[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Feb 13 15:33:34 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8818ae2b by Moritz Mühlenhoff at 2025-02-13T16:33:16+01:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2024-3303
+	- gitlab <not-affected> (Specific to EE)
 CVE-2025-0998
 	- chromium 133.0.6943.98-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -23,7 +25,7 @@ CVE-2025-1227 (A vulnerability was found in ywoa up to 2024.07.03. It has been r
 CVE-2025-1226 (A vulnerability was found in ywoa up to 2024.07.03. It has been declar ...)
 	NOT-FOR-US: ywoa
 CVE-2025-1198 (An issue discovered in GitLab CE/EE affecting all versions from 16.11  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-1070 (CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2025-1060 (CWE-319: Cleartext Transmission of Sensitive Information vulnerability ...)
@@ -366,7 +368,7 @@ CVE-2025-1214 (A vulnerability classified as critical has been found in pihome-s
 CVE-2025-1213 (A vulnerability was found in pihome-shc PiHome 1.77. It has been rated ...)
 	NOT-FOR-US: pihome-shc PiHome
 CVE-2025-1212 (An information disclosure vulnerability in GitLab CE/EE affecting all  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-1210 (A vulnerability classified as critical was found in code-projects Wazi ...)
 	NOT-FOR-US: code-projects Wazifa System
 CVE-2025-1209 (A vulnerability classified as problematic has been found in code-proje ...)
@@ -412,7 +414,7 @@ CVE-2025-1101 (A CWE-204 "Observable Response Discrepancy" in the login page in
 CVE-2025-1100 (A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free  ...)
 	NOT-FOR-US: Q-Free MaxTime
 CVE-2025-1042 (An insecure direct object reference vulnerability in GitLab EE affecti ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2025-0937 (Nomad Community and Nomad Enterprise ("Nomad") event stream configured ...)
 	TODO: check
 CVE-2025-0925
@@ -422,17 +424,17 @@ CVE-2025-0919
 CVE-2025-0556 (In Progress\xae Telerik\xae Report Server, versions prior to 2025 Q1 ( ...)
 	NOT-FOR-US: Progress Telerik Report Server
 CVE-2025-0516 (Improper Authorization in GitLab CE/EE affecting all versions from 17. ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-0511 (The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0506 (The Rise Blocks \u2013 A Complete Gutenberg Page Builder plugin for Wo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0376 (An XSS vulnerability exists in GitLab CE/EE affecting all versions fro ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-0332 (In Progress\xae Telerik\xae UI for WinForms, versions prior to 2025 Q1 ...)
 	NOT-FOR-US: Progress Telerik
 CVE-2024-9870 (An external service interaction vulnerability in GitLab EE affecting a ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2024-6097 (In Progress\xae Telerik\xae Reporting versions prior to 2025 Q1 (19.0. ...)
 	NOT-FOR-US: Progress Telerik
 CVE-2024-54160 (dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as ship ...)
@@ -474,7 +476,7 @@ CVE-2024-12629 (In Progress\xae Telerik\xae KendoReact versions v3.5.0 through v
 CVE-2024-12386 (The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Requ ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12379 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-12315 (The Export All Posts, Products, Orders, Refunds & Users plugin for Wor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12296 (The Apus Framework plugin for WordPress is vulnerable to unauthorized  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8818ae2befd8a4e6bbdacbb2beba036421d0e2da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8818ae2befd8a4e6bbdacbb2beba036421d0e2da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250213/234857ad/attachment.htm>

More information about the debian-security-tracker-commits mailing list