[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 10 21:12:10 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2611a4fb by security tracker role at 2024-04-10T20:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,173 +1,411 @@
-CVE-2021-47219 [scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()]
+CVE-2024-3570 (A stored Cross-Site Scripting (XSS) vulnerability exists in the chat f ...)
+ TODO: check
+CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the mintplex-labs/an ...)
+ TODO: check
+CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary code e ...)
+ TODO: check
+CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...)
+ TODO: check
+CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...)
+ TODO: check
+CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...)
+ TODO: check
+CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...)
+ TODO: check
+CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...)
+ TODO: check
+CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...)
+ TODO: check
+CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...)
+ TODO: check
+CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto Networks PAN ...)
+ TODO: check
+CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS software en ...)
+ TODO: check
+CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a remote ...)
+ TODO: check
+CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software processes da ...)
+ TODO: check
+CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that enable ...)
+ TODO: check
+CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...)
+ TODO: check
+CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...)
+ TODO: check
+CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation vulnerabil ...)
+ TODO: check
+CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the `llama ...)
+ TODO: check
+CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal attacks due ...)
+ TODO: check
+CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, an ...)
+ TODO: check
+CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual wikis, tran ...)
+ TODO: check
+CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version 2.4-mil ...)
+ TODO: check
+CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...)
+ TODO: check
+CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerc ...)
+ TODO: check
+CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipp ...)
+ TODO: check
+CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any X ...)
+ TODO: check
+CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...)
+ TODO: check
+CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...)
+ TODO: check
+CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...)
+ TODO: check
+CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...)
+ TODO: check
+CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...)
+ TODO: check
+CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...)
+ TODO: check
+CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...)
+ TODO: check
+CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...)
+ TODO: check
+CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...)
+ TODO: check
+CVE-2024-31461 (Plane, an open-source project management tool, has a Server-Side Reque ...)
+ TODO: check
+CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...)
+ TODO: check
+CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X ...)
+ TODO: check
+CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating ...)
+ TODO: check
+CVE-2024-31356 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-31355 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-31353 (Insertion of Sensitive Information into Log File vulnerability in Trib ...)
+ TODO: check
+CVE-2024-31343 (Missing Authorization vulnerability in Sonaar Music MP3 Audio Player f ...)
+ TODO: check
+CVE-2024-31342 (Missing Authorization vulnerability in WPcloudgallery WordPress Galler ...)
+ TODO: check
+CVE-2024-31302 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-31299 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary R ...)
+ TODO: check
+CVE-2024-31298 (Insertion of Sensitive Information into Log File vulnerability in Joel ...)
+ TODO: check
+CVE-2024-31297 (Missing Authorization vulnerability in WPExperts Wholesale For WooComm ...)
+ TODO: check
+CVE-2024-31287 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-31282 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...)
+ TODO: check
+CVE-2024-31278 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-31259 (Insertion of Sensitive Information into Log File vulnerability in Sear ...)
+ TODO: check
+CVE-2024-31254 (Insertion of Sensitive Information into Log File vulnerability in WebT ...)
+ TODO: check
+CVE-2024-31253 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in W ...)
+ TODO: check
+CVE-2024-31249 (Insertion of Sensitive Information into Log File vulnerability in WPKu ...)
+ TODO: check
+CVE-2024-31247 (Insertion of Sensitive Information into Log File vulnerability in Fr\x ...)
+ TODO: check
+CVE-2024-31245 (Insertion of Sensitive Information into Log File vulnerability in Conv ...)
+ TODO: check
+CVE-2024-31242 (Missing Authorization vulnerability in Bricksforge.This issue affects ...)
+ TODO: check
+CVE-2024-31240 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-31230 (Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive ...)
+ TODO: check
+CVE-2024-31214 (Traccar is an open source GPS tracking system. Traccar versions 5.1 th ...)
+ TODO: check
+CVE-2024-2952 (BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) ...)
+ TODO: check
+CVE-2024-2731 (Users with low privileges (all permissions deselected in the administr ...)
+ TODO: check
+CVE-2024-2730 (Mautic uses predictable page indices for unpublished landing pages, th ...)
+ TODO: check
+CVE-2024-2221 (qdrant/qdrant is vulnerable to a path traversal and arbitrary file upl ...)
+ TODO: check
+CVE-2024-2217 (gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, a ...)
+ TODO: check
+CVE-2024-2196 (aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allow ...)
+ TODO: check
+CVE-2024-2195 (A critical Remote Code Execution (RCE) vulnerability was identified in ...)
+ TODO: check
+CVE-2024-2029 (A command injection vulnerability exists in the `TranscriptEndpoint` o ...)
