FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-28 16:36:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
fbc2c629-0dc5-11ef-9850-001b217b3468Gitlab -- vulnerabilities

Gitlab reports:

ReDoS in branch search when using wildcards

ReDoS in markdown render pipeline

Redos on Discord integrations

Redos on Google Chat Integration

Denial of Service Attack via Pin Menu

DoS by filtering tags and branches via the API

MR approval via CSRF in SAML SSO

Banned user from groups can read issues updates via the api

Require confirmation before linking JWT identity

View confidential issues title and description of any public project via export

SSRF via Github importer


Discovery 2024-05-08
Entry 2024-05-09
gitlab-ce
gitlab-ee
ge 16.11.0 lt 16.11.2

ge 16.10.0 lt 16.10.5

ge 10.6.0 lt 16.9.7

CVE-2024-2878
CVE-2024-2651
CVE-2023-6682
CVE-2023-6688
CVE-2024-2454
CVE-2024-4539
CVE-2024-4597
CVE-2024-1539
CVE-2024-1211
CVE-2024-3976
CVE-2023-6195
https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/
8fc615cc-8a66-11e8-8c75-d8cb8abf62ddGitlab -- Remote Code Execution Vulnerability in GitLab Projects Import

Gitlab reports:

Remote Code Execution Vulnerability in GitLab Projects Import


Discovery 2018-07-17
Entry 2018-07-18
gitlab-ce
gitlab
ge 11.0.0 lt 11.0.4

ge 10.8.0 lt 10.8.6

ge 8.9.0 lt 10.7.7

CVE-2018-14364
https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
b950a83b-789e-11e8-8545-d8cb8abf62ddGitlab -- multiple vulnerabilities

Gitlab reports:

Wiki XSS

Sanitize gem updates

XSS in url_for(params)

Content injection via username

Activity feed publicly displaying internal project names

Persistent XSS in charts


Discovery 2018-06-25
Entry 2018-06-25
gitlab
ge 11.0.0 lt 11.0.1

ge 10.8.0 lt 10.8.5

ge 4.1 lt 10.7.6

CVE-2018-12606
CVE-2018-3740
CVE-2018-12605
CVE-2018-12607
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
b857606c-0266-11ef-8681-001b217b3468Gitlab -- vulnerabilities

Gitlab reports:

GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider

Path Traversal leads to DoS and Restricted File Read

Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search

Personal Access Token scopes not honoured by GraphQL subscriptions

Domain based restrictions bypass using a crafted email address


Discovery 2024-04-24
Entry 2024-04-24
gitlab-ce
gitlab-ee
ge 16.11.0 lt 16.11.1

ge 16.10.0 lt 16.10.4

ge 7.8.0 lt 16.9.6

CVE-2024-4024
CVE-2024-2434
CVE-2024-2829
CVE-2024-4006
CVE-2024-1347
https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/
9557dc72-64da-11e8-bc32-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

Removing public deploy keys regression

Users can update their password without entering current password

Persistent XSS - Selecting users as allowed merge request approvers

Persistent XSS - Multiple locations of user selection drop downs

include directive in .gitlab-ci.yml allows SSRF requests

Permissions issue in Merge Requests Create Service

Arbitrary assignment of project fields using "Import project"


Discovery 2018-05-29
Entry 2018-05-31
gitlab
ge 10.8.0 lt 10.8.2

ge 10.7.0 lt 10.7.5

ge 1.0 lt 10.6.6

https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/