[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 4 21:12:35 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3224f85c by security tracker role at 2024-04-04T20:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,167 +1,277 @@
-CVE-2024-26809 [netfilter: nft_set_pipapo: release elements in clone only from destroy path]
+CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free ...)
+ TODO: check
+CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...)
+ TODO: check
+CVE-2024-3262 (Information exposure vulnerability in RT software affecting version 4. ...)
+ TODO: check
+CVE-2024-3250 (It was discovered that Pebble's read-file API and the associated pebbl ...)
+ TODO: check
+CVE-2024-3116 (pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerabi ...)
+ TODO: check
+CVE-2024-31215 (Mobile Security Framework (MobSF) is a security research platform for ...)
+ TODO: check
+CVE-2024-31209 (oidcc is the OpenID Connect client library for Erlang. Denial of Servi ...)
+ TODO: check
+CVE-2024-31207 (Vite (French word for "quick", pronounced /vit/, like "veet") is a fro ...)
+ TODO: check
+CVE-2024-30565 (An issue was discovered in SeaCMS version 12.9, allows remote attacker ...)
+ TODO: check
+CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime ...)
+ TODO: check
+CVE-2024-30263 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...)
+ TODO: check
+CVE-2024-30261 (Undici is an HTTP/1.1 client, written from scratch for Node.js. An att ...)
+ TODO: check
+CVE-2024-30260 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...)
+ TODO: check
+CVE-2024-30254 (MesonLSP is an unofficial, unendorsed language server for meson writte ...)
+ TODO: check
+CVE-2024-30252 (Livemarks is a browser extension that provides RSS feed bookmark folde ...)
+ TODO: check
+CVE-2024-30250 (Astro-Shield is an integration to enhance website security with SubRes ...)
+ TODO: check
+CVE-2024-30249 (Cloudburst Network provides network components used within Cloudburst ...)
+ TODO: check
+CVE-2024-2759 (Improper access control vulnerability in Apaczka plugin for PrestaShop ...)
+ TODO: check
+CVE-2024-2660 (Vault and Vault Enterprise TLS certificates auth method did not correc ...)
+ TODO: check
+CVE-2024-2103 (Inclusion of undocumented features vulnerability accessible when logge ...)
+ TODO: check
+CVE-2024-29387 (projeqtor up to 11.2.0 was discovered to contain a remote code executi ...)
+ TODO: check
+CVE-2024-29386 (projeqtor up to 11.2.0 was discovered to contain a SQL injection vulne ...)
+ TODO: check
+CVE-2024-29193 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...)
+ TODO: check
+CVE-2024-29192 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...)
+ TODO: check
+CVE-2024-29191 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...)
+ TODO: check
+CVE-2024-29182 (Collabora Online is a collaborative online office suite based on Libre ...)
+ TODO: check
+CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...)
+ TODO: check
+CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...)
+ TODO: check
+CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH IN ...)
+ TODO: check
+CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is ...)
+ TODO: check
+CVE-2024-25709 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
+ TODO: check
+CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
+ TODO: check
+CVE-2024-25706 (There is an HTML injection vulnerability in Esri Portal for ArcGIS <=1 ...)
+ TODO: check
+CVE-2024-25705 (There is a cross site scripting vulnerability in the Esri Portal for A ...)
+ TODO: check
+CVE-2024-25704 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
+ TODO: check
+CVE-2024-25703 (There is a reflected cross site scripting vulnerability in the home ap ...)
+ TODO: check
+CVE-2024-25700 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
+ TODO: check
+CVE-2024-25699 (There is a difficult to exploit improper authentication issue in the H ...)
+ TODO: check
+CVE-2024-25698 (There is a reflected cross site scripting vulnerability in the home ap ...)
+ TODO: check
+CVE-2024-25697 (There is a Cross-site Scripting vulnerabilityin Portal for ArcGIS in v ...)
+ TODO: check
+CVE-2024-25696 (There is a Cross-site Scripting vulnerability in Portal for ArcGIS in ...)
+ TODO: check
+CVE-2024-25695 (There is a Cross-site Scripting vulnerability in Portal for ArcGIS in ...)
