ CVE-2022-31797
RESERVED
CVE-2022-1936 (Incorrect authorization in GitLab EE affecting all versions from 12.0 ...)
[experimental] - gitlab 14.9.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1935 (Incorrect authorization in GitLab EE affecting all versions from 12.0 ...)
[experimental] - gitlab 14.9.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1934 (Use After Free in GitHub repository mruby/mruby prior to 3.2.)
- mruby <not-affected> (Vulnerable code introduced after 3.0)
@@ -82506,7 +82506,7 @@ CVE-2022-1822 (The Zephyr Project Manager plugin for WordPress is vulnerable to
NOT-FOR-US: Zephyr Project Manager plugin for WordPress
CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
[experimental] - gitlab 14.9.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1820 (The Keep Backup Daily plugin for WordPress is vulnerable to Reflected ...)
NOT-FOR-US: Keep Backup Daily plugin for WordPress
@@ -84664,7 +84664,7 @@ CVE-2022-30557 (Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confus
NOT-FOR-US: Foxit PDF Reader and PDF Editor
CVE-2022-1680 (An account takeover issue has been discovered in GitLab EE affecting a ...)
[experimental] - gitlab 14.9.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel\u2019s Atheros wir ...)
{DLA-3173-1 DLA-3131-1}
@@ -86417,7 +86417,7 @@ CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_r
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/32452a3eb8b64e01e2be717f518c0be046975b9d (5.18-rc5)
CVE-2022-1545 (It was possible to disclose details of confidential notes created via ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow i ...)
{DSA-5160-1 DLA-3055-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
@@ -86773,7 +86773,7 @@ CVE-2022-1512 (The ScrollReveal.js Effects WordPress plugin through 1.2 does not
CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it prior to 5 ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-1510 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a ...)
@@ -87154,7 +87154,7 @@ CVE-2022-1462 (An out-of-bounds read flaw was found in the Linux kernel\u2019s T
CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub reposito ...)
NOT-FOR-US: OpenEMR
CVE-2022-1460 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1459 (Non-Privilege User Can View Patient\u2019s Disclosures in GitHub repos ...)
NOT-FOR-US: OpenEMR
CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository openemr/ope ...)
@@ -87676,11 +87676,11 @@ CVE-2022-1434 (The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorre
NOTE: https://www.openssl.org/news/secadv/20220503.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b (openssl-3.0.3)
CVE-2022-1433 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/oc ...)
- octoprint <itp> (bug #718591)
CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octopr ...)
- octoprint <itp> (bug #718591)
CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...)
@@ -87742,13 +87742,13 @@ CVE-2022-29561
CVE-2022-29560 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
NOT-FOR-US: RUGGEDCOM
CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1424 (The Ask me WordPress theme before 6.8.2 does not perform CSRF checks f ...)
NOT-FOR-US: WordPress theme
CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab CE/EE a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF tokens in ...)
NOT-FOR-US: WordPress theme
CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX ac ...)
@@ -87863,16 +87863,16 @@ CVE-2022-29526 (Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privile
NOTE: Branch.go1.18 : https://github.com/golang/go/commit/c0599c5b781de023974519194df6b0c4ebb0adff (1.18.2)
NOTE: Introduced by: https://github.com/golang/go/commit/60f78765022a59725121d3b800268adffe78bde3 (go1.15rc1)
CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab CE/E ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1415
RESERVED
NOT-FOR-US: drools
CVE-2022-1414 (3scale API Management 2 does not perform adequate sanitation for user ...)
NOT-FOR-US: 3scale API Management
CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email in a pub ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...)
@@ -87908,7 +87908,7 @@ CVE-2022-26424
CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software maintain ...)
NOT-FOR-US: Intel
CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all versions from ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-29504
REJECTED
CVE-2022-29503 (A memory corruption vulnerability exists in the libpthread linuxthread ...)
@@ -88587,7 +88587,7 @@ CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/k
- linux 5.17.3-1
NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17)
CVE-2022-1352 (Due to an insecure direct object reference vulnerability in Gitlab EE/ ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10 ...)
NOT-FOR-US: pimcore
CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitra ...)
@@ -91396,7 +91396,7 @@ CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in d
CVE-2022-1194 (The Mobile Events Manager WordPress plugin before 1.4.8 does not prope ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46779 (Insufficient input validation in SVC_ECC_PRIMITIVE system call in a co ...)
