Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
71bb9f02 by security tracker role at 2024-03-04T20:11:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,129 +1,215 @@
-CVE-2021-47108 [drm/mediatek: hdmi: Perform NULL pointer check for
mtk_hdmi_conf]
+CVE-2024-2167
+ REJECTED
+CVE-2024-2048 (Vault and Vault Enterprise (\u201cVault\u201d) TLS certificate
auth me ...)
+ TODO: check
+CVE-2024-27889 (Multiple SQL Injection vulnerabilities exist in the reporting
applicat ...)
+ TODO: check
+CVE-2024-27694 (FlyCms v1.0 was discovered to contain a Cross-Site Request
Forgery (CS ...)
+ TODO: check
+CVE-2024-27684 (A Cross-site scripting (XSS) vulnerability in dlapn.cgi,
dldongle.cgi, ...)
+ TODO: check
+CVE-2024-27680 (Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS)
in the " ...)
+ TODO: check
+CVE-2024-27668 (Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS)
in 'Custo ...)
+ TODO: check
+CVE-2024-27199 (In JetBrains TeamCity before 2023.11.4 path traversal allowing
to perf ...)
+ TODO: check
+CVE-2024-27198 (In JetBrains TeamCity before 2023.11.4 authentication bypass
allowing ...)
+ TODO: check
+CVE-2024-24901 (Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an
insufficient lo ...)
+ TODO: check
+CVE-2024-22463 (Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of
a broken ...)
+ TODO: check
+CVE-2024-22452 (Dell Display and Peripheral Manager for macOS prior to 1.3
contains an ...)
+ TODO: check
+CVE-2024-1788
+ REJECTED
+CVE-2024-0686
+ REJECTED
+CVE-2024-0156 (Dell Digital Delivery, versions prior to 5.0.86.0, contain a
Buffer Ov ...)
+ TODO: check
+CVE-2024-0155 (Dell Digital Delivery, versions prior to 5.0.86.0, contain a
Use After ...)
+ TODO: check
+CVE-2023-6241 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel
Driver, Arm ...)
+ TODO: check
+CVE-2023-6143 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel
Driver, Arm ...)
+ TODO: check
+CVE-2023-6068 (On affected 7130 Series FPGA platforms running MOS and recent
versions ...)
+ TODO: check
+CVE-2023-5451 (Forcepoint NGFW Security Management Center Management Server
has SMC ...)
+ TODO: check
+CVE-2023-43553 (Memory corruption while parsing beacon/probe response frame
when AP se ...)
+ TODO: check
+CVE-2023-43552 (Memory corruption while processing MBSSID beacon containing
several su ...)
+ TODO: check
+CVE-2023-43550 (Memory corruption while processing a QMI request for
allocating memory ...)
+ TODO: check
+CVE-2023-43549 (Memory corruption while processing TPC target power table in
FTM TPC.)
+ TODO: check
+CVE-2023-43548 (Memory corruption while parsing qcp clip with invalid chunk
data size.)
+ TODO: check
+CVE-2023-43547 (Memory corruption while invoking IOCTLs calls in Automotive
Multimedia ...)
+ TODO: check
+CVE-2023-43546 (Memory corruption while invoking HGSL IOCTL context create.)
+ TODO: check
+CVE-2023-43541 (Memory corruption while invoking the SubmitCommands call on
Gfx engine ...)
+ TODO: check
+CVE-2023-43540 (Memory corruption while processing the IOCTL FM HCI WRITE
request.)
+ TODO: check
+CVE-2023-43539 (Transient DOS while processing an improperly formatted
802.11az Fine T ...)
+ TODO: check
+CVE-2023-38362 (IBM CICS TX Advanced 10.1 could disclose sensitive information
to a re ...)
+ TODO: check
+CVE-2023-38360 (IBM CICS TX Advanced 10.1 is vulnerable to cross-site
scripting. This ...)
+ TODO: check
+CVE-2023-33105 (Transient DOS in WLAN Host and Firmware when large number of
open auth ...)
+ TODO: check
+CVE-2023-33104 (Transient DOS while processing PDU Release command with a
parameter PD ...)
+ TODO: check
+CVE-2023-33103 (Transient DOS while processing CAG info IE received from NW.)
+ TODO: check
+CVE-2023-33096 (Transient DOS while processing DL NAS Transport message, as
specified ...)
+ TODO: check
+CVE-2023-33095 (Transient DOS while processing multiple payload container type
with in ...)
