FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
dad6294c-f7c1-11ee-bb77-001b217b3468	Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6 Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report Discovery 2024-04-10 Entry 2024-04-11 gitlab-ce ge 16.10.0 lt 16.10.2 ge 16.9.0 lt 16.9.4 < 16.8.6 CVE-2024-3092 CVE-2024-2279 CVE-2023-6489 CVE-2023-6678 https://about.gitlab.com/releases/2024/04/10/patch-release-gitlab-16-10-2-released/
d2992bc2-ed18-11ee-96dc-001b217b3468	Gitlab -- vulnerabilities Gitlab reports: Stored-XSS injected in Wiki page via Banzai pipeline DOS using crafted emojis Discovery 2024-03-27 Entry 2024-03-28 gitlab-ce ge 16.10.0 lt 16.10.1 ge 16.9.0 lt 16.9.3 < 16.8.5 CVE-2023-6371 CVE-2024-2818 https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/
b857606c-0266-11ef-8681-001b217b3468	Gitlab -- vulnerabilities Gitlab reports: GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider Path Traversal leads to DoS and Restricted File Read Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search Personal Access Token scopes not honoured by GraphQL subscriptions Domain based restrictions bypass using a crafted email address Discovery 2024-04-24 Entry 2024-04-24 gitlab-ce gitlab-ee ge 16.11.0 lt 16.11.1 ge 16.10.0 lt 16.10.4 ge 7.8.0 lt 16.9.6 CVE-2024-4024 CVE-2024-2434 CVE-2024-2829 CVE-2024-4006 CVE-2024-1347 https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/

VuXML ID

Description

dad6294c-f7c1-11ee-bb77-001b217b3468

Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6

Gitlab reports:

Stored XSS injected in diff viewer

Stored XSS via autocomplete results

Redos on Integrations Chat Messages

Redos During Parse Junit Test Report

Discovery 2024-04-10
Entry 2024-04-11
gitlab-ce

ge 16.10.0 lt 16.10.2

ge 16.9.0 lt 16.9.4

< 16.8.6

CVE-2024-3092
CVE-2024-2279
CVE-2023-6489
CVE-2023-6678
https://about.gitlab.com/releases/2024/04/10/patch-release-gitlab-16-10-2-released/

d2992bc2-ed18-11ee-96dc-001b217b3468

Gitlab -- vulnerabilities

Gitlab reports:

Stored-XSS injected in Wiki page via Banzai pipeline

DOS using crafted emojis

Discovery 2024-03-27
Entry 2024-03-28
gitlab-ce

ge 16.10.0 lt 16.10.1

ge 16.9.0 lt 16.9.3

< 16.8.5

CVE-2023-6371
CVE-2024-2818
https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/

b857606c-0266-11ef-8681-001b217b3468

Gitlab -- vulnerabilities

Gitlab reports:

GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider

Path Traversal leads to DoS and Restricted File Read

Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search

Personal Access Token scopes not honoured by GraphQL subscriptions

Domain based restrictions bypass using a crafted email address

Discovery 2024-04-24
Entry 2024-04-24
gitlab-ce
gitlab-ee

ge 16.11.0 lt 16.11.1

ge 16.10.0 lt 16.10.4

ge 7.8.0 lt 16.9.6

CVE-2024-4024
CVE-2024-2434
CVE-2024-2829
CVE-2024-4006
CVE-2024-1347
https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/