Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a302c90e by security tracker role at 2024-02-23T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,86 +1,158 @@
-CVE-2024-26597 [net: qualcomm: rmnet: fix global oob in rmnet_policy]
+CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are
vulnerabl ...)
+ TODO: check
+CVE-2024-27318 (Versions of the package onnx before and including 1.15.0 are
vulnerabl ...)
+ TODO: check
+CVE-2024-26150 (`@backstage/backend-common` is a common functionality library
for back ...)
+ TODO: check
+CVE-2024-25928 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-25915 (Server-Side Request Forgery (SSRF) vulnerability in Raaj
Trambadia Pex ...)
+ TODO: check
+CVE-2024-25629 (c-ares is a C library for asynchronous DNS requests.
`ares__read_line( ...)
+ TODO: check
+CVE-2024-23320 (Improper Input Validation vulnerability in Apache
DolphinScheduler. An ...)
+ TODO: check
+CVE-2024-22776 (Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all
text-bas ...)
+ TODO: check
+CVE-2024-1834 (A vulnerability was found in SourceCodester Simple Student
Attendance ...)
+ TODO: check
+CVE-2024-1833 (A vulnerability was found in SourceCodester Employee Management
System ...)
+ TODO: check
+CVE-2024-1832 (A vulnerability has been found in SourceCodester Complete File
Managem ...)
+ TODO: check
+CVE-2024-1831 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-1830 (A vulnerability was found in code-projects Library System 1.0.
It has ...)
+ TODO: check
+CVE-2024-1829 (A vulnerability was found in code-projects Library System 1.0.
It has ...)
+ TODO: check
+CVE-2024-1828 (A vulnerability was found in code-projects Library System 1.0.
It has ...)
+ TODO: check
+CVE-2024-1827 (A vulnerability was found in code-projects Library System 1.0
and clas ...)
+ TODO: check
+CVE-2024-1826 (A vulnerability has been found in code-projects Library System
1.0 and ...)
+ TODO: check
+CVE-2024-1825 (A vulnerability, which was classified as problematic, was found
in Cod ...)
+ TODO: check
+CVE-2024-1824 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2024-1823 (A vulnerability classified as critical was found in CodeAstro
Simple V ...)
+ TODO: check
+CVE-2024-1822 (A vulnerability classified as problematic has been found in
PHPGurukul ...)
+ TODO: check
+CVE-2024-1821 (A vulnerability was found in code-projects Crime Reporting
System 1.0. ...)
+ TODO: check
+CVE-2024-1820 (A vulnerability was found in code-projects Crime Reporting
System 1.0. ...)
+ TODO: check
+CVE-2024-1819 (A vulnerability was found in CodeAstro Membership Management
System 1. ...)
+ TODO: check
+CVE-2024-1818 (A vulnerability was found in CodeAstro Membership Management
System 1. ...)
+ TODO: check
+CVE-2024-1817 (A vulnerability has been found in Demososo DM Enterprise
Website Build ...)
+ TODO: check
+CVE-2024-1590 (The Page Builder: Pagelayer \u2013 Drag and Drop website
builder plugi ...)
+ TODO: check
+CVE-2024-1362 (The Colibri Page Builder plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2024-1361 (The Colibri Page Builder plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2024-1360 (The Colibri WP theme for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2024-0563 (Denial of service condition in M-Files Server inversions before
24.2 ( ...)
+ TODO: check
+CVE-2023-52457 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2023-51394 (High traffic environments may result in NULL Pointer
Dereference vulne ...)
+ TODO: check
+CVE-2023-51393 (Due to an allocation of resources without limits, an
uncontrolled reso ...)
+ TODO: check
+CVE-2023-51392 (Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM
instead of ...)
+ TODO: check
+CVE-2023-4826 (The SocialDriver WordPress theme before version 2024 has a
prototype p ...)
+ TODO: check
+CVE-2024-26597 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
NOTE:
https://git.kernel.org/linus/b33fb5b801c6db408b774a68e7c8722796b59ecc (6.8-rc1)
-CVE-2023-52464 [EDAC/thunderx: Fix possible out-of-bounds string access]
+CVE-2023-52464 (In the Linux kernel, the following vulnerability has been
resolved: E ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
NOTE:
https://git.kernel.org/linus/475c58e1a471e9b873e3e39958c64a2d278275c8 (6.8-rc1)
-CVE-2023-52463 [efivarfs: force RO when remounting if SetVariable is not
supported]
+CVE-2023-52463 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0e8d2444168dd519fea501599d150e62718ed2fe (6.8-rc1)
-CVE-2023-52459 [media: v4l: async: Fix duplicated list deletion]
+CVE-2023-52459 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2 (6.8-rc1)
-CVE-2024-26599 [pwm: Fix out-of-bounds access in of_pwm_single_xlate()]
+CVE-2024-26599 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a297d07b9a1e4fb8cda25a4a2363a507d294b7c9 (6.8-rc1)
-CVE-2024-26598 [KVM: arm64: vgic-its: Avoid potential UAF in LPI translation
cache]
+CVE-2024-26598 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
NOTE:
https://git.kernel.org/linus/ad362fe07fecf0aba839ff2cc59a3617bd42c33f (6.8-rc1)
-CVE-2024-26596 [net: dsa: fix netdev_priv() dereference before check on
non-DSA netdevice events]
+CVE-2024-26596 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/844f104790bd69c2e4dbb9ee3eba46fde1fcea7b (6.8-rc1)
-CVE-2024-26595 [mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in
error path]
+CVE-2024-26595 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.6.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809 (6.8-rc1)
-CVE-2023-52461 [drm/sched: Fix bounds limiting when given a malformed entity]
+CVE-2023-52461 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2bbe6ab2be53858507f11f99f856846d04765ae3 (6.8-rc1)
-CVE-2023-52462 [bpf: fix check for attempt to corrupt spilled pointer]
+CVE-2023-52462 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae (6.8-rc1)
-CVE-2023-52460 [drm/amd/display: Fix NULL pointer dereference at hibernate]
+CVE-2023-52460 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b719a9c15d52d4f56bdea8241a5d90fd9197ce99 (6.8-rc1)
-CVE-2023-52458 [block: add check that partition length needs to be aligned
with block size]