+ TODO: check
+CVE-2024-29502 (An issue in Secure Lockdown Multi Application Edition v2.00.219 allows ...)
+ TODO: check
+CVE-2024-29500 (An issue in the kiosk mode of Secure Lockdown Multi Application Editio ...)
+ TODO: check
+CVE-2024-29296 (A user enumeration vulnerability was found in Portainer CE 2.19.4. Thi ...)
+ TODO: check
+CVE-2024-29269 (An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows a ...)
+ TODO: check
+CVE-2024-28345 (An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows ...)
+ TODO: check
+CVE-2024-28344 (An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard ...)
+ TODO: check
+CVE-2024-27477 (In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within ...)
+ TODO: check
+CVE-2024-27476 (Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/ti ...)
+ TODO: check
+CVE-2024-27474 (Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). Thi ...)
+ TODO: check
+CVE-2024-26122 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26098 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26097 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26087 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26084 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26079 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26076 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26047 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26046 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-24809 (Traccar is an open source GPS tracking system. Versions prior to 6.0 a ...)
+ TODO: check
+CVE-2024-23735 (Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate ...)
+ TODO: check
+CVE-2024-23734 (Cross Site Request Forgery vulnerability in in the upload functionalit ...)
+ TODO: check
+CVE-2024-23083 (Time4J Base v5.9.3 was discovered to contain a NullPointerException vi ...)
+ TODO: check
+CVE-2024-23080 (Joda Time v2.12.5 was discovered to contain a NullPointerException via ...)
+ TODO: check
+CVE-2024-23077 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...)
+ TODO: check
+CVE-2024-23076 (FreeChart v1.5.4 was discovered to contain a NullPointerException via ...)
+ TODO: check
+CVE-2024-20780 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-20779 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-20778 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-20772 (Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a St ...)
+ TODO: check
+CVE-2024-20770 (Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by ...)
+ TODO: check
+CVE-2024-20766 (InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an ...)
+ TODO: check
+CVE-2024-20759 (Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and ...)
+ TODO: check
+CVE-2024-20758 (Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and ...)
+ TODO: check
+CVE-2024-20737 (After Effects versions 24.1, 23.6.2 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-1902 (lunary-ai/lunary is vulnerable to a session reuse attack, allowing a r ...)
+ TODO: check
+CVE-2024-1741 (lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization ...)
+ TODO: check
+CVE-2024-1740 (In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user ...)
+ TODO: check
+CVE-2024-1728 (gradio-app/gradio is vulnerable to a local file inclusion vulnerabilit ...)
+ TODO: check
+CVE-2024-1643 (By knowing an organization's ID, an attacker can join the organization ...)
+ TODO: check
+CVE-2024-1625 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...)
+ TODO: check
+CVE-2024-1602 (parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XS ...)
+ TODO: check
+CVE-2024-1600 (A Local File Inclusion (LFI) vulnerability exists in the parisneo/loll ...)
+ TODO: check
+CVE-2024-1599 (lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project c ...)
+ TODO: check
+CVE-2024-1520 (An OS Command Injection vulnerability exists in the '/open_code_folder ...)
+ TODO: check
+CVE-2024-1511 (The parisneo/lollms-webui repository is susceptible to a path traversa ...)
+ TODO: check
+CVE-2024-0218 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, c ...)
+ TODO: check
+CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive information. ...)
+ TODO: check
+CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...)
+ TODO: check
+CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...)
