Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
62deea4a by security tracker role at 2024-08-26T20:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,165 +1,321 @@
-CVE-2024-44942 [f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode
during GC]
+CVE-2024-8188
+ REJECTED
+CVE-2024-8174 (A vulnerability has been found in code-projects Blood Bank
System 1.0 ...)
+ TODO: check
+CVE-2024-8173 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2024-8172 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-8171 (A vulnerability classified as critical was found in
itsourcecode Tailo ...)
+ TODO: check
+CVE-2024-8170 (A vulnerability classified as problematic has been found in
SourceCode ...)
+ TODO: check
+CVE-2024-8169 (A vulnerability was found in code-projects Online Quiz Site
1.0. It ha ...)
+ TODO: check
+CVE-2024-8168 (A vulnerability was found in code-projects Online Bus
Reservation Site ...)
+ TODO: check
+CVE-2024-8167 (A vulnerability was found in code-projects Job Portal 1.0. It
has been ...)
+ TODO: check
+CVE-2024-8166 (A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and
classif ...)
+ TODO: check
+CVE-2024-8165 (A vulnerability, which was classified as problematic, was found
in Che ...)
+ TODO: check
+CVE-2024-8164 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2024-8163 (A vulnerability classified as critical was found in Chengdu
Everbrite ...)
+ TODO: check
+CVE-2024-8162 (A vulnerability classified as critical has been found in
TOTOLINK T10 ...)
+ TODO: check
+CVE-2024-8161 (SQL injection vulnerability in ATISolutions CIGES affecting
versions l ...)
+ TODO: check
+CVE-2024-8158 (A bug in the 9p authentication implementation within lib9p
allows an a ...)
+ TODO: check
+CVE-2024-8155 (A vulnerability classified as critical was found in ContiNew
Admin 3.2 ...)
+ TODO: check
+CVE-2024-8154 (A vulnerability classified as problematic has been found in
SourceCode ...)
+ TODO: check
+CVE-2024-8153 (A vulnerability was found in SourceCodester QR Code Bookmark
System 1. ...)
+ TODO: check
+CVE-2024-8152 (A vulnerability was found in SourceCodester QR Code Bookmark
System 1. ...)
+ TODO: check
+CVE-2024-8151 (A vulnerability was found in SourceCodester Interactive Map
with Marke ...)
+ TODO: check
+CVE-2024-8150 (A vulnerability was found in ContiNew Admin 3.2.0 and
classified as cr ...)
+ TODO: check
+CVE-2024-8105 (A vulnerability related to the use an insecure Platform Key
(PK) has b ...)
+ TODO: check
+CVE-2024-8073 (Improper Input Validation vulnerability in Hillstone Networks
Hillston ...)
+ TODO: check
+CVE-2024-7988 (A remote code execution vulnerability exists in the Rockwell
Automatio ...)
+ TODO: check
+CVE-2024-7987 (A remote code execution vulnerability exists in the Rockwell
Automatio ...)
+ TODO: check
+CVE-2024-7401 (Netskope was notified about a security gap in Netskope Client
enrollme ...)
+ TODO: check
+CVE-2024-7313 (The Shield Security WordPress plugin before 20.0.6 does not
sanitise ...)
+ TODO: check
+CVE-2024-6879 (The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1
fails ...)
+ TODO: check
+CVE-2024-45265 (A SQL injection vulnerability in the poll component in
SkySystem Arfa- ...)
+ TODO: check
+CVE-2024-45258 (The req package before 3.43.4 for Go may send an unintended
request wh ...)
+ TODO: check
+CVE-2024-45256 (An arbitrary file write issue in the exfiltration endpoint in
BYOB (Bu ...)
+ TODO: check
+CVE-2024-45241 (A traversal vulnerability in GeneralDocs.aspx in CentralSquare
CryWolf ...)
+ TODO: check
+CVE-2024-44797 (A cross-site scripting (XSS) vulnerability in the component
/managers/ ...)
