Gitlab Community Edition And Gitlab Enterprise Edition 8.7.0 Through 8.15.7, 8.16.0 Through 8.16.7, 8.17.0 Through 8.17.3 Security Vulnerabilities

Debian: Security Advisory (DLA-3834-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3838-1)

The remote host is missing an update for the...

Ubuntu: Security Advisory (USN-6844-2)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1861)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1856)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1858)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1872)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1859)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1854)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1871)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1863)

The remote host is missing an update for the Huawei...

SDL_ttf: Arbitrary Memory Write

Background SDL_ttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications. Description A vulnerability has been discovered in SDL_ttf. Please review the CVE identifier referenced below for details. Impact SDL_ttf was...

CVE-2024-38528

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...

CVE-2024-39464

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. notifier_entry was kept 'zeroed' leading to an uninitialized list_head.....

CVE-2024-39293

In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instances redirect to the same...

CVE-2024-1816

An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI...

CVE-2023-1708

(An issue was identified in GitLab CE/EE affecting all versions from 1....

CVE-2024-39465

In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc...

CVE-2024-39371

In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to...

CVE-2024-3959

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...

CVE-2023-1787

(An issue has been discovered in GitLab affecting all versions starting...

CVE-2023-1733

(A denial of service condition exists in the Prometheus server bundled...

CVE-2024-39001

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...

Ubuntu: Security Advisory (USN-6851-2)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1853)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-3843-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1855)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-3825-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5701-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5713-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3835-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3847-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5720-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5716-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DSA-5707-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5703-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3839-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3852-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5705-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5704-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3832-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3844-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3829-1)

The remote host is missing an update for the...

Liferea: Remote Code Execution

Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...

GNU Emacs, Org Mode: Multiple Vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no.....

Debian: Security Advisory (DSA-5706-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5723-1)

The remote host is missing an update for the...

CVE-2023-1710

(A sensitive information disclosure vulnerability in GitLab affecting a...

CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...