[Git][security-tracker-team/security-tracker][master] Process some gitlab CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 12 22:03:42 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fb551c9a by Salvatore Bonaccorso at 2025-06-12T23:03:17+02:00
Process some gitlab CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,15 +9,15 @@ CVE-2025-6021 (A flaw was found in libxml2's xmlBuildQName function, where integ
CVE-2025-6003 (The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5996 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-5982 (An issue has been discovered in GitLab EE affecting all versions from ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-5485 (User names used to access the web management interface are limited to ...)
NOT-FOR-US: SinoTrack
CVE-2025-5484 (A username and password are required to authenticate to the central S ...)
NOT-FOR-US: SinoTrack
CVE-2025-5195 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2025-4613 (Path traversal in Google Web Designer's template handling versions pri ...)
NOT-FOR-US: Google Web Designer
CVE-2025-4418 (An improper validation of integrity check value vulnerability exists i ...)
@@ -25,7 +25,7 @@ CVE-2025-4418 (An improper validation of integrity check value vulnerability exi
CVE-2025-4417 (A cross-site scripting vulnerability exists in AVEVAPI Connector for ...)
NOT-FOR-US: AVEVA
CVE-2025-4278 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2025-49579 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
TODO: check
CVE-2025-49578 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
@@ -101,17 +101,17 @@ CVE-2025-36539 (AVEVA PI Data Archive products are vulnerable to an uncaught ex
CVE-2025-2745 (A cross-site scripting vulnerability exists in AVEVAPI Web API version ...)
NOT-FOR-US: AVEVA
CVE-2025-2254 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2025-29744 (pg-promise before 11.5.5 is vulnerable to SQL Injection due to imprope ...)
TODO: check
CVE-2025-1516 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-1478 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-0673 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2024-9512 (An issue has been discovered in GitLab EE affecting all versions prior ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2024-7562 (A potential elevated privilege issue has been reported with InstallShi ...)
NOT-FOR-US: InstallShield
CVE-2024-56158 (XWiki is a generic wiki platform. It's possible to execute any SQL que ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb551c9a4c32293f2f7ccad1bdd69102a9f6dd4d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb551c9a4c32293f2f7ccad1bdd69102a9f6dd4d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250612/b643e7ce/attachment.htm>
More information about the debian-security-tracker-commits
mailing list