[Git][security-tracker-team/security-tracker][master] gitlab fixes in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 3 11:34:09 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
248eb37d by Moritz Muehlenhoff at 2025-04-03T12:33:50+02:00
gitlab fixes in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28651,7 +28651,7 @@ CVE-2025-0283 (A stack-based buffer overflow in Ivanti Connect Secure before ver
CVE-2025-0282 (A stack-based buffer overflow in Ivanti Connect Secure before version ...)
NOT-FOR-US: Ivanti
CVE-2024-6324 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-2
CVE-2024-5610
REJECTED
CVE-2024-54010 (A vulnerability in the firewall component of HPE Aruba Networking CX 1 ...)
@@ -50438,9 +50438,9 @@ CVE-2024-8959 (The WP Adminify \u2013 Custom WordPress Dashboard, Login and Admi
CVE-2024-8717 (The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer \u2013 DearFlip p ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8312 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-2
CVE-2024-6826 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-2
CVE-2024-5608 (Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable ...)
NOT-FOR-US: Zoho
CVE-2024-49703 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -55174,7 +55174,7 @@ CVE-2024-9201 (The SEUR plugin, in its versions prior to 2.5.11, is vulnerable t
CVE-2024-8977 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-6530 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6157 (An attacker who successfully exploited these vulnerabilities could cau ...)
NOT-FOR-US: ABB
CVE-2024-4658 (SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allo ...)
@@ -60235,7 +60235,7 @@ CVE-2024-8043 (The Vikinghammer Tweet WordPress plugin through 0.2.4 does not ha
CVE-2024-7387 (A flaw was found in openshift/builder. This vulnerability allows comma ...)
NOT-FOR-US: OpenShift
CVE-2024-6685 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-5170 (The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4283 (An issue has been discovered in GitLab EE affecting all versions start ...)
@@ -61181,15 +61181,15 @@ CVE-2024-6701 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an
CVE-2024-6700 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS i ...)
NOT-FOR-US: Pega Platform
CVE-2024-6678 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6658 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
NOT-FOR-US: Progress LoadMaster
CVE-2024-6510 (Local Privilege Escalation in AVG Internet Security v24 on Windows all ...)
NOT-FOR-US: AVG Internet Security
CVE-2024-6446 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6389 (An issue was discovered in GitLab-CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6077 (A denial-of-service vulnerability exists in the Rockwell Automation af ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-6019 (The Music Request Manager WordPress plugin through 1.3 does not saniti ...)
@@ -65323,7 +65323,7 @@ CVE-2024-7110 (An issue was discovered in GitLab EE affecting all versions start
CVE-2024-6870 (The Responsive Lightbox & Gallery plugin for WordPress is vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6502 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-45201 (An issue was discovered in llama_index before 0.10.38. download/integr ...)
NOT-FOR-US: llama_index
CVE-2024-45193 (An issue was discovered in Matrix libolm through 3.2.16. There is Ed25 ...)
@@ -69255,7 +69255,7 @@ CVE-2024-7123
CVE-2024-7121
REJECTED
CVE-2024-6329 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/468937
NOTE: https://hackerone.com/reports/2542483
CVE-2024-5423 (Multiple Denial of Service (DoS) conditions has been discovered in Git ...)
@@ -76500,20 +76500,20 @@ CVE-2016-15039 (A vulnerability classified as critical was found in mhuertos php
NOTE: https://github.com/leenooks/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036 (1.2.4)
CVE-2024-5528 (An issue was discovered in GitLab CE/EE affecting all versions prior t ...)
[experimental] - gitlab 16.11.6-1
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-2880 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
[experimental] - gitlab 16.11.6-1
- gitlab 17.3.5-2
CVE-2024-6595 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
[experimental] - gitlab 16.11.6-1
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-5470 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2024-5257 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2024-6385 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
[experimental] - gitlab 16.11.6-1
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6649 (A vulnerability has been found in SourceCodester Employee and Visitor ...)
NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-6647 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...)
@@ -79654,7 +79654,7 @@ CVE-2024-6283 (The DethemeKit For Elementor plugin for WordPress is vulnerable t
CVE-2024-6054 (The Auto Featured Image plugin for WordPress is vulnerable to arbitrar ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5655 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-5601 (The Create by Mediavine plugin for WordPress is vulnerable to Stored C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5430 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
@@ -83515,7 +83515,7 @@ CVE-2023-35859 (A Reflected Cross-Site Scripting (XSS) vulnerability in the blog
CVE-2023-35858 (XPath Injection vulnerabilities in the blog and RSS functions of Moder ...)
NOT-FOR-US: Modern Campus Omni CMS
CVE-2024-5469 (DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior t ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-5787 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5757 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/248eb37d932d4c190a2ff5a1885d1ce5b21b7302
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/248eb37d932d4c190a2ff5a1885d1ce5b21b7302
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250403/11d78847/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list