@@ -91588,11 +91588,11 @@ CVE-2022-28224 (Clusters using Calico (version 3.22.1 and below), Calico Enterpr
CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...)
NOT-FOR-US: livehelperchat
CVE-2022-1190 (Improper handling of user input in GitLab CE/EE versions 8.3 prior to ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1189 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1187 (The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1186 (The WordPress plugin Be POPIA Compliant exposed sensitive information ...)
@@ -91606,7 +91606,7 @@ CVE-2022-28221 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerab
CVE-2022-28220 (Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffe ...)
NOT-FOR-US: Apache James
CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1184 (A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() i ...)
{DSA-5257-1 DLA-3173-1}
- linux 5.19.6-1
@@ -91634,9 +91634,9 @@ CVE-2022-1177 (Accounting User Can Download Patient Reports in openemr in GitHub
CVE-2022-1176 (Loose comparison causes IDOR on multiple endpoints in GitHub repositor ...)
NOT-FOR-US: livehelperchat
CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 14.4 be ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33.)
NOT-FOR-US: Grav CMS
CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...)
@@ -91869,7 +91869,7 @@ CVE-2022-28171 (The web module in some Hikvision Hybrid SAN/Cluster Storage prod
CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minew ...)
NOT-FOR-US: minewebcms
CVE-2022-1162 (A hardcoded password was set for accounts registered using an OmniAuth ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1161 (An attacker with the ability to modify a user program may change user ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository vim/vi ...)
@@ -91907,7 +91907,7 @@ CVE-2022-1158 (A flaw was found in KVM. When updating a guest's page table entry
NOTE: https://git.kernel.org/linus/2a8859f373b0a86f0ece8ec8312607eacf12485d (5.18-rc1)
NOTE: https://www.openwall.com/lists/oss-security/2022/04/08/4
CVE-2022-1157 (Missing sanitization of logged exception messages in all versions prio ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1156 (The Books & Papers WordPress plugin through 0.20210223 does not escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1155 (Old sessions are not blocked by the login enable function. in GitHub r ...)
@@ -92002,7 +92002,7 @@ CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header parsi
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE affe ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1147
RESERVED
CVE-2022-1146 (Inappropriate implementation in Resource Timing in Google Chrome prior ...)
@@ -92110,7 +92110,7 @@ CVE-2022-1125 (Use after free in Portals in Google Chrome prior to 100.0.4896.60
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1124 (An improper authorization issue has been discovered in GitLab CE/EE af ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1123 (The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., ...)
@@ -92131,9 +92131,9 @@ CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.
NOTE: https://github.com/uclouvain/openjpeg/issues/1368
NOTE: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
CVE-2022-1121 (A lack of appropriate timeouts in GitLab Pages included in GitLab CE/E ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting all ve ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to Arbitrary File ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1118 (Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbenc ...)
@@ -92163,7 +92163,7 @@ CVE-2022-1113 (The Flower Delivery by Florist One WordPress plugin through 3.7 d
CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2020-36520
RESERVED
CVE-2022-28125
@@ -92625,7 +92625,7 @@ CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby pr
NOTE: https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c
NOTE: Vulnerable code introduced in https://github.com/mruby/mruby/commit/b137eb2678cfba8d6ffcddff5326ebe8eb7f6a24 (3.1.0-rc)
CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE affecting all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1104 (The Popup Maker WordPress plugin before 1.16.5 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1103 (The Advanced Uploader WordPress plugin through 4.2 allows any authenti ...)
@@ -92719,9 +92719,9 @@ CVE-2022-1102 (A vulnerability classified as problematic has been found in Sourc
CVE-2022-1101 (A vulnerability was found in SourceCodester Royale Event Management Sy ...)
NOT-FOR-US: SourceCodester
CVE-2022-1100 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1099 (Adding a very large number of tags to a runner in GitLab CE/EE affecti ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-1098 (Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vu ...)
NOT-FOR-US: Delta Electronics DIAEnergie
CVE-2021-46742 (The multi-window module has a vulnerability of unauthorized insertion ...)
@@ -98618,7 +98618,7 @@ CVE-2022-0752 (Cross-site Scripting (XSS) - Generic in GitHub repository hestiac
NOT-FOR-US: Hestia Control Panel
CVE-2022-0751 (Inaccurate display of Snippet files containing special characters in a ...)
[experimental] - gitlab 14.6.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0750 (The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross ...)