+CVE-2023-52458 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE:
https://git.kernel.org/linus/6f64f866aa1ae6975c95d805ed51d7e9433a0016 (6.8-rc1)
-CVE-2023-52456 [serial: imx: fix tx statemachine deadlock]
+CVE-2023-52456 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0 (6.8-rc1)
-CVE-2023-52455 [iommu: Don't reserve 0-length IOVA region]
+CVE-2023-52455 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bb57f6705960bebeb832142ce9abf43220c3eab1 (6.8-rc1)
-CVE-2023-52454 [nvmet-tcp: Fix a kernel panic when host sends an invalid H2C
PDU length]
+CVE-2023-52454 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/efa56305908ba20de2104f1b8508c6a7401833be (6.8-rc1)
-CVE-2023-52453 [hisi_acc_vfio_pci: Update migration data pointer correctly on
saving/resume]
+CVE-2023-52453 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/be12ad45e15b5ee0e2526a50266ba1d295d26a88 (6.8-rc1)
-CVE-2024-26594 [ksmbd: validate mech token in session setup]
+CVE-2024-26594 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -91,7 +163,7 @@ CVE-2024-22025
NOTE: https://nodejs.org/en/blog/release/v18.19.1
NOTE:
https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda
(v18.x)
NOTE:
https://github.com/nodejs/node/commit/9052ef43dc2d1b0db340591a9bc9e45a25c01d90
(main)
-CVE-2024-26593 [i2c: i801: Fix block process call transactions]
+CVE-2024-26593 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21 (6.8-rc5)
CVE-2024-23807
@@ -885,7 +957,7 @@ CVE-2024-1554 (The `fetch()` API and navigation incorrectly
shared the same cach
- firefox 123.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1554
CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7,
and Thun ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -893,7 +965,7 @@ CVE-2024-1553 (Memory safety bugs present in Firefox 122,
Firefox ESR 115.7, and
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1553
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1553
CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric
convers ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -901,7 +973,7 @@ CVE-2024-1552 (Incorrect code generation could have led to
unexpected numeric co
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1552
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1552
CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in
multipar ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -909,7 +981,7 @@ CVE-2024-1551 (Set-Cookie response headers were being
incorrectly honored in mul
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1551
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1551
CVE-2024-1550 (A malicious website could have used a combination of exiting
fullscree ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -917,7 +989,7 @@ CVE-2024-1550 (A malicious website could have used a
combination of exiting full
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1550
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1550
CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor
could h ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -925,7 +997,7 @@ CVE-2024-1549 (If a website set a large custom cursor,
portions of the cursor co
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1549
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1549
CVE-2024-1548 (A website could have obscured the fullscreen notification by
using a d ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -933,7 +1005,7 @@ CVE-2024-1548 (A website could have obscured the
fullscreen notification by usin
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1548
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1548
CVE-2024-1547 (Through a series of API calls and redirects, an
attacker-controlled al ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -941,7 +1013,7 @@ CVE-2024-1547 (Through a series of API calls and
redirects, an attacker-controll
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1547
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1547
CVE-2024-1546 (When storing and re-accessing data on a networking channel, the
length ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -5231,7 +5303,8 @@ CVE-2023-7225 (The MapPress Maps for WordPress plugin for
WordPress is vulnerabl
NOT-FOR-US: WordPress plugin
CVE-2023-5372 (The post-authentication command injection vulnerability in
Zyxel NAS32 ...)
NOT-FOR-US: Zyxel
-CVE-2023-52071 (tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to
contain ...)
+CVE-2023-52071
+ REJECTED
- curl 8.4.0-1 (unimportant)
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -12609,7 +12682,7 @@ CVE-2023-50272 (A potential security vulnerability has
been identified in HPE In
NOT-FOR-US: HPE
CVE-2023-49706 (Defective request context handling in Self Service in LinOTP
3.x befor ...)
NOT-FOR-US: LinOTP
-CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in
KodeExplorer ve ...)
+CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in
KodExplorer ver ...)
NOT-FOR-US: kalcaddle KodExplorer
CVE-2023-49006 (Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo
version ...)
- phpsysinfo 3.4.3-1
@@ -67311,8 +67384,8 @@ CVE-2023-24418 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24417 (Cross-Site Request Forgery (CSRF) vulnerability in
tiggersWelt.Net Wor ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24416
- RESERVED
+CVE-2023-24416 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in
QuantumCloud AI Cha ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft
Photo Gall ...)
@@ -91270,8 +91343,8 @@ CVE-2022-43844 (IBM Robotic Process Automation for
Cloud Pak 20.12 through 21.0.
NOT-FOR-US: IBM
CVE-2022-43843 (IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than
expected c ...)
NOT-FOR-US: IBM
-CVE-2022-43842
- RESERVED
+CVE-2022-43842 (IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL
injection. ...)
+ TODO: check
CVE-2022-43841
RESERVED
CVE-2022-43840
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a302c90e96d400ccd53f43c546d776c01944cc44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a302c90e96d400ccd53f43c546d776c01944cc44
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
