[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Mar 12 09:22:10 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c26fb1a by Moritz Muehlenhoff at 2026-03-12T10:20:57+01:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -244,7 +244,7 @@ CVE-2026-1653 (A potential divide by zero vulnerability was reported in the Leno
 CVE-2026-1652 (A potential buffer overflow vulnerability was reported in the Lenovo V ...)
 	NOT-FOR-US: Lenovo
 CVE-2026-1182 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-1068 (An improper certificate validation vulnerability was reported in the L ...)
 	NOT-FOR-US: Lenovo
 CVE-2026-0940 (A potential improper initialization vulnerability was reported in the  ...)
@@ -291,7 +291,7 @@ CVE-2026-3943 (A vulnerability was found in H3C ACG1000-AK230 up to 20260227. Th
 CVE-2026-3906 (WordPress core is vulnerable to unauthorized access in versions 6.9 th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3848 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	- gitlab <not-affected> (Vulnerable code not present)
+	- gitlab <unfixed>
 CVE-2026-3496 (The JetBooking plugin for WordPress is vulnerable to SQL Injection via ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3492 (The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-S ...)
@@ -490,9 +490,9 @@ CVE-2026-1993 (The ExactMetrics \u2013 Google Analytics Dashboard for WordPress
 CVE-2026-1992 (The ExactMetrics \u2013 Google Analytics Dashboard for WordPress plugi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1732 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-1663 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-1524 (An edgecase in SSO implementation in Neo4j Enterprise edition versions ...)
 	TODO: check
 CVE-2026-1497 (Incorrect resolving of namespaces in composite databases in Neo4j Ente ...)
@@ -502,13 +502,13 @@ CVE-2026-1471 (Excessive caching of authentication context in Neo4j Enterprise e
 CVE-2026-1454 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1230 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-1090 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-1069 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <not-affected> (Vulnerable code introduced later)
 CVE-2026-0602 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-0231 (An information disclosure vulnerability inPalo Alto Networks Cortex XD ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2026-0230 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
@@ -538,21 +538,21 @@ CVE-2025-67035 (An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH
 CVE-2025-67034 (An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticat ...)
 	TODO: check
 CVE-2025-14513 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-13929 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-13690 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-12704 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2025-12697 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-12690 (Execution with unnecessary privileges in Forcepoint NGFW Engine allows ...)
 	NOT-FOR-US: Forcepoint
 CVE-2025-12576 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-12555 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2019-25487 (SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerabili ...)
 	TODO: check
 CVE-2019-25486 (Varient 1.6.1 contains an SQL injection vulnerability that allows unau ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c26fb1a51d310387ed43d96251bdccdbc2faac3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c26fb1a51d310387ed43d96251bdccdbc2faac3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260312/044a8d62/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list