+ TODO: check
+CVE-2024-25693 (There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. ...)
+ TODO: check
+CVE-2024-25692 (There is a cross-site-request forgery vulnerability in Esri Portal for ...)
+ TODO: check
+CVE-2024-25690 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...)
+ TODO: check
+CVE-2024-25007 (Ericsson Network Manager (ENM), versions prior to 23.1, contains a vul ...)
+ TODO: check
+CVE-2024-22189 (quic-go is an implementation of the QUIC protocol in Go. Prior to vers ...)
+ TODO: check
+CVE-2024-22053 (A heap overflow vulnerability in IPSec component of Ivanti Connect Sec ...)
+ TODO: check
+CVE-2024-22052 (A null pointer dereference vulnerability in IPSec component of Ivanti ...)
+ TODO: check
+CVE-2024-22023 (An XML entity expansion or XEE vulnerability in SAML component of Ivan ...)
+ TODO: check
+CVE-2024-20800 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-3454 (Remote code execution (RCE) vulnerability in Brocade Fabric OS after v ...)
+ TODO: check
+CVE-2023-36645 (SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote a ...)
+ TODO: check
+CVE-2023-36644 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote atta ...)
+ TODO: check
+CVE-2023-36643 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote atta ...)
+ TODO: check
+CVE-2024-26809 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee (6.9-rc1)
-CVE-2024-26808 [netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain]
+CVE-2024-26808 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/01acb2e8666a6529697141a6017edbf206921913 (6.8-rc2)
-CVE-2024-26807 [spi: cadence-qspi: fix pointer reference in runtime PM hooks]
+CVE-2024-26807 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.7.9-1
NOTE: https://git.kernel.org/linus/32ce3bb57b6b402de2aec1012511e7ac4e7449dc (6.8-rc7)
-CVE-2024-26806 [spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks]
+CVE-2024-26806 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.7.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/959043afe53ae80633e810416cee6076da6e91c6 (6.8-rc7)
-CVE-2024-26805 [netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter]
+CVE-2024-26805 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.9-1
NOTE: https://git.kernel.org/linus/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd (6.8-rc7)
-CVE-2024-26804 [net: ip_tunnel: prevent perpetual headroom growth]
+CVE-2024-26804 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.9-1
NOTE: https://git.kernel.org/linus/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f (6.8-rc7)
-CVE-2024-26803 [net: veth: clear GRO when clearing XDP even when down]
+CVE-2024-26803 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fe9f801355f0b47668419f30f1fac1cf4539e736 (6.8-rc7)
-CVE-2024-26802 [stmmac: Clear variable when destroying workqueue]
+CVE-2024-26802 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8af411bbba1f457c33734795f024d0ef26d0963f (6.8-rc7)
-CVE-2024-26801 [Bluetooth: Avoid potential use-after-free in hci_error_reset]
+CVE-2024-26801 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.7.9-1
NOTE: https://git.kernel.org/linus/2449007d3f73b2842c9734f45f0aadb522daf592 (6.8-rc7)
-CVE-2024-26800 [tls: fix use-after-free on failed backlog decryption]
+CVE-2024-26800 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/13114dc5543069f7b97991e3b79937b6da05f5b0 (6.8-rc7)
-CVE-2024-26799 [ASoC: qcom: Fix uninitialized pointer dmactl]
+CVE-2024-26799 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1382d8b55129875b2e07c4d2a7ebc790183769ee (6.8-rc7)
-CVE-2024-26798 [fbcon: always restore the old font data in fbcon_do_set_font()]
+CVE-2024-26798 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f (6.8-rc7)
-CVE-2024-26797 [drm/amd/display: Prevent potential buffer overflow in map_hw_resources]
+CVE-2024-26797 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0f8ca019544a252d1afb468ce840c6dcbac73af4 (6.8-rc7)
-CVE-2024-26796 [drivers: perf: ctr_get_width function for legacy is not defined]
+CVE-2024-26796 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/682dc133f83e0194796e6ea72eb642df1c03dfbe (6.8-rc7)
-CVE-2024-26795 [riscv: Sparse-Memory/vmemmap out-of-bounds fix]
