[Git][security-tracker-team/security-tracker][master] gitlab fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Apr 23 12:13:32 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
87b263cc by Moritz Muehlenhoff at 2025-04-23T13:12:48+02:00
gitlab fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15464,7 +15464,7 @@ CVE-2025-1672 (The Notibar \u2013 Notification Bar for WordPress plugin for Word
CVE-2025-1666 (The Cookie banner plugin for WordPress \u2013 Cookiebot CMP by Usercen ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1540 (An issue has been discovered in GitLab CE/EE for Self-Managed and Dedi ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
CVE-2025-1383 (The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0877 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -24280,7 +24280,7 @@ CVE-2025-1227 (A vulnerability was found in ywoa up to 2024.07.03. It has been r
CVE-2025-1226 (A vulnerability was found in ywoa up to 2024.07.03. It has been declar ...)
NOT-FOR-US: ywoa
CVE-2025-1198 (An issue discovered in GitLab CE/EE affecting all versions from 16.11 ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
CVE-2025-1070 (CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability ...)
NOT-FOR-US: Schneider Electric
CVE-2025-1060 (CWE-319: Cleartext Transmission of Sensitive Information vulnerability ...)
@@ -24318,7 +24318,7 @@ CVE-2025-0109 (An unauthenticated file deletion vulnerability in the Palo Alto N
CVE-2025-0108 (An authentication bypass in the Palo Alto Networks PAN-OS software ena ...)
NOT-FOR-US: Palo Alto Networks
CVE-2024-8266 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
CVE-2024-7102 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- gitlab 17.5.5-1
CVE-2024-57605 (Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 ...)
@@ -24632,7 +24632,7 @@ CVE-2025-1214 (A vulnerability classified as critical has been found in pihome-s
CVE-2025-1213 (A vulnerability was found in pihome-shc PiHome 1.77. It has been rated ...)
NOT-FOR-US: pihome-shc PiHome
CVE-2025-1212 (An information disclosure vulnerability in GitLab CE/EE affecting all ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
CVE-2025-1210 (A vulnerability classified as critical was found in code-projects Wazi ...)
NOT-FOR-US: code-projects Wazifa System
CVE-2025-1209 (A vulnerability classified as problematic has been found in code-proje ...)
@@ -24740,7 +24740,7 @@ CVE-2024-12629 (In Progress\xae Telerik\xae KendoReact versions v3.5.0 through v
CVE-2024-12386 (The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Requ ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12379 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
CVE-2024-12315 (The Export All Posts, Products, Orders, Refunds & Users plugin for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12296 (The Apus Framework plugin for WordPress is vulnerable to unauthorized ...)
@@ -26219,7 +26219,7 @@ CVE-2025-1082 (A vulnerability classified as problematic has been found in Minds
CVE-2025-1081 (A vulnerability was found in Bharti Airtel Xstream Fiber up to 2025012 ...)
NOT-FOR-US: Bharti Airtel Xstream Fiber
CVE-2025-1072 (A Denial of Service (DoS) issue has been discovered in GitLab CE/EE af ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2025-1061 (The Nextend Social Login Pro plugin for WordPress is vulnerable to aut ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1004 (Certain HP LaserJet Pro printers may potentially experience a denial o ...)
@@ -29968,7 +29968,7 @@ CVE-2025-0650 (A flaw was found in the Open Virtual Network (OVN). Specially cra
NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/5
NOTE: https://github.com/ovn-org/ovn/commit/249c52ad011cacb4c182dc64e88977ac7c61f668 (v24.09.2)
CVE-2024-11931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
CVE-2025-0314 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab 17.6.5-1
CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any platfor ...)
@@ -39819,7 +39819,7 @@ CVE-2024-10862 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms
CVE-2024-10858 (The Jetpack WordPress plugin before 14.1 does not properly checks the ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5117 (An issue was discovered in GitLab CE/EE affecting all versions before ...)
- - gitlab <unfixed>
+ - gitlab 17.6.5-1
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/398250
CVE-2024-8721 (The Tracking Code Manager plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87b263cc15c212e52a6b0eedc7c82fba8bc66254
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87b263cc15c212e52a6b0eedc7c82fba8bc66254
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250423/2b9ea697/attachment.htm>
More information about the debian-security-tracker-commits
mailing list