FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-05-30 02:45:38 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a1a1b0c2-3791-11f0-8600-2cf05da270f3	Gitlab -- vulnerabilities Gitlab reports: Unprotected large blob endpoint in GitLab allows Denial of Service Improper XPath validation allows modified SAML response to bypass 2FA requirement A Discord webhook integration may cause DoS Unbounded Kubernetes cluster tokens may lead to DoS Unvalidated notes position may lead to Denial of Service Hidden/masked variables may get exposed in the UI Two-factor authentication requirement bypass View full email addresses that should be partially obscured Branch name confusion in confidential MRs Unauthorized access to job data via a GraphQL query Discovery 2025-05-21 Entry 2025-05-23 gitlab-ce gitlab-ee >= 18.0.0 lt 18.0.1 >= 17.11.0 lt 17.11.3 >= 10.2.0 lt 17.10.7 CVE-2025-0993 CVE-2024-12093 CVE-2024-7803 CVE-2025-3111 CVE-2025-2853 CVE-2025-4979 CVE-2025-0605 CVE-2025-0679 CVE-2024-9163 CVE-2025-1110 https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/
6943cbf2-2d55-11f0-9471-2cf05da270f3	Gitlab -- vulnerabilities Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project Discovery 2025-05-07 Entry 2025-05-10 gitlab-ce gitlab-ee >= 17.11.0 lt 17.11.2 >= 17.10.0 lt 17.10.6 >= 12.0.0 lt 17.9.8 CVE-2025-0549 CVE-2024-8973 CVE-2025-1278 https://about.gitlab.com/releases/2025/05/07/patch-release-gitlab-17-11-2-released/

VuXML ID

Description

a1a1b0c2-3791-11f0-8600-2cf05da270f3

Gitlab -- vulnerabilities

Gitlab reports:

Unprotected large blob endpoint in GitLab allows Denial of Service

Improper XPath validation allows modified SAML response to bypass 2FA requirement

A Discord webhook integration may cause DoS

Unbounded Kubernetes cluster tokens may lead to DoS

Unvalidated notes position may lead to Denial of Service

Hidden/masked variables may get exposed in the UI

Two-factor authentication requirement bypass

View full email addresses that should be partially obscured

Branch name confusion in confidential MRs

Unauthorized access to job data via a GraphQL query

Discovery 2025-05-21
Entry 2025-05-23
gitlab-ce
gitlab-ee

>= 18.0.0 lt 18.0.1

>= 17.11.0 lt 17.11.3

>= 10.2.0 lt 17.10.7

CVE-2025-0993
CVE-2024-12093
CVE-2024-7803
CVE-2025-3111
CVE-2025-2853
CVE-2025-4979
CVE-2025-0605
CVE-2025-0679
CVE-2024-9163
CVE-2025-1110
https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/

6943cbf2-2d55-11f0-9471-2cf05da270f3

Gitlab -- vulnerabilities

Gitlab reports:

Partial Bypass for Device OAuth flow using Cross Window Forgery

Denial of service by abusing Github import API

Group IP restriction bypass allows disclosing issue title of restricted project

Discovery 2025-05-07
Entry 2025-05-10
gitlab-ce
gitlab-ee

>= 17.11.0 lt 17.11.2

>= 17.10.0 lt 17.10.6

>= 12.0.0 lt 17.9.8

CVE-2025-0549
CVE-2024-8973
CVE-2025-1278
https://about.gitlab.com/releases/2025/05/07/patch-release-gitlab-17-11-2-released/