+CVE-2024-26795 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.7.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a11dd49dcb9376776193e15641f84fcc1e5980c9 (6.8-rc7)
-CVE-2024-26794 [btrfs: fix race between ordered extent completion and fiemap]
+CVE-2024-26794 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.7.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a1a4a9ca77f143c00fce69c1239887ff8b813bec (6.8-rc7)
-CVE-2024-26793 [gtp: fix use-after-free and null-ptr-deref in gtp_newlink()]
+CVE-2024-26793 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.7.9-1
NOTE: https://git.kernel.org/linus/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e (6.8-rc7)
-CVE-2024-26792 [btrfs: fix double free of anonymous device after snapshot creation failure]
+CVE-2024-26792 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.7.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e2b54eaf28df0c978626c9736b94f003b523b451 (6.8-rc7)
-CVE-2024-26791 [btrfs: dev-replace: properly validate device names]
+CVE-2024-26791 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.7.9-1
NOTE: https://git.kernel.org/linus/9845664b9ee47ce7ee7ea93caf47d39a9d4552c4 (6.8-rc7)
-CVE-2024-26790 [dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read]
+CVE-2024-26790 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9d739bccf261dd93ec1babf82f5c5d71dd4caa3e (6.8-rc7)
-CVE-2024-26789 [crypto: arm64/neonbs - fix out-of-bounds access on short input]
+CVE-2024-26789 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1c0cf6d19690141002889d72622b90fc01562ce4 (6.8-rc7)
-CVE-2024-26788 [dmaengine: fsl-qdma: init irq after reg initialization]
+CVE-2024-26788 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/87a39071e0b639f45e05d296cc0538eef44ec0bd (6.8-rc7)
-CVE-2024-26787 [mmc: mmci: stm32: fix DMA API overlapping mappings warning]
+CVE-2024-26787 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6b1ba3f9040be5efc4396d86c9752cdc564730be (6.8-rc7)
-CVE-2024-26786 [iommufd: Fix iopt_access_list_id overwrite bug]
+CVE-2024-26786 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.7.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/aeb004c0cd6958e910123a1607634401009c9539 (6.8-rc7)
-CVE-2024-26785 [iommufd: Fix protection fault in iommufd_test_syz_conv_iova]
+CVE-2024-26785 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.7.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cf7c2789822db8b5efa34f5ebcf1621bc0008d48 (6.8-rc7)
-CVE-2024-26784 [pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal]
+CVE-2024-26784 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.7.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/eb5555d422d0fc325e1574a7353d3c616f82d8b5 (6.8-rc7)
-CVE-2024-26783 [mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index]
+CVE-2024-26783 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2774f256e7c0219e2b0a0894af1c76bdabc4f974 (6.8-rc7)
-CVE-2024-26782 [mptcp: fix double-free on socket dismantle]
+CVE-2024-26782 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/10048689def7e40a4405acda16fdc6477d4ecc5c (6.8-rc7)
-CVE-2024-26781 [mptcp: fix possible deadlock in subflow diag]
+CVE-2024-26781 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d6a9608af9a75d13243d217f6ce1e30e57d56ffe (6.8-rc7)
-CVE-2024-26780 [af_unix: Fix task hung while purging oob_skb in GC.]
+CVE-2024-26780 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/25236c91b5ab4a26a56ba2e79b8060cf4e047839 (6.8-rc5)
-CVE-2024-26750 [af_unix: Drop oob_skb ref before purging queue in GC.]
+CVE-2024-26750 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/aa82ac51d63328714645c827775d64dbfd9941f3 (6.8-rc6)
-CVE-2024-26746 [dmaengine: idxd: Ensure safe user copy of completion record]
+CVE-2024-26746 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d3ea125df37dc37972d581b74a5d3785c3f283ab (6.8-rc7)
-CVE-2024-26745 [powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV]
+CVE-2024-26745 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/09a3c1e46142199adcee372a420b024b4fc61051 (6.8-rc7)
-CVE-2024-24795
+CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP Server allo ...)
