Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d77ad429 by Moritz Muehlenhoff at 2025-04-20T13:43:24+02:00
gitlab issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24212,7 +24212,7 @@ CVE-2025-0511 (The Welcart e-Commerce plugin for
WordPress is vulnerable to Stor
CVE-2025-0506 (The Rise Blocks \u2013 A Complete Gutenberg Page Builder plugin
for Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0376 (An XSS vulnerability exists in GitLab CE/EE affecting all
versions fro ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
CVE-2025-0332 (In Progress\xae Telerik\xae UI for WinForms, versions prior to
2025 Q1 ...)
NOT-FOR-US: Progress Telerik
CVE-2024-9870 (An external service interaction vulnerability in GitLab EE
affecting a ...)
@@ -27963,7 +27963,7 @@ CVE-2025-0631 (A Credential Exposure Vulnerability
exists in the above-mentioned
CVE-2025-0432 (EWON Flexy 202 transmits user credentials in clear text with no
encryp ...)
NOT-FOR-US: EWON Flexy
CVE-2025-0290 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2025-0065 (Improper Neutralization of Argument Delimiters in the
TeamViewer_servi ...)
NOT-FOR-US: TeamViewer
CVE-2024-8401 (CWE-79: Improper Neutralization of Input During Web Page
Generation (\ ...)
@@ -29488,7 +29488,7 @@ CVE-2025-0650 (A flaw was found in the Open Virtual
Network (OVN). Specially cra
CVE-2024-11931 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2025-0314 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any
platfor ...)
NOT-FOR-US: Apache Wicket
CVE-2025-24530 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS
vulnera ...)
@@ -34874,7 +34874,7 @@ CVE-2024-13191 (A vulnerability, which was classified
as critical, has been foun
CVE-2024-13190 (A vulnerability classified as critical was found in ZeroWdd
myblog 1.0 ...)
NOT-FOR-US: ZeroWdd myblog
CVE-2024-13041 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-12806 (A post-authentication absolute path traversal vulnerability in
SonicOS ...)
NOT-FOR-US: SonicWall
CVE-2024-12805 (A post-authentication format string vulnerability in SonicOS
managemen ...)
@@ -34892,7 +34892,7 @@ CVE-2024-12715 (The Asgard Security Scanner WordPress
plugin through 0.7 does no
CVE-2024-12714 (The Backlink Monitoring Manager WordPress plugin through 0.1.3
does no ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12431 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-10815 (The PostLists WordPress plugin through 2.0.2 does not escape
the $_SER ...)
NOT-FOR-US: WordPress plugin
CVE-2025-22143 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
@@ -34924,7 +34924,7 @@ CVE-2025-20126 (A vulnerability in certification
validation routines of Cisco Th
CVE-2025-20123 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2025-0194 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-9939 (The WordPress File Upload plugin for WordPress is vulnerable to
Path T ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6350 (A malformed 802.15.4 packet causes a buffer overflow to occur
leading ...)
@@ -41664,9 +41664,9 @@ CVE-2024-12455 [powerpc: getrandom() returns EINVAL as
retcode instead of errno]
NOTE: Introduced by:
https://sourceware.org/git?p=glibc.git;a=commit;h=461cab1de747f3842f27a5d24977d78d561d45f9
NOTE: Fixed by:
https://sourceware.org/git?p=glibc.git;a=commit;h=4f5704ea347e52ac3f272d1341da10aed6e9973e
CVE-2024-9387 (An issue was discovered in GitLab CE/EE affecting all versions
from 11 ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-9367 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-8647 (An issue was discovered in GitLab affecting all versions
starting 15.2 ...)
- gitlab 17.5.5-1
CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
@@ -41786,13 +41786,13 @@ CVE-2024-21575 (ComfyUI-Impact-Pack is vulnerable to
Path Traversal. The issue s
CVE-2024-21574 (The issue stems from a missing validation of the pip field in
a POST r ...)
NOT-FOR-US: ComfyUI-Impact-Pack
CVE-2024-12570 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-12401 (A flaw was found in the cert-manager package. This flaw allows
an atta ...)
NOT-FOR-US: Open Shift
CVE-2024-12333 (The Woodmart theme for WordPress is vulnerable to arbitrary
shortcode ...)
NOT-FOR-US: WordPress theme
CVE-2024-12292 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-12271 (The 360 Javascript Viewer plugin for WordPress is vulnerable
to Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12160 (The Seraphinite Bulk Discounts for WooCommerce plugin for
WordPress is ...)
@@ -41800,7 +41800,7 @@ CVE-2024-12160 (The Seraphinite Bulk Discounts for
WooCommerce plugin for WordPr
CVE-2024-11760 (The Currency Converter Widget \u26a1 PRO plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11274 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-10043 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-55633 (Improper Authorization vulnerability in Apache Superset. On
Postgres a ...)
@@ -46125,7 +46125,7 @@ CVE-2024-22117 (When a URL is added to the map element,
it is recorded in the da
NOTE: Fixed by:
https://github.com/zabbix/zabbix/commit/73d694022cd8e3468d1fdb1dc672e8d0eb9a2fc3
(6.0.34rc1)
NOTE: Fixed by:
https://github.com/zabbix/zabbix/commit/c9810cd2dfe65922ec5e84f06c0b44d38262fbe5
(5.0.44rc1)
CVE-2024-11828 (A denial of service (DoS) condition was discovered in GitLab
CE/EE aff ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-11743 (A vulnerability, which was classified as problematic, was
found in Sou ...)
NOT-FOR-US: SourceCodester Best House Rental Management System
CVE-2024-11742 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -49800,9 +49800,9 @@ CVE-2024-10113 (The WP AdCenter \u2013 Ad Manager &
Adsense Ads plugin for WordP
CVE-2024-10104 (The Jobs for WordPress plugin before 2.7.8 does not sanitise
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9693 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-3
CVE-2024-9633 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-9472 (A null pointer dereference in Palo Alto Networks PAN-OS
software on PA ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-8648 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
@@ -61310,7 +61310,7 @@ CVE-2024-9783 (A vulnerability was found in D-Link
DIR-619L B1 2.06. It has been
CVE-2024-9782 (A vulnerability was found in D-Link DIR-619L B1 2.06. It has
been decl ...)
NOT-FOR-US: D-Link
CVE-2024-9623 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-9596 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-9312 (Authd, through version 0.3.6, did not sufficiently randomize
user IDs ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d77ad429bd0c13b07e549a1e1d4b77ed05dc077f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d77ad429bd0c13b07e549a1e1d4b77ed05dc077f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