NOT-FOR-US: WordPress plugin
@@ -98712,10 +98712,10 @@ CVE-2022-0742 (Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows
NOTE: https://www.openwall.com/lists/oss-security/2022/03/15/3
CVE-2022-0741 (Improper input validation in all versions of GitLab CE/EE using sendma ...)
[experimental] - gitlab 14.6.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0740 (Incorrect authorization in the Asana integration's branch restriction ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to properly sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0738 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -98727,7 +98727,7 @@ CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior
NOT-FOR-US: mlflow
CVE-2022-0735 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
[experimental] - gitlab 14.6.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2021-4223
RESERVED
@@ -102129,7 +102129,7 @@ CVE-2022-0550 (Improper Input Validation vulnerability in custom report logo upl
NOT-FOR-US: Nozomi Networks
CVE-2022-0549 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
[experimental] - gitlab 14.6.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0548
RESERVED
@@ -103038,10 +103038,10 @@ CVE-2022-0490
RESERVED
CVE-2022-0489 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
[experimental] - gitlab 14.6.5+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0488 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/23520
CVE-2022-24399 (The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST s ...)
NOT-FOR-US: SAP
@@ -103273,7 +103273,7 @@ CVE-2022-0479 (The Popup Builder WordPress plugin before 4.1.1 does not sanitise
CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...)
- radare2 <unfixed> (bug #1014478)
NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
@@ -103614,7 +103614,7 @@ CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin
CVE-2022-0428 (The Content Egg WordPress plugin before 5.3.0 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in all ve ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway integration in ...)
@@ -104323,7 +104323,7 @@ CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse
NOTE: Fixed by: https://github.com/python/cpython/commit/f4dac7ec55477a6c5d965e594e74bd6bda786903 (v3.7.11)
NOTE: Fixed by: https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667 (v3.6.14)
CVE-2022-0390 (Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin before ...)
@@ -104687,7 +104687,7 @@ CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe
CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0373 (Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior ...)
NOT-FOR-US: Crater
CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
@@ -104761,7 +104761,7 @@ CVE-2022-23949 (In Keylime before 6.3.0, unsanitized UUIDs can be passed by a ro
CVE-2022-23948 (A flaw was found in Keylime before 6.3.0. The logic in the Keylime age ...)
NOT-FOR-US: Keylime
CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/350476
CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
@@ -105054,7 +105054,7 @@ CVE-2022-0346 (The XML Sitemap Generator for Google WordPress plugin before 2.0.
CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/37015
CVE-2022-0343 (A local attacker, as a different local user, may be able to send a HTT ...)
NOT-FOR-US: Android
@@ -106742,7 +106742,7 @@ CVE-2022-0284 (A heap-based-buffer-over-read flaw was found in ImageMagick's Get
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7
CVE-2022-0283 (An issue has been discovered affecting GitLab versions prior to 13.5. ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/349422
CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11.)
NOT-FOR-US: microweber
@@ -107356,7 +107356,7 @@ CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
CVE-2022-0250 (The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version 12. Git ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...)
@@ -107386,7 +107386,7 @@ CVE-2022-0264 (A vulnerability was found in the Linux kernel's eBPF verifier whe
CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...)
NOT-FOR-US: livehelperchat
CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
NOT-FOR-US: Orchard CMS
CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...)
@@ -108786,7 +108786,7 @@ CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read)
NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5
NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c
CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0171 (A flaw was found in the Linux kernel. The existing KVM SEV API has a v ...)
{DSA-5257-1 DLA-3173-1}
- linux 5.18.2-1
@@ -108804,7 +108804,7 @@ CVE-2022-0168 (A denial of service (DOS) issue was found in the Linux kernel\u20
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037386
CVE-2022-0167 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to 5.7. ...)
NOT-FOR-US: McAfee
CVE-2022-0165 (The Page Builder KingComposer WordPress plugin through 2.9.6 does not ...)
@@ -109535,13 +109535,13 @@ CVE-2022-22734 (The Simple Quotation WordPress plugin through 1.3.2 does not hav
CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0153 (SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.)
NOT-FOR-US: forkcms
CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0150 (The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...)
@@ -109680,7 +109680,7 @@ CVE-2022-0137 (A heap buffer overflow in image_set_mask function of HTMLDOC befo
NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b (v1.9.15)
NOTE: Crash in CLI tool, no security impact
CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0135 (An out-of-bounds write issue was found in the VirGL virtual OpenGL ren ...)
