[Git][security-tracker-team/security-tracker][master] Process new gitlab CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 26 21:01:18 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5e52b1cd by Salvatore Bonaccorso at 2024-11-26T22:00:59+01:00
Process new gitlab CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,13 +11,13 @@ CVE-2024-8899 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensi
CVE-2024-8676 (A vulnerability was found in CRI-O, where it can be requested to take ...)
- cri-o <itp> (bug #979702)
CVE-2024-8237 (A Denial of Service (DoS) issue has been discovered in GitLab CE/EE af ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2024-8236 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8177 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2024-8114 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2024-53976 (Under certain circumstances, navigating to a webpage would result in t ...)
- firefox <not-affected> (Specific to Firefox on iOS)
CVE-2024-53975 (Accessing a non-secure HTTP site that uses a non-existent port may cau ...)
@@ -111,7 +111,7 @@ CVE-2024-32965 (Lobe Chat is an open-source, AI chat framework. Versions of lobe
CVE-2024-22117 (When a URL is added to the map element, it is recorded in the database ...)
TODO: check
CVE-2024-11828 (A denial of service (DoS) condition was discovered in GitLab CE/EE aff ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2024-11743 (A vulnerability, which was classified as problematic, was found in Sou ...)
TODO: check
CVE-2024-11742 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -119,9 +119,9 @@ CVE-2024-11742 (A vulnerability, which was classified as problematic, has been f
CVE-2024-11680 (ProjectSend versions prior to r1720 are affected by an improper authen ...)
TODO: check
CVE-2024-11669 (An issue was discovered in GitLab CE/EE affecting all versions from 16 ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code introduced later)
CVE-2024-11668 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code introduced later)
CVE-2024-11407 (There exists a denial of service through Data corruption in gRPC-C++ - ...)
TODO: check
CVE-2024-11192 (The Spotify Play Button for WordPress plugin for WordPress is vulnerab ...)
@@ -145,7 +145,7 @@ CVE-2024-10579 (The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popu
CVE-2024-10308 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...)
TODO: check
CVE-2024-10240 (An issue has been discovered in GitLab EE affecting all versions start ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code introduced later)
CVE-2024-XXXX [Supplemental group inheritance grants unintended access to GID 0 due to lack of supplemental groups from mod_sql]
- proftpd-dfsg 1.3.8.b+dfsg-4 (bug #1082326)
NOTE: https://github.com/proftpd/proftpd/issues/1830
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e52b1cde53e89224e572c8ea5e6ba47b32bc288
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e52b1cde53e89224e572c8ea5e6ba47b32bc288
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241126/89d393d0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list