+ TODO: check
+CVE-2023-33090 (Transient DOS while processing channel information for speaker
protect ...)
+ TODO: check
+CVE-2023-33086 (Transient DOS while processing multiple IKEV2 Informational
Request to ...)
+ TODO: check
+CVE-2023-33084 (Transient DOS while processing IE fragments from server during
DTLS ha ...)
+ TODO: check
+CVE-2023-33078 (Information Disclosure while processing IOCTL request in
FastRPC.)
+ TODO: check
+CVE-2023-33066 (Memory corruption in Audio while processing RT proxy port
register dri ...)
+ TODO: check
+CVE-2023-32331 (IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer
overflow ...)
+ TODO: check
+CVE-2021-47108 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3b8e19a0aa3933a785be9f1541afd8d398c4ec69 (5.16-rc7)
-CVE-2021-47107 [NFSD: Fix READDIR buffer overflow]
+CVE-2021-47107 (In the Linux kernel, the following vulnerability has been
resolved: N ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/53b1119a6e5028b125f431a0116ba73510d82a72 (5.16-rc7)
-CVE-2021-47106 [netfilter: nf_tables: fix use-after-free in
nft_set_catchall_destroy()]
+CVE-2021-47106 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0f7d9b31ce7abdbb29bf018131ac920c9f698518 (5.16-rc7)
-CVE-2021-47105 [ice: xsk: return xsk buffers back to pool when cleaning the
ring]
+CVE-2021-47105 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05 (5.16-rc7)
-CVE-2021-47104 [IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()]
+CVE-2021-47104 (In the Linux kernel, the following vulnerability has been
resolved: I ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/bee90911e0138c76ee67458ac0d58b38a3190f65 (5.16-rc7)
-CVE-2021-47103 [inet: fully convert sk->sk_rx_dst to RCU rules]
+CVE-2021-47103 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.158-1
[buster] - linux 4.19.269-1
NOTE:
https://git.kernel.org/linus/8f905c0e7354ef261360fb7535ea079b1082c105 (5.16-rc7)
-CVE-2021-47102 [net: marvell: prestera: fix incorrect structure access]
+CVE-2021-47102 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2efc2256febf214e7b2bdaa21fe6c3c3146acdcb (5.16-rc7)
-CVE-2021-47101 [asix: fix uninit-value in asix_mdio_read()]
+CVE-2021-47101 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 5.15.15-1
NOTE:
https://git.kernel.org/linus/8035b1a2a37a29d8c717ef84fca8fe7278bc9f03 (5.16-rc7)
-CVE-2021-47100 [ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler
module]
+CVE-2021-47100 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/ffb76a86f8096a8206be03b14adda6092e18e275 (5.16-rc7)
-CVE-2021-47099 [veth: ensure skb entering GRO are not cloned.]
+CVE-2021-47099 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9695b7de5b4760ed22132aca919570c0190cb0ce (5.16-rc7)
-CVE-2021-47098 [hwmon: (lm90) Prevent integer overflow/underflow in hysteresis
calculations]
+CVE-2021-47098 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/55840b9eae5367b5d5b29619dc2fb7e4596dba46 (5.16-rc7)
-CVE-2021-47097 [Input: elantech - fix stack out of bound access in
elantech_change_report_id()]
+CVE-2021-47097 (In the Linux kernel, the following vulnerability has been
resolved: I ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1d72d9f960ccf1052a0630a68c3d358791dbdaaa (5.16-rc7)
-CVE-2021-47096 [ALSA: rawmidi - fix the uninitalized user_pversion]
+CVE-2021-47096 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/39a8fc4971a00d22536aeb7d446ee4a97810611b (5.16-rc7)
-CVE-2021-47095 [ipmi: ssif: initialize ssif_info->client early]
+CVE-2021-47095 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/34f35f8f14bc406efc06ee4ff73202c6fd245d15 (5.16-rc7)
-CVE-2021-47094 [KVM: x86/mmu: Don't advance iterator after restart due to
yielding]
+CVE-2021-47094 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3a0f64de479cae75effb630a2e0a237ca0d0623c (5.16-rc7)
-CVE-2021-47093 [platform/x86: intel_pmc_core: fix memleak on registration
failure]
+CVE-2021-47093 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/26a8b09437804fabfb1db080d676b96c0de68e7c (5.16-rc7)