{DLA-3232-1}
- virglrenderer 0.10.0-1 (bug #1009073)
@@ -109805,11 +109805,11 @@ CVE-2022-0127
CVE-2022-0126
RESERVED
CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0123 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher allows w ...)
NOT-FOR-US: Rancher
CVE-2022-22677 (A logic issue in the handling of concurrent media was addressed with i ...)
@@ -110288,13 +110288,13 @@ CVE-2022-0095
CVE-2022-0094
REJECTED
CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0092
RESERVED
CVE-2022-0091
RESERVED
CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2022-0089
RESERVED
CVE-2022-0088 (Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls p ...)
@@ -111515,7 +111515,7 @@ CVE-2021-4192 (vim is vulnerable to Use After Free)
NOTE: Crash in CLI tool, no security impact
CVE-2021-4191 (An issue has been discovered in GitLab CE/EE affecting versions 13.0 t ...)
[experimental] - gitlab 14.6.5+ds1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...)
NOT-FOR-US: Netgear
@@ -132692,41 +132692,41 @@ CVE-2021-39948
CVE-2021-39947 (In specific circumstances, trace file buffers in GitLab Runner version ...)
- gitlab-ci-multi-runner 14.10.1-1 (bug #1016138)
CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...)
- gitlab-ci-multi-runner <not-affected> (Vulnerable code introduced later)
NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630
NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/
CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39936 (Improper access control in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39935 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39934 (Improper access control allows any project member to retrieve the serv ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39933 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39932 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 14.3.6, b ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...)
{DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
@@ -132740,7 +132740,7 @@ CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html
CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...)
{DSA-5019-1}
- wireshark 3.6.0-1
@@ -132786,75 +132786,75 @@ CVE-2021-39920 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html
CVE-2021-39919 (In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39918 (Incorrect Authorization in GitLab EE affecting all versions starting f ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39917 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39916 (Lack of an access control check in the External Status Check feature a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39915 (Improper access control in the GraphQL API in GitLab CE/EE affecting a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39914 (A regular expression denial of service issue in GitLab versions 8.13 t ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39913 (Accidental logging of system root password in the migration log in all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39911 (An improper access control flaw in all versions of GitLab CE/EE starti ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-39908 (In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE API since ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in all ver ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a privileged user, ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user wi ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin of a gro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project export l ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above allowed ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker can set ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...)
[experimental] - gitlab 14.6.4+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440
CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39888 (In all versions of GitLab EE starting from 13.10 before 14.1.7, all ve ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavored Mar ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39885 (A Stored XSS in merge request creation page in all versions of Gitlab ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...)
@@ -132862,43 +132862,43 @@ CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint dis
CVE-2021-39883 (Improper authorization checks in all versions of GitLab EE starting fr ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
- ruby-apollo-upload-server 2.1.0-1
[bullseye] - ruby-apollo-upload-server <no-dsa> (Minor issue)
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/330561
NOTE: https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486
CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39876 (In all versions of GitLab CE/EE since version 11.3, the endpoint for a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an improper access ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an instance that ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project exports may ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vu ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39866 (A business logic error in the project deletion process in GitLab 13.6 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
NOT-FOR-US: Adobe
CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...)
@@ -177227,27 +177227,27 @@ CVE-2021-22266
CVE-2021-22265
RESERVED
CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22262 (Missing access control in all GitLab versions starting from 13.12 befo ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22260 (A stored Cross-Site Scripting vulnerability in the DataDog integration ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater could be u ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22257 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22256 (Improper authorization in GitLab CE/EE affecting all versions since 12 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22255 (SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated ...)
NOT-FOR-US: Baserow
CVE-2021-22254 (Under very specific conditions a user could be impersonated using Gitl ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22253 (Improper authorization in GitLab EE affecting all versions since 13.4 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecting all ...)
@@ -177255,37 +177255,37 @@ CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecti
CVE-2021-22251 (Improper validation of invited users' email address in GitLab EE affec ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions since 12.2 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22248 (Improper authorization on the pipelines page in GitLab CE/EE affecting ...)
