Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb551c9a by Salvatore Bonaccorso at 2025-06-12T23:03:17+02:00
Process some gitlab CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,15 +9,15 @@ CVE-2025-6021 (A flaw was found in libxml2's xmlBuildQName
function, where integ
CVE-2025-6003 (The WordPress Single Sign-On (SSO) plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5996 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-5982 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-5485 (User names used to access the web management interface are
limited to ...)
NOT-FOR-US: SinoTrack
CVE-2025-5484 (A username and password are required to authenticate to the
central S ...)
NOT-FOR-US: SinoTrack
CVE-2025-5195 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2025-4613 (Path traversal in Google Web Designer's template handling
versions pri ...)
NOT-FOR-US: Google Web Designer
CVE-2025-4418 (An improper validation of integrity check value vulnerability
exists i ...)
@@ -25,7 +25,7 @@ CVE-2025-4418 (An improper validation of integrity check
value vulnerability exi
CVE-2025-4417 (A cross-site scripting vulnerability exists in AVEVAPI
Connector for ...)
NOT-FOR-US: AVEVA
CVE-2025-4278 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2025-49579 (Citizen is a MediaWiki skin that makes extensions part of the
cohesive ...)
TODO: check
CVE-2025-49578 (Citizen is a MediaWiki skin that makes extensions part of the
cohesive ...)
@@ -101,17 +101,17 @@ CVE-2025-36539 (AVEVA PI Data Archive products are
vulnerable to an uncaught ex
CVE-2025-2745 (A cross-site scripting vulnerability exists in AVEVAPI Web API
version ...)
NOT-FOR-US: AVEVA
CVE-2025-2254 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2025-29744 (pg-promise before 11.5.5 is vulnerable to SQL Injection due to
imprope ...)
TODO: check
CVE-2025-1516 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-1478 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-0673 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2024-9512 (An issue has been discovered in GitLab EE affecting all
versions prior ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2024-7562 (A potential elevated privilege issue has been reported with
InstallShi ...)
NOT-FOR-US: InstallShield
CVE-2024-56158 (XWiki is a generic wiki platform. It's possible to execute any
SQL que ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb551c9a4c32293f2f7ccad1bdd69102a9f6dd4d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb551c9a4c32293f2f7ccad1bdd69102a9f6dd4d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