+ TODO: check
+CVE-2024-44796 (A cross-site scripting (XSS) vulnerability in the component
/auth/Azur ...)
+ TODO: check
+CVE-2024-44795 (A cross-site scripting (XSS) vulnerability in the component
/login/dis ...)
+ TODO: check
+CVE-2024-44794 (A cross-site scripting (XSS) vulnerability in the component
/master/au ...)
+ TODO: check
+CVE-2024-44793 (A cross-site scripting (XSS) vulnerability in the component
/managers/ ...)
+ TODO: check
+CVE-2024-44565 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
serverName par ...)
+ TODO: check
+CVE-2024-44563 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
iptv.stb.port ...)
+ TODO: check
+CVE-2024-44558 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
adv.iptv.stbpv ...)
+ TODO: check
+CVE-2024-44557 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
iptv.stb.mode ...)
+ TODO: check
+CVE-2024-44556 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
adv.iptv.stbal ...)
+ TODO: check
+CVE-2024-44555 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
iptv.city.vlan ...)
+ TODO: check
+CVE-2024-44553 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
iptv.stb.mode ...)
+ TODO: check
+CVE-2024-44552 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
adv.iptv.stbal ...)
+ TODO: check
+CVE-2024-44551 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
iptv.city.vlan ...)
+ TODO: check
+CVE-2024-44550 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
adv.iptv.stbpv ...)
+ TODO: check
+CVE-2024-44549 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
iptv.stb.port ...)
+ TODO: check
+CVE-2024-43967 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-43966 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-43806 (Rustix is a set of safe Rust bindings to POSIX-ish APIs. When
using `r ...)
+ TODO: check
+CVE-2024-43802 (Vim is an improved version of the unix vi text editor. When
flushing t ...)
+ TODO: check
+CVE-2024-43444 (Passwords of agents and customers are displayed in plain text
in the O ...)
+ TODO: check
+CVE-2024-43443 (Improper Neutralization of Input done by an attacker with
admin privil ...)
+ TODO: check
+CVE-2024-43442 (Improper Neutralization of Input done by an attacker with
admin privil ...)
+ TODO: check
+CVE-2024-43319 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-43289 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-43283 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-42913 (RuoYi CMS v4.7.9 was discovered to contain a SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2024-42906 (TestLink before v.1.9.20 is vulnerable to Cross Site Scripting
(XSS) v ...)
+ TODO: check
+CVE-2024-42818 (A cross-site scripting (XSS) vulnerability in the
Config-Create functi ...)
+ TODO: check
+CVE-2024-42816 (A cross-site scripting (XSS) vulnerability in the Create
Product funct ...)
+ TODO: check
+CVE-2024-42792 (A Cross-Site Request Forgery (CSRF) vulnerability was found in
Kashipa ...)
+ TODO: check
+CVE-2024-42791 (A Cross-Site Request Forgery (CSRF) vulnerability was found in
Kashipa ...)
+ TODO: check
+CVE-2024-42790 (A Reflected Cross Site Scripting (XSS) vulnerability was found
in "/mu ...)
+ TODO: check
+CVE-2024-42789 (A Reflected Cross Site Scripting (XSS) vulnerability was found
in "/mu ...)
+ TODO: check
+CVE-2024-42788 (A Stored Cross Site Scripting (XSS) vulnerability was found in
"/music ...)
+ TODO: check
+CVE-2024-42787 (A Stored Cross Site Scripting (XSS) vulnerability was found in
"/music ...)
+ TODO: check
+CVE-2024-41996 (Validating the order of the public keys in the Diffie-Hellman
Key Agre ...)
+ TODO: check
+CVE-2024-41879 (Acrobat Reader versions 127.0.2651.105 and earlier are
affected by an ...)
+ TODO: check
+CVE-2024-41444 (SeaCMS v12.9 has a SQL injection vulnerability in the key
parameter of ...)
