[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 27 11:18:49 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc2a7a75 by Moritz Muehlenhoff at 2024-06-27T12:18:18+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2024-6355 (A vulnerability was found in Genexis Tilgin Fiber Home Gateway HG1522  ...)
 	NOT-FOR-US: Genexis Tilgin Fiber Home Gateway
 CVE-2024-6323 (Improper authorization in global search in GitLab EE affecting all ver ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2024-6283 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Sto ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6054 (The Auto Featured Image plugin for WordPress is vulnerable to arbitrar ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5655 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-5601 (The Create by Mediavine plugin for WordPress is vulnerable to Stored C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5430 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-5289 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4901 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-4704 (The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4664 (The WP Chat App WordPress plugin before 3.6.5 does not sanitise and es ...)
@@ -25,13 +25,13 @@ CVE-2024-4570 (The Elementor Addon Elements plugin for WordPress is vulnerable t
 CVE-2024-4569 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4557 (Multiple Denial of Service (DoS) conditions has been discovered in Git ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-4011 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-3959 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-3115 (An issue was discovered in GitLab EE affecting all versions starting f ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2024-3111 (The Interactive Content  WordPress plugin before 1.15.8 does not valid ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-37734 (An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privile ...)
@@ -45,7 +45,7 @@ CVE-2024-37247 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2024-36829 (Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers ...)
 	NOT-FOR-US: Teldat M1
 CVE-2024-2191 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-28984 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 10 ...)
 	NOT-FOR-US: Hitachi
 CVE-2024-28983 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 10 ...)
@@ -65,9 +65,9 @@ CVE-2024-22231 (Syndic cache directory creation is vulnerable to a directory tra
 CVE-2024-1839 (Intrado 911 Emergency Gateway login form is vulnerable to an unauthent ...)
 	NOT-FOR-US: Intrado 911 Emergency Gateway
 CVE-2024-1816 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-1493 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-1330 (The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-XXXX [RUSTSEC-2024-0345]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc2a7a752126287ff59584e2e20eb39247652b40

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc2a7a752126287ff59584e2e20eb39247652b40
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240627/93dba642/attachment.htm>

More information about the debian-security-tracker-commits mailing list