Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cac82bf8 by Moritz Muehlenhoff at 2025-05-23T09:35:13+02:00
new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-5074 (A vulnerability, which was classified as
critical, was found in F
CVE-2025-5073 (A vulnerability, which was classified as critical, has been
found in F ...)
NOT-FOR-US: FreeFloat FTP Server
CVE-2025-4979 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-4419 (The Hot Random Image plugin for WordPress is vulnerable to Path
Traver ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4405 (The Hot Random Image plugin for WordPress is vulnerable to
Stored Cros ...)
@@ -89,7 +89,7 @@ CVE-2025-3836 (ZohocorpManageEngine ADAudit Plus versions
8510 and prior are vul
CVE-2025-3444 (Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter
Plus vers ...)
NOT-FOR-US: Zoho
CVE-2025-3111 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-33138 (IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML
injection ...)
NOT-FOR-US: IBM
CVE-2025-33137 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an
authenticated us ...)
@@ -115,7 +115,7 @@ CVE-2025-30170 (Exposure of file path, file size or file
existence vulnerabiliti
CVE-2025-30169 (File upload and execute vulnerabilities in ASPECT allow PHP
script inj ...)
NOT-FOR-US: ABB group
CVE-2025-2853 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-2506 (When pglogical attempts to replicate data, it does not verify
it is us ...)
TODO: check
CVE-2025-2410 (Port manipulation vulnerabilities in ASPECT provide attackers
with the ...)
@@ -129,13 +129,13 @@ CVE-2025-23183 (CWE-601: URL Redirection to Untrusted
Site ('Open Redirect'))
CVE-2025-23182 (CWE-203: Observable Discrepancy)
TODO: check
CVE-2025-1110 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-0993 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-0679 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-0605 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2024-9639 (Remote Code Execution vulnerabilities are present in ASPECT if
session ...)
NOT-FOR-US: ABB group
CVE-2024-9544 (The MapSVG plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
@@ -219,7 +219,7 @@ CVE-2024-13929 (Servlet injection vulnerabilities in ASPECT
allow remote code ex
CVE-2024-13928 (SQL injection vulnerabilities in ASPECT allow unintended
access and ma ...)
NOT-FOR-US: ABB group
CVE-2024-12093 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-47466 (TagLib before 2.0 allows a segmentation violation and
application cras ...)
- taglib 2.0.2-1
NOTE: https://github.com/taglib/taglib/issues/1163
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cac82bf8c3325cb1204eda96aabc084bb5a0aa27
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cac82bf8c3325cb1204eda96aabc084bb5a0aa27
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