- apache2 <unfixed> (bug #1068412)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/5
-CVE-2023-38709
+CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious or expl ...)
- apache2 <unfixed> (bug #1068412)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/3
-CVE-2024-27316
+CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit are temporarily buffered i ...)
- apache2 <unfixed> (bug #1068412)
NOTE: https://www.kb.cert.org/vuls/id/421644
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/4
-CVE-2024-3296
+CVE-2024-3296 (A timing-based side-channel exists in the rust-openssl package, which ...)
- rust-openssl <unfixed> (bug #1068418)
NOTE: https://github.com/sfackler/rust-openssl/issues/2171
CVE-2024-31309
@@ -172,17 +282,17 @@ CVE-2024-31309
NOTE: https://github.com/apache/trafficserver/commit/d8cb125e55ad7f9cc043e655f7ef25acbbbe0a2c (8.1.10-rc0)
NOTE: https://github.com/apache/trafficserver/pull/11206
NOTE: https://github.com/apache/trafficserver/commit/b8c6a23b74af1772e5cb0de25b38c234a418cb1d (9.2.4-rc0)
-CVE-2024-30255
+CVE-2024-30255 (Envoy is a cloud-native, open source edge and service proxy. The HTTP/ ...)
- envoyproxy <itp> (bug #987544)
-CVE-2024-28182
+CVE-2024-28182 (nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...)
- nghttp2 <unfixed> (bug #1068415)
NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
NOTE: https://www.kb.cert.org/vuls/id/421644
NOTE: https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0 (v1.61.0)
NOTE: https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9 (v1.61.0)
-CVE-2024-27919
+CVE-2024-27919 (Envoy is a cloud-native, open-source edge and service proxy. In versio ...)
- envoyproxy <itp> (bug #987544)
-CVE-2024-2700
+CVE-2024-2700 (A vulnerability was found in the quarkus-core component. Quarkus captu ...)
NOT-FOR-US: Quarkus
CVE-2024-1139
NOT-FOR-US: Red Hat OpenShift Container Platform
@@ -855,18 +965,18 @@ CVE-2024-31083 [User-after-free in ProcRenderAddGlyphs]
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdca6c3d1f5057eeb31609b1280fc93237b00c77
NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
-CVE-2024-31082 [Heap buffer overread/data leakage in ProcAppleDRICreatePixmap]
+CVE-2024-31082 (A heap-based buffer over-read vulnerability was found in the X.org ser ...)
- xorg-server 2:21.1.11-3 (unimportant)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd41c727f0ef0744517580864cef
NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
NOTE: Affects the XQuartz (X11 server and client libraries for macOS) component
-CVE-2024-31081 [Heap buffer overread/data leakage in ProcXIPassiveGrabDevice]
+CVE-2024-31081 (A heap-based buffer over-read vulnerability was found in the X.org ser ...)
- xorg-server 2:21.1.11-3
- xwayland <unfixed>
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee
NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
-CVE-2024-31080 [Heap buffer overread/data leakage in ProcXIGetSelectedEvents]
+CVE-2024-31080 (A heap-based buffer over-read vulnerability was found in the X.org ser ...)
- xorg-server 2:21.1.11-3
- xwayland <unfixed>
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
@@ -2228,6 +2338,7 @@ CVE-2024-30422 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-30421 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Man ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2947 (A flaw was found in Cockpit. Deleting a sosreport with a crafted name ...)
+ {DSA-5655-1}
- cockpit 314-1
[bullseye] - cockpit <not-affected> (Vulnerable code not present)
[buster] - cockpit <not-affected> (Vulnerable code not present)
@@ -39180,7 +39291,7 @@ CVE-2023-5004 (Hospital management system version 378c157 allows to bypass authe
NOT-FOR-US: Hospital management system
CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 16.4.4+ds2-2
-CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of servic ...)
+CVE-2023-4316 (Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker t ...)
NOT-FOR-US: Zod
CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer in Le ...)
{DLA-3612-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3224f85c2b29848ec55f6acc41fa7ac6a61bbef7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3224f85c2b29848ec55f6acc41fa7ac6a61bbef7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240404/186bf991/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list