Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
45da26bf by Moritz Muehlenhoff at 2025-07-11T10:08:55+02:00
new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,11 +27,11 @@ CVE-2025-7407 (A vulnerability, which was classified as
critical, was found in N
CVE-2025-7021 (Fullscreen API Spoofing and UI Redressing in the handling of
Fullscree ...)
NOT-FOR-US: OpenAI Operator SaaS
CVE-2025-6948 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-6211 (A vulnerability in the DocugamiReader class of the
run-llama/llama_ind ...)
NOT-FOR-US: run-llama/llama_index
CVE-2025-6168 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2025-5040 (A maliciously crafted RTE file, when parsed through Autodesk
Revit, ca ...)
NOT-FOR-US: Autodesk
CVE-2025-5037 (A maliciously crafted RFA file, when parsed through Autodesk
Revit, ca ...)
@@ -104,7 +104,7 @@ CVE-2025-52434 (Concurrent Execution using Shared Resource
with Improper Synchro
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018
(9.0.107)
CVE-2025-4972 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2025-49812 (In some mod_ssl configurations on Apache HTTP Server versions
through ...)
- apache2 <unfixed>
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-49812
@@ -132,7 +132,7 @@ CVE-2025-45662 (A cross-site scripting (XSS) vulnerability
in the component /mas
CVE-2025-44251 (Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in
cleartext duri ...)
NOT-FOR-US: Ecovacs
CVE-2025-3396 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2025-36090 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a
remote ...)
NOT-FOR-US: IBM
CVE-2025-34102 (A remote code execution vulnerability exists in CryptoLog (PHP
version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45da26bfe1af2d89594f0f9788aeb1730114686c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45da26bfe1af2d89594f0f9788aeb1730114686c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
