CVE-2025-11042 vulnerabilities

Vulnerabilities for packages: gitlab-workhorse-ce-fips, gitlab-rails-ce-fips, gitlab-rails-ce, gitlab-workhorse-ce...

CVE-2019-11042

creationtimestamp| type| source ---|---|--- 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

MiracleLinux 8 : php:7.2 (AXSA:2020-845:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-845:01 advisory. php: Invalid memory access in function xmlrpcdecode CVE-2019-9020 php: File rename across filesystems may allow unwanted access during processing...

CVE-2025-11042

Summary (CVE-2025-11042) : GitLab CE/ EE suffers a DoS-style flaw where specific GraphQL queries can cause uncontrolled CPU consumption across affected versions: 17.2–before 18.2.7, 18.3–before 18.3.3, and 18.4–before 18.4.1. The issue is linked to resource management during GraphQL handling and ...

CVE-2025-11042 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while using specific GraphQL queries...

CVE-2025-11042

Removed by vendor...

GitLab 17.2 < 18.2.7 / 18.3 < 18.3.3 / 18.4 < 18.4.1 (CVE-2025-11042)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Allocation of Resources Without Limits or Throttling in GitLab CVE-2025-11042 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Oracle Linux 8 : socat (ELSA-2025-11042)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-11042 advisory. - add fix for CVE-2024-54661 Resolves: RHEL-70095 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

CVE-2016-11042

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 June 2016...

CVE-2024-11042

creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:22+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmh7do2f2u 2025-04-15 21:02:25+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lmuxxzm5tp2e...

CVE-2024-11042

CVE-2024-11042 affects invoke-ai/invokeai v5.0.2. The web API endpoint POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion , enabling an attacker to delete arbitrary server files (e.g., SSH keys, SQLite databases, configuration files), potentially compromising integrity and availa...

CVE-2024-11042 Arbitrary File Delete in invoke-ai/invokeai

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

Linux Distros Unpatched Vulnerability : CVE-2019-11042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and...

Rocky Linux 8 : php:7.2 (RLSA-2020:1624)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:1624 advisory. - In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an...

[SECURITY] [DLA 3606-1] freerdp2 security update

Debian LTS Advisory DLA-3606-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost October 07, 2023 https://wiki.debian.org/LTS Package : freerdp2 Version : 2.3.0+dfsg1-2+deb10u3 CVE ID : CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 CVE-2020-11017 CVE-2020-110...

Mageia: Security Advisory (MGASA-2019-0218)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : php7 (openSUSE-SU-2021:1130-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1130-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...

openSUSE 15 Security Update : php7 (openSUSE-SU-2021:2575-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2575-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...

SUSE SLES11 Security Update : php53 (SUSE-SU-2019:14158-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14158-1 advisory. - When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1...

SUSE: Security Advisory (SUSE-SU-2019:2503-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...