[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 13 07:48:28 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2a9f0e3 by Moritz Muehlenhoff at 2024-09-13T08:48:04+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -114,7 +114,7 @@ CVE-2024-46673 [scsi: aacraid: Fix double-free on probe failure]
 	- linux 6.10.9-1
 	NOTE: https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)
 CVE-2024-8754 (An issue has been discovered in GitLab EE/CE affecting all versions fr ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-8750 (Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This ...)
 	NOT-FOR-US: idoit pro
 CVE-2024-8749 (SQL injection vulnerability in idoit pro version 28. This vulnerabilit ...)
@@ -156,9 +156,9 @@ CVE-2024-8529 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress i
 CVE-2024-8522 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8311 (An issue was discovered with pipeline execution policies in GitLab EE  ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2024-8124 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-8056 (The MM-Breaking News WordPress plugin through 0.7.9 does not escape th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8054 (The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF ...)
@@ -196,15 +196,15 @@ CVE-2024-6701 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an
 CVE-2024-6700 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS i ...)
 	NOT-FOR-US: Pega Platform
 CVE-2024-6678 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-6658 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
 	NOT-FOR-US: Progress LoadMaster
 CVE-2024-6510 (Local Privilege Escalation in AVG Internet Security v24 on Windows all ...)
 	NOT-FOR-US: AVG Internet Security
 CVE-2024-6446 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-6389 (An issue was discovered in GitLab-CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-6077 (A denial-of-service vulnerability exists in the Rockwell Automation af ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2024-6019 (The Music Request Manager WordPress plugin through 1.3 does not saniti ...)
@@ -216,13 +216,13 @@ CVE-2024-6017 (The Music Request Manager WordPress plugin through 1.3 does not h
 CVE-2024-5799 (The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5435 (An issue has been discovered discovered in GitLab EE/CE affecting all  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-4660 (An issue has been discovered in GitLab EE affecting all versions start ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2024-4612 (An issue has been discovered in GitLab EE affecting all versions start ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2024-4472 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-45857 (Deserialization of untrusted data can occur in versions 2.4.0 or newer ...)
 	NOT-FOR-US: Cleanlab project
 CVE-2024-45856 (A cross-site scripting (XSS) vulnerability exists in all versions of t ...)
@@ -317,7 +317,7 @@ CVE-2024-32842 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or t
 CVE-2024-32840 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-2743 (An issue was discovered in GitLab-EE starting with version 13.3 before ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2024-2010 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
 	TODO: check
 CVE-2024-29847 (Deserialization of untrusted data in the agent portal of Ivanti EPM be ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a9f0e3b9f3e44860c96cb3791105dfdd34d645

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a9f0e3b9f3e44860c96cb3791105dfdd34d645
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240913/f6468069/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list