CVE-2024-2651
published 2024-05-14CVE-2024-2651: An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from…
PriorityP345medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
33.30%
98.2th percentile
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 17.3.5-2 (sid) | gitlab 17.3.5-2 (sid) |
| gitlab | gitlab | < 16.9.7 | 16.9.7 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 0.0 < 16.9.7 | 16.9.7 |
| gitlab | gitlab | >= 16.10 < 16.10.5 | 16.10.5 |
| gitlab | gitlab | >= 16.10.0 < 16.10.5 | 16.10.5 |
| gitlab | gitlab | >= 16.11 < 16.11.2 | 16.11.2 |
| gitlab | gitlab | >= 16.11.0 < 16.11.2 | 16.11.2 |
| gitlab | gitlab_ce | — | — |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_msrc8.8HIGH
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Chromium: CVE-2024-7536 Use after free in WebAudio
vendor_msrc·2024-08-13·CVSS 8.8
CVE-2024-7535 [HIGH] Chromium: CVE-2024-7536 Use after free in WebAudio
Chromium: CVE-2024-7536 Use after free in WebAudio
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
127.0.2651.98
127.0.6533.99/.100
8/8/2024
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see
Microsoft
Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE
vendor_msrc·2024-08-13·CVSS 8.8
CVE-2024-7550 [HIGH] Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE
Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
127.0.2651.98
127.0.6533.99/.100
8/8/2024
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How
Microsoft
Chromium: CVE-2024-7550 Type Confusion in V8
vendor_msrc·2024-08-13·CVSS 8.8
CVE-2024-7536 [HIGH] Chromium: CVE-2024-7550 Type Confusion in V8
Chromium: CVE-2024-7550 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
127.0.2651.98
127.0.6533.99/.100
8/8/2024
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the v
Microsoft
Chromium: CVE-2024-7534 Heap buffer overflow in Layout
vendor_msrc·2024-08-13·CVSS 8.8
CVE-2024-7533 [HIGH] Chromium: CVE-2024-7534 Heap buffer overflow in Layout
Chromium: CVE-2024-7534 Heap buffer overflow in Layout
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
127.0.2651.98
127.0.6533.99/.100
8/8/2024
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I
Microsoft
Chromium: CVE-2024-7535 Inappropriate implementation in V8
vendor_msrc·2024-08-13·CVSS 8.8
CVE-2024-7534 [HIGH] Chromium: CVE-2024-7535 Inappropriate implementation in V8
Chromium: CVE-2024-7535 Inappropriate implementation in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
127.0.2651.98
127.0.6533.99/.100
8/8/2024
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How c
Microsoft
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
vendor_msrc·2024-08-13·CVSS 8.4
CVE-2024-38218 [HIGH] CWE-843 Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
127.0.2651.98
127.0.6533.99/.100
8/8/2024
FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?
The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Actio
Microsoft
Chromium: CVE-2024-7533 Use after free in Sharing
vendor_msrc·2024-08-13·CVSS 8.8
CVE-2024-7532 [HIGH] Chromium: CVE-2024-7533 Use after free in Sharing
Chromium: CVE-2024-7533 Use after free in Sharing
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
127.0.2651.98
127.0.6533.99/.100
8/8/2024
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2024-07-09·CVSS 7.0
CVE-2024-39379 [MEDIUM] Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: Why is this Adobe CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Adobe Software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
127.0.2651.74
127.0.6533.73
7/11/2024
Microsoft
GitLab
CVE-2024-2651: An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions start
vendor_gitlab·2024-05-14·CVSS 6.5
CVE-2024-2651 [MEDIUM] CWE-1333 CVE-2024-2651: An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions start
CVE-2024-2651: An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content.
Debian
CVE-2024-2651: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 16.9....
vendor_debian·2024·CVSS 6.5
CVE-2024-2651 [MEDIUM] CVE-2024-2651: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 16.9....
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content.
Scope: local
sid: resolved (fixed in 17.3.5-2)
GHSA
GHSA-v3j6-jv37-286j: An issue has been discovered in GitLab CE/EE affecting all versions before 16
ghsa_unreviewed·2024-05-14
CVE-2024-2651 [MEDIUM] CWE-1333 GHSA-v3j6-jv37-286j: An issue has been discovered in GitLab CE/EE affecting all versions before 16
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content.
OSV
CVE-2024-2651: An issue has been discovered in GitLab CE/EE affecting all versions before 16
osv·2024-05-14·CVSS 6.5
CVE-2024-2651 [MEDIUM] CVE-2024-2651: An issue has been discovered in GitLab CE/EE affecting all versions before 16
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-14
Published