+ TODO: check
+CVE-2024-41285 (A stack overflow in FAST FW300R v1.3.13 Build 141023
Rel.61347n allows ...)
+ TODO: check
+CVE-2024-39097 (There is an Open Redirect vulnerability in Gnuboard v6.0.4 and
below v ...)
+ TODO: check
+CVE-2024-38859 (XSS in the view page with the SLA column configured in Checkmk
version ...)
+ TODO: check
+CVE-2024-34087 (An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32
6.0.24. ...)
+ TODO: check
+CVE-2024-28077 (A denial-of-service issue was discovered on certain GL-iNet
devices. S ...)
+ TODO: check
+CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on
Unix pla ...)
+ TODO: check
+CVE-2024-44942 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)
-CVE-2024-44941 [f2fs: fix to cover read extent cache access with lock]
+CVE-2024-44941 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)
-CVE-2024-44940 [fou: remove warn in gue_gro_receive on unsupported protocol]
+CVE-2024-44940 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)
-CVE-2024-44939 [jfs: fix null ptr deref in dtInsertEntry]
+CVE-2024-44939 (In the Linux kernel, the following vulnerability has been
resolved: j ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)
-CVE-2024-44938 [jfs: Fix shift-out-of-bounds in dbDiscardAG]
+CVE-2024-44938 (In the Linux kernel, the following vulnerability has been
resolved: j ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)
-CVE-2024-44937 [platform/x86: intel-vbtn: Protect ACPI notify handler against
recursion]
+CVE-2024-44937 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)
-CVE-2024-44936 [power: supply: rt5033: Bring back i2c_set_clientdata]
+CVE-2024-44936 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d3911f1639e67fc7b12aae0efa5a540976d7443b (6.11-rc3)
-CVE-2024-44935 [sctp: Fix null-ptr-deref in reuseport_add_sock().]
+CVE-2024-44935 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)
-CVE-2024-44934 [net: bridge: mcast: wait for previous gc cycles when removing
port]
+CVE-2024-44934 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)
-CVE-2024-44933 [bnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl()]
+CVE-2024-44933 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/da03f5d1b2c319a2b74fe76edeadcd8fa5f44376 (6.11-rc3)
-CVE-2024-44932 [idpf: fix UAFs when destroying the queues]
+CVE-2024-44932 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)
-CVE-2024-44931 [gpio: prevent potential speculation leaks in
gpio_device_get_desc()]
+CVE-2024-44931 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)
-CVE-2024-43914 [md/raid5: avoid BUG_ON() while continue reshape after
reassembling]
+CVE-2024-43914 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)
-CVE-2024-43913 [nvme: apple: fix device reference counting]
+CVE-2024-43913 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)
-CVE-2024-43912 [wifi: nl80211: disallow setting special AP channel widths]
+CVE-2024-43912 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)
-CVE-2024-43911 [wifi: mac80211: fix NULL dereference at band check in starting
tx ba session]
+CVE-2024-43911 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)
-CVE-2024-43910 [bpf: add missing check_func_arg_reg_off() to prevent
out-of-bounds memory accesses]
+CVE-2024-43910 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)
-CVE-2024-43909 [drm/amdgpu/pm: Fix the null pointer dereference for smu7]
+CVE-2024-43909 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)
-CVE-2024-43908 [drm/amdgpu: Fix the null pointer dereference to ras_manager]
+CVE-2024-43908 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)
-CVE-2024-43907 [drm/amdgpu/pm: Fix the null pointer dereference in
apply_state_adjust_rules]
+CVE-2024-43907 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)
-CVE-2024-43906 [drm/admgpu: fix dereferencing null pointer context]
+CVE-2024-43906 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)
-CVE-2024-43905 [drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr]
+CVE-2024-43905 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)
