[Git][security-tracker-team/security-tracker][master] new gitlab issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cac82bf8 by Moritz Muehlenhoff at 2025-05-23T09:35:13+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-5074 (A vulnerability, which was classified as critical, was found in F
 CVE-2025-5073 (A vulnerability, which was classified as critical, has been found in F ...)
 	NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-4979 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-4419 (The Hot Random Image plugin for WordPress is vulnerable to Path Traver ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4405 (The Hot Random Image plugin for WordPress is vulnerable to Stored Cros ...)
@@ -89,7 +89,7 @@ CVE-2025-3836 (ZohocorpManageEngine ADAudit Plus versions 8510 and prior are vul
 CVE-2025-3444 (Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus vers ...)
 	NOT-FOR-US: Zoho
 CVE-2025-3111 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-33138 (IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection ...)
 	NOT-FOR-US: IBM
 CVE-2025-33137 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated us ...)
@@ -115,7 +115,7 @@ CVE-2025-30170 (Exposure of file path, file size or file existence vulnerabiliti
 CVE-2025-30169 (File upload and execute vulnerabilities in ASPECT allow PHP script inj ...)
 	NOT-FOR-US: ABB group
 CVE-2025-2853 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-2506 (When pglogical attempts to replicate data, it does not verify it is us ...)
 	TODO: check
 CVE-2025-2410 (Port manipulation vulnerabilities in ASPECT provide attackers with the ...)
@@ -129,13 +129,13 @@ CVE-2025-23183 (CWE-601: URL Redirection to Untrusted Site ('Open Redirect'))
 CVE-2025-23182 (CWE-203: Observable Discrepancy)
 	TODO: check
 CVE-2025-1110 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-0993 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-0679 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-0605 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-9639 (Remote Code Execution vulnerabilities are present in ASPECT if session ...)
 	NOT-FOR-US: ABB group
 CVE-2024-9544 (The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
@@ -219,7 +219,7 @@ CVE-2024-13929 (Servlet injection vulnerabilities in ASPECT allow remote code ex
 CVE-2024-13928 (SQL injection vulnerabilities in ASPECT allow unintended access and ma ...)
 	NOT-FOR-US: ABB group
 CVE-2024-12093 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-47466 (TagLib before 2.0 allows a segmentation violation and application cras ...)
 	- taglib 2.0.2-1
 	NOTE: https://github.com/taglib/taglib/issues/1163



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cac82bf8c3325cb1204eda96aabc084bb5a0aa27

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cac82bf8c3325cb1204eda96aabc084bb5a0aa27
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250523/491afb34/attachment.htm>