[Git][security-tracker-team/security-tracker][master] Add new gitlab issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 26 10:18:31 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9427363a by Salvatore Bonaccorso at 2026-03-26T11:18:09+01:00
Add new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -492,13 +492,13 @@ CVE-2026-31913 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2026-30587 (Multiple Stored XSS vulnerabilities exist in Seafile Server version 13 ...)
TODO: check
CVE-2026-2995 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab EE)
CVE-2026-2973 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2026-2745 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2026-2726 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2026-2414 (Authorization bypass through User-Controlled key vulnerability in HYPR ...)
NOT-FOR-US: HYPR
CVE-2026-2349 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
@@ -927,7 +927,7 @@ CVE-2026-20004 (A vulnerability in the TLS library of Cisco IOS XE Software coul
CVE-2026-1917 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
NOT-FOR-US: Drupal core and addons
CVE-2026-1724 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- TODO: check
+ - gitlab <not-affected> (Vulnerable code not present)
CVE-2026-1712 (Incorrect privilege assignment vulnerability in HYPR Server allows Pri ...)
NOT-FOR-US: HYPR
CVE-2026-1001 (Domoticz versions prior to 2026.1 contain a stored cross-site scriptin ...)
@@ -961,11 +961,11 @@ CVE-2025-27260 (Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains
CVE-2025-14790 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allo ...)
NOT-FOR-US: IBM
CVE-2025-14595 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab EE)
CVE-2025-13436 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-13078 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2025-12708 (IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that c ...)
NOT-FOR-US: IBM
CVE-2024-58341 (OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9427363af36179bf6b902bb6f79d1c4782a69fd5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9427363af36179bf6b902bb6f79d1c4782a69fd5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260326/aee1898a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list