-CVE-2024-43904 [drm/amd/display: Add null checks for 'stream' and 'plane'
before dereferencing]
+CVE-2024-43904 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)
-CVE-2024-43903 [drm/amd/display: Add NULL check for 'afb' before dereferencing
in amdgpu_dm_plane_handle_cursor_update]
+CVE-2024-43903 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)
-CVE-2024-43902 [drm/amd/display: Add null checker before passing variables]
+CVE-2024-43902 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)
-CVE-2024-43901 [drm/amd/display: Fix NULL pointer dereference for DTN log in
DCN401]
+CVE-2024-43901 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/5af757124792817f8eb1bd0c80ad60fab519586b (6.11-rc1)
-CVE-2024-43900 [media: xc2028: avoid use-after-free in load_firmware_cb()]
+CVE-2024-43900 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)
-CVE-2024-43899 [drm/amd/display: Fix null pointer deref in dcn20_resource.c]
+CVE-2024-43899 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)
-CVE-2024-43898 [ext4: sanity check for NULL pointer after ext4_force_shutdown]
+CVE-2024-43898 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)
-CVE-2024-43897 [net: drop bad gso csum_start and offset in virtio_net_hdr]
+CVE-2024-43897 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.10.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/89add40066f9ed9abe5f7f886fe5789ff7e0c50e (6.11-rc2)
-CVE-2024-43896 [ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable
is NULL]
+CVE-2024-43896 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/dc268085e499666b9f4f0fcb4c5a94e1c0b193b3 (6.11-rc3)
-CVE-2024-43895 [drm/amd/display: Skip Recompute DSC Params if no Stream on
Link]
+CVE-2024-43895 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)
-CVE-2024-43894 [drm/client: fix null pointer dereference in
drm_client_modeset_probe]
+CVE-2024-43894 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)
-CVE-2024-43893 [serial: core: check uartclk for zero to avoid divide by zero]
+CVE-2024-43893 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)
-CVE-2024-43892 [memcg: protect concurrent access to mem_cgroup_idr]
+CVE-2024-43892 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)
-CVE-2024-43891 [tracing: Have format file honor EVENT_FILE_FL_FREED]
+CVE-2024-43891 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)
-CVE-2024-43890 [tracing: Fix overflow in get_free_elt()]
+CVE-2024-43890 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)
-CVE-2024-43889 [padata: Fix possible divide-by-0 panic in padata_mt_helper()]
+CVE-2024-43889 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)
-CVE-2024-43888 [mm: list_lru: fix UAF for memory cgroup]
+CVE-2024-43888 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)
-CVE-2024-43887 [net/tcp: Disable TCP-AO static key after RCU grace period]
+CVE-2024-43887 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)
-CVE-2024-43886 [drm/amd/display: Add null check in
resource_log_pipe_topology_update]
+CVE-2024-43886 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.10.6-1
NOTE:
https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)
-CVE-2024-43885 [btrfs: fix double inode unlock for direct IO sync writes]
+CVE-2024-43885 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115 (6.11-rc3)
-CVE-2024-43884 [Bluetooth: MGMT: Add error handling to pair_device()]
+CVE-2024-43884 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)
CVE-2024-8147 (A vulnerability was found in code-projects Pharmacy Management
System ...)
@@ -316,7 +472,8 @@ CVE-2024-43032 (autMan v2.9.6 allows attackers to bypass
authentication via a cr
NOT-FOR-US: autMan
CVE-2024-43031 (autMan v2.9.6 was discovered to contain an access control
issue.)
NOT-FOR-US: autMan
-CVE-2024-42992 (Python Pip Pandas v2.2.2 was discovered to contain an
arbitrary file r ...)
+CVE-2024-42992
+ REJECTED
- pandas <undetermined>
TODO: check, unclear report in https://github.com/juwenyi/CVE-2024-42992
CVE-2024-42918 (itsourcecode Online Accreditation Management System contains a
Cross S ...)