- gitlab <not-affected> (Vulnerable code intrododuced later)
CVE-2021-22247 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22246 (A vulnerability was discovered in GitLab versions before 14.0.2, 13.12 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22245 (Improper validation of commit author in GitLab CE/EE affecting all ver ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22244 (Improper authorization in the vulnerability report feature in GitLab E ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22243 (Under specialized conditions, GitLab CE/EE versions starting 7.10 may ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22242 (Insufficient input sanitization in Mermaid markdown in GitLab CE/EE ve ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22239 (An unauthorized user was able to insert metadata when creating new iss ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22238 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22237 (Under specialized conditions, GitLab may allow a user with an imperson ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions genera ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...)
{DSA-5019-1 DLA-2849-1}
@@ -177296,29 +177296,29 @@ CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462
NOTE: Regression fix: https://gitlab.com/wireshark/wireshark/-/merge_requests/3616
CVE-2021-22234 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22231 (A denial of service in user's profile page is found starting with GitL ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22230 (Improper code rendering while rendering merge requests could be exploi ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before versions ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22226 (Under certain conditions, some users were able to push to protected br ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version 13.11 an ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API in GitLa ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab CE/EE s ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...)
{DSA-5019-1}
[experimental] - wireshark 3.4.6-1~exp1
@@ -177329,36 +177329,36 @@ CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html
NOTE: Caused by https://gitlab.com/wireshark/wireshark/-/commit/4bf4ee88f0544727e7f89f3f288c6afd2f650a4c
CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22219 (All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all ver ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22218 (All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all ve ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22216 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions 13.11 an ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22214 (When requests to the internal network for webhooks are enabled, a serv ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...)
- ntpsec 1.2.0+dfsg1-4 (bug #989847)
[buster] - ntpsec <not-affected> (Only affects 1.2.0)
NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699
NOTE: https://gitlab.com/NTPsec/ntpsec/-/commit/b09be47d650280cc7ebdcd45dfa07eca4b9a52f8
CVE-2021-22211 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22210 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...)
{DSA-5019-1 DLA-2849-1}
[experimental] - wireshark 3.4.6-1~exp1
@@ -177368,9 +177368,9 @@ CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html
CVE-2021-22206 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22205 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in ExifTo ...)
{DSA-4910-1 DLA-2663-1}
- libimage-exiftool-perl 12.16+dfsg-2 (bug #987505)
@@ -177378,29 +177378,29 @@ CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in
NOTE: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
NOTE: https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html
CVE-2021-22203 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22202 (An issue has been discovered in GitLab CE/EE affecting all previous ve ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22201 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22199 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22198 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22197 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...)
NOT-FOR-US: gitlab-vscode-extension
CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being stored i ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 ...)
{DLA-2967-1}
- wireshark 3.4.4-1
@@ -177408,44 +177408,44 @@ CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232
CVE-2021-22190 (A path traversal vulnerability via the GitLab Workhorse in all version ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by ...)
[experimental] - gitlab 13.6.7-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...)
[experimental] - gitlab 13.6.7-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...)
- gitlab 13.2.3-2
CVE-2021-22186 (An authorization issue in GitLab CE/EE version 9.4 and up allowed a gr ...)
[experimental] - gitlab 13.7.8+ds1-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8 and up ...)
- gitlab <not-affected> (Only affects 13.8)
NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...)
[experimental] - gitlab 13.6.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...)
[experimental] - gitlab 13.7.7-1
- gitlab <not-affected> (Affected version never uploaded to unstable)
CVE-2021-22181 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE version 1 ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...)
- wireshark 3.4.3-1 (bug #981791)
[buster] - wireshark <not-affected> (Affected code not present)
@@ -177460,22 +177460,22 @@ CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 all
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124
CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in a privat ...)
[experimental] - gitlab 13.6.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...)
[experimental] - gitlab 13.6.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows ...)
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...)
- gitlab <not-affected> (Specific to EE)
NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...)
[experimental] - gitlab 13.6.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...)
[experimental] - gitlab 13.6.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
CVE-2021-22166 (An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...)
- gitlab <not-affected> (Only affects Gitlab 13.7.x)
NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
@@ -199075,7 +199075,7 @@ CVE-2020-26415 (Information about the starred projects for private user profiles
- gitlab 13.4.7-1
CVE-2020-26414 (An issue has been discovered in GitLab affecting all versions starting ...)
[experimental] - gitlab 13.5.6-1
- - gitlab <unfixed>
+ - gitlab 15.10.8+ds1-2
NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
CVE-2020-26413 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 13.4.7-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bce75cd6c709cb70cc014e603d4075c205d6e32
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bce75cd6c709cb70cc014e603d4075c205d6e32
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230612/1aa5cfc3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list