[Git][security-tracker-team/security-tracker][master] gitlab issues fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Apr 20 12:44:10 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d77ad429 by Moritz Muehlenhoff at 2025-04-20T13:43:24+02:00
gitlab issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24212,7 +24212,7 @@ CVE-2025-0511 (The Welcart e-Commerce plugin for WordPress is vulnerable to Stor
CVE-2025-0506 (The Rise Blocks \u2013 A Complete Gutenberg Page Builder plugin for Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0376 (An XSS vulnerability exists in GitLab CE/EE affecting all versions fro ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
CVE-2025-0332 (In Progress\xae Telerik\xae UI for WinForms, versions prior to 2025 Q1 ...)
NOT-FOR-US: Progress Telerik
CVE-2024-9870 (An external service interaction vulnerability in GitLab EE affecting a ...)
@@ -27963,7 +27963,7 @@ CVE-2025-0631 (A Credential Exposure Vulnerability exists in the above-mentioned
CVE-2025-0432 (EWON Flexy 202 transmits user credentials in clear text with no encryp ...)
NOT-FOR-US: EWON Flexy
CVE-2025-0290 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2025-0065 (Improper Neutralization of Argument Delimiters in the TeamViewer_servi ...)
NOT-FOR-US: TeamViewer
CVE-2024-8401 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...)
@@ -29488,7 +29488,7 @@ CVE-2025-0650 (A flaw was found in the Open Virtual Network (OVN). Specially cra
CVE-2024-11931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2025-0314 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any platfor ...)
NOT-FOR-US: Apache Wicket
CVE-2025-24530 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
@@ -34874,7 +34874,7 @@ CVE-2024-13191 (A vulnerability, which was classified as critical, has been foun
CVE-2024-13190 (A vulnerability classified as critical was found in ZeroWdd myblog 1.0 ...)
NOT-FOR-US: ZeroWdd myblog
CVE-2024-13041 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-12806 (A post-authentication absolute path traversal vulnerability in SonicOS ...)
NOT-FOR-US: SonicWall
CVE-2024-12805 (A post-authentication format string vulnerability in SonicOS managemen ...)
@@ -34892,7 +34892,7 @@ CVE-2024-12715 (The Asgard Security Scanner WordPress plugin through 0.7 does no
CVE-2024-12714 (The Backlink Monitoring Manager WordPress plugin through 0.1.3 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12431 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-10815 (The PostLists WordPress plugin through 2.0.2 does not escape the $_SER ...)
NOT-FOR-US: WordPress plugin
CVE-2025-22143 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
@@ -34924,7 +34924,7 @@ CVE-2025-20126 (A vulnerability in certification validation routines of Cisco Th
CVE-2025-20123 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2025-0194 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-9939 (The WordPress File Upload plugin for WordPress is vulnerable to Path T ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6350 (A malformed 802.15.4 packet causes a buffer overflow to occur leading ...)
@@ -41664,9 +41664,9 @@ CVE-2024-12455 [powerpc: getrandom() returns EINVAL as retcode instead of errno]
NOTE: Introduced by: https://sourceware.org/git?p=glibc.git;a=commit;h=461cab1de747f3842f27a5d24977d78d561d45f9
NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=4f5704ea347e52ac3f272d1341da10aed6e9973e
CVE-2024-9387 (An issue was discovered in GitLab CE/EE affecting all versions from 11 ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-9367 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-8647 (An issue was discovered in GitLab affecting all versions starting 15.2 ...)
- gitlab 17.5.5-1
CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
@@ -41786,13 +41786,13 @@ CVE-2024-21575 (ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue s
CVE-2024-21574 (The issue stems from a missing validation of the pip field in a POST r ...)
NOT-FOR-US: ComfyUI-Impact-Pack
CVE-2024-12570 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-12401 (A flaw was found in the cert-manager package. This flaw allows an atta ...)
NOT-FOR-US: Open Shift
CVE-2024-12333 (The Woodmart theme for WordPress is vulnerable to arbitrary shortcode ...)
NOT-FOR-US: WordPress theme
CVE-2024-12292 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-12271 (The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12160 (The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is ...)
@@ -41800,7 +41800,7 @@ CVE-2024-12160 (The Seraphinite Bulk Discounts for WooCommerce plugin for WordPr
CVE-2024-11760 (The Currency Converter Widget \u26a1 PRO plugin for WordPress is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11274 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-10043 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-55633 (Improper Authorization vulnerability in Apache Superset. On Postgres a ...)
@@ -46125,7 +46125,7 @@ CVE-2024-22117 (When a URL is added to the map element, it is recorded in the da
NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/73d694022cd8e3468d1fdb1dc672e8d0eb9a2fc3 (6.0.34rc1)
NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/c9810cd2dfe65922ec5e84f06c0b44d38262fbe5 (5.0.44rc1)
CVE-2024-11828 (A denial of service (DoS) condition was discovered in GitLab CE/EE aff ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-11743 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Best House Rental Management System
CVE-2024-11742 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -49800,9 +49800,9 @@ CVE-2024-10113 (The WP AdCenter \u2013 Ad Manager & Adsense Ads plugin for WordP
CVE-2024-10104 (The Jobs for WordPress plugin before 2.7.8 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9693 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-3
CVE-2024-9633 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-9472 (A null pointer dereference in Palo Alto Networks PAN-OS software on PA ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-8648 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
@@ -61310,7 +61310,7 @@ CVE-2024-9783 (A vulnerability was found in D-Link DIR-619L B1 2.06. It has been
CVE-2024-9782 (A vulnerability was found in D-Link DIR-619L B1 2.06. It has been decl ...)
NOT-FOR-US: D-Link
CVE-2024-9623 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-9596 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-9312 (Authd, through version 0.3.6, did not sufficiently randomize user IDs ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d77ad429bd0c13b07e549a1e1d4b77ed05dc077f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d77ad429bd0c13b07e549a1e1d4b77ed05dc077f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250420/c2750c37/attachment.htm>
More information about the debian-security-tracker-commits
mailing list