@@ -7884,14 +8041,17 @@ CVE-2024-24622 (Softaculous Webuzo contains a command
injection in the password
CVE-2024-24621 (Softaculous Webuzo contains an authentication bypass
vulnerability thr ...)
NOT-FOR-US: Softaculous Webuzo
CVE-2024-35296 (Invalid Accept-Encoding header can cause Apache Traffic Server
to fail ...)
+ {DSA-5758-1}
- trafficserver 9.2.5+ds-1 (bug #1077141)
NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
NOTE:
https://github.com/apache/trafficserver/commit/4122abd9272d49cb4ed87d479e1febb0f1c7c1da
CVE-2024-35161 (Apache Traffic Server forwards malformed HTTP chunked trailer
section ...)
+ {DSA-5758-1}
- trafficserver 9.2.5+ds-1 (bug #1077141)
NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
NOTE:
https://github.com/apache/trafficserver/commit/3ba1e2685f89bcd631b66748f70f69a5eecf741b
CVE-2023-38522 (Apache Traffic Server accepts characters that are not allowed
for HTTP ...)
+ {DSA-5758-1}
- trafficserver 9.2.5+ds-1 (bug #1077141)
NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
NOTE:
https://github.com/apache/trafficserver/commit/b104992e2315969688a697cbf7d5007a7dca396f
@@ -32005,6 +32165,7 @@ CVE-2024-34090 (An issue was discovered in Archer
Platform 6 before 2024.04. The
CVE-2024-34089 (An issue was discovered in Archer Platform 6 before 2024.04.
There is ...)
NOT-FOR-US: Archer Platform
CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using
`keep_typo ...)
+ {DLA-3856-1}
- python-html-sanitizer <unfixed> (bug #1070710)
NOTE:
https://github.com/matthiask/html-sanitizer/security/advisories/GHSA-wvhx-q427-fgh3
NOTE:
https://github.com/matthiask/html-sanitizer/commit/48db42fc5143d0140c32d929c46b802f96913550
(2.4.2)
@@ -85183,7 +85344,7 @@ CVE-2023-32461 (Dell PowerEdge BIOS and Dell Precision
BIOS contain a buffer ove
NOT-FOR-US: Dell
CVE-2023-4958 (In Red Hat Advanced Cluster Security (RHACS), it was found that
some s ...)
NOT-FOR-US: StackRox
-CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital
Yepas all ...)
+CVE-2023-4972 (Incorrect Use of Privileged APIs vulnerability in Yepas Digital
Yepas ...)
NOT-FOR-US: Yepas Digital Yepas
CVE-2023-4965 (A vulnerability was found in phpipam 1.5.1. It has been rated
as probl ...)
- phpipam <itp> (bug #731713)
@@ -87157,6 +87318,7 @@ CVE-2023-37827 (A cross-site scripting (XSS)
vulnerability in General Solutions
CVE-2023-37826 (A cross-site scripting (XSS) vulnerability in General
Solutions Steine ...)
NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement
CVE-2023-36328 (Integer Overflow vulnerability in mp_grow in libtom libtommath
before ...)
+ {DLA-3857-1}
- libtommath 1.2.1-1 (bug #1051100)
[bookworm] - libtommath 1.2.0-6+deb12u1
[buster] - libtommath <no-dsa> (Minor issue)
@@ -117064,8 +117226,8 @@ CVE-2023-26317 (A vulnerability has been discovered
in Xiaomi routers that could
NOT-FOR-US: Xiaomi
CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service
Application pro ...)
NOT-FOR-US: Xiaomi
-CVE-2023-26315
- RESERVED
+CVE-2023-26315 (The Xiaomi router AX9000 has a post-authentication command
injection v ...)
+ TODO: check
CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: MedData Informatics MedDataPACS
CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent
Sandbox CLI f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62deea4aa7777ee57f6e1baa002d8cc970f2597c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62deea4aa7777ee57f6e1baa002d8cc970f2597c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