-CVE-2021-47092 [KVM: VMX: Always clear vmx->fail on emulation_required]
+CVE-2021-47092 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a80dfc025924024d2c61a4c1b8ef62b2fce76a04 (5.16-rc7)
-CVE-2021-47091 [mac80211: fix locking in ieee80211_start_ap error path]
+CVE-2021-47091 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/87a270625a89fc841f1a7e21aae6176543d8385c (5.16-rc7)
-CVE-2021-47090 [mm/hwpoison: clear MF_COUNT_INCREASED before retrying
get_any_page()]
+CVE-2021-47090 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2a57d83c78f889bf3f54eede908d0643c40d5418 (5.16-rc7)
-CVE-2021-47089 [kfence: fix memory leak when cat kfence objects]
+CVE-2021-47089 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0129ab1f268b6cf88825eae819b9b84aa0a85634 (5.16-rc7)
-CVE-2021-47088 [mm/damon/dbgfs: protect targets destructions with kdamond_lock]
+CVE-2021-47088 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/34796417964b8d0aef45a99cf6c2d20cebe33733 (5.16-rc7)
-CVE-2021-47087 [tee: optee: Fix incorrect page free bug]
+CVE-2021-47087 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/18549bf4b21c739a9def39f27dcac53e27286ab5 (5.16-rc7)
-CVE-2021-47086 [phonet/pep: refuse to enable an unbound pipe]
+CVE-2021-47086 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/75a2f31520095600f650597c0ac41f48b5ba0068 (5.16-rc7)
-CVE-2021-47085 [hamradio: improve the incomplete fix to avoid NPD]
+CVE-2021-47085 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/b2f37aead1b82a770c48b5d583f35ec22aabb61e (5.16-rc7)
-CVE-2021-47084 [hamradio: defer ax25 kfree after unregister_netdev]
+CVE-2021-47084 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/3e0588c291d6ce225f2b891753ca41d45ba42469 (5.16-rc1)
-CVE-2021-47083 [pinctrl: mediatek: fix global-out-of-bounds issue]
+CVE-2021-47083 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
NOTE:
https://git.kernel.org/linus/2d5446da5acecf9c67db1c9d55ae2c3e5de01f8d (5.16-rc7)
-CVE-2021-47082 [tun: avoid double free in tun_free_netdev]
+CVE-2021-47082 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.136-1
[buster] - linux 4.19.282-1
@@ -57523,16 +57609,16 @@ CVE-2023-28584 (Transient DOS in WLAN Host when a
mobile station receives invali
NOT-FOR-US: Qualcomm
CVE-2023-28583 (Memory corruption when IPv6 prefix timer object`s lifetime
expires whi ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28582
- RESERVED
+CVE-2023-28582 (Memory corruption in Data Modem while verifying hello-verify
message d ...)
+ TODO: check
CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK
Keys in ...)
NOT-FOR-US: Qualcomm
CVE-2023-28580 (Memory corruption in WLAN Host while setting the PMK length in
PMK len ...)
NOT-FOR-US: Qualcomm
CVE-2023-28579 (Memory Corruption in WLAN Host while deserializing the input
PMK bytes ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28578
- RESERVED
+CVE-2023-28578 (Memory corruption in Core Services while executing the command
for rem ...)
+ TODO: check
CVE-2023-28577 (In the function call related to CAM_REQ_MGR_RELEASE_BUF there
is no ch ...)
NOT-FOR-US: Qualcomm
CVE-2023-28576 (The buffer obtained from kernel APIs such as
cam_mem_get_cpu_buf() may ...)
@@ -94249,8 +94335,8 @@ CVE-2022-43892 (IBM Security Verify Privilege
On-Premises 11.5 does not validate
NOT-FOR-US: IBM
CVE-2022-43891 (IBM Security Verify Privilege On-Premises 11.5 could allow a
remote at ...)
NOT-FOR-US: IBM
-CVE-2022-43890
- RESERVED
+CVE-2022-43890 (IBM Security Verify Privilege On-Premises 11.5 could disclose
sensitiv ...)
+ TODO: check
CVE-2022-43889 (IBM Security Verify Privilege On-Premises 11.5 could disclose
sensitiv ...)
NOT-FOR-US: IBM
CVE-2022-43888
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71bb9f02ef1dfa96fe093cdad6b940ece9991818
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71bb9f02ef1dfa96fe093cdad6b940ece9991818
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