+ TODO: check
+CVE-2021-47219 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/f347c26836c270199de1599c3cd466bb7747caa9 (5.16-rc1)
-CVE-2021-47218 [selinux: fix NULL-pointer dereference when hashtab allocation fails]
+CVE-2021-47218 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dc27f3c5d10c58069672215787a96b4fae01818b (5.16-rc3)
-CVE-2021-47217 [x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails]
+CVE-2021-47217 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/daf972118c517b91f74ff1731417feb4270625a4 (5.16-rc2)
-CVE-2021-47216 [scsi: advansys: Fix kernel pointer leak]
+CVE-2021-47216 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/d4996c6eac4c81b8872043e9391563f67f13e406 (5.16-rc1)
-CVE-2021-47215 [net/mlx5e: kTLS, Fix crash in RX resync flow]
+CVE-2021-47215 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cc4a9cc03faa6d8db1a6954bb536f2c1e63bdff6 (5.16-rc2)
-CVE-2021-47214 [hugetlb, userfaultfd: fix reservation restore on userfaultfd error]
+CVE-2021-47214 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 5.15.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cc30042df6fcc82ea18acf0dace831503e60a0b7 (5.16-rc2)
-CVE-2021-47213 [NFSD: Fix exposure in nfsd4_decode_bitmap()]
+CVE-2021-47213 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.15.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2)
-CVE-2021-47212 [net/mlx5: Update error handler for UCTX and UMEM]
+CVE-2021-47212 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.5-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ba50cd9451f6c49cf0841c0a4a146ff6a2822699 (5.16-rc2)
-CVE-2021-47211 [ALSA: usb-audio: fix null pointer dereference on pointer cs_desc]
+CVE-2021-47211 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 5.15.5-1
NOTE: https://git.kernel.org/linus/b97053df0f04747c3c1e021ecbe99db675342954 (5.16-rc1)
-CVE-2021-47210 [usb: typec: tipd: Remove WARN_ON in tps6598x_block_read]
+CVE-2021-47210 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/b7a0a63f3fed57d413bb857de164ea9c3984bc4e (5.16-rc1)
-CVE-2021-47209 [sched/fair: Prevent dead task groups from regaining cfs_rq's]
+CVE-2021-47209 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b027789e5e50494c2325cc70c8642e7fd6059479 (5.16-rc1)
-CVE-2021-47207 [ALSA: gus: fix null pointer dereference on pointer block]
+CVE-2021-47207 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/a0d21bb3279476c777434c40d969ea88ca64f9aa (5.16-rc1)
-CVE-2021-47206 [usb: host: ohci-tmio: check return value after calling platform_get_resource()]
+CVE-2021-47206 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/9eff2b2e59fda25051ab36cd1cb5014661df657b (5.16-rc1)
-CVE-2021-47205 [clk: sunxi-ng: Unregister clocks/resets when unbinding]
+CVE-2021-47205 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.15.5-1
NOTE: https://git.kernel.org/linus/9bec2b9c6134052994115d2d3374e96f2ccb9b9d (5.16-rc1)
-CVE-2021-47204 [net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove]
+CVE-2021-47204 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/9b5a333272a48c2f8b30add7a874e46e8b26129c (5.16-rc2)
-CVE-2021-47203 [scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()]
+CVE-2021-47203 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/99154581b05c8fb22607afb7c3d66c1bace6aa5d (5.16-rc1)
-CVE-2021-47202 [thermal: Fix NULL pointer dereferences in of_thermal_ functions]
+CVE-2021-47202 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/96cfe05051fd8543cdedd6807ec59a0e6c409195 (5.16-rc1)
-CVE-2021-47201 [iavf: free q_vectors before queues in iavf_disable_vf]
+CVE-2021-47201 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/89f22f129696ab53cfbc608e0a2184d0fea46ac1 (5.16-rc2)
-CVE-2021-47200 [drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap]
+CVE-2021-47200 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.15.5-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8244a3bc27b3efd057da154b8d7e414670d5044f (5.16-rc1)
-CVE-2021-47199 [net/mlx5e: CT, Fix multiple allocations and memleak of mod acts]
+CVE-2021-47199 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.5-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/806401c20a0f9c51b6c8fd7035671e6ca841f6c2 (5.16-rc2)
-CVE-2021-47198 [scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine]
+CVE-2021-47198 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
NOTE: https://git.kernel.org/linus/79b20beccea3a3938a8500acef4e6b9d7c66142f (5.16-rc1)
-CVE-2021-47197 [net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()]
+CVE-2021-47197 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/76ded29d3fcda4928da8849ffc446ea46871c1c2 (5.16-rc2)
-CVE-2021-47196 [RDMA/core: Set send and receive CQ before forwarding to the driver]
+CVE-2021-47196 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 5.15.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6cd7397d01c4a3e09757840299e4f114f0aa5fa0 (5.16-rc2)
-CVE-2021-47195 [spi: fix use-after-free of the add_lock mutex]
+CVE-2021-47195 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6c53b45c71b4920b5e62f0ea8079a1da382b9434 (5.16-rc2)
-CVE-2021-47194 [cfg80211: call cfg80211_stop_ap when switch from P2P_GO type]
+CVE-2021-47194 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/563fbefed46ae4c1f70cffb8eb54c02df480b2c2 (5.16-rc2)
-CVE-2021-47193 [scsi: pm80xx: Fix memory leak during rmmod]
+CVE-2021-47193 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
NOTE: https://git.kernel.org/linus/51e6ed83bb4ade7c360551fa4ae55c4eacea354b (5.16-rc1)
-CVE-2021-47192 [scsi: core: sysfs: Fix hang when device state is set via sysfs]
+CVE-2021-47192 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4edd8cd4e86dd3047e5294bbefcc0a08f66a430f (5.16-rc2)
-CVE-2021-47191 [scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()]
+CVE-2021-47191 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/4e3ace0051e7e504b55d239daab8789dd89b863c (5.16-rc1)
-CVE-2021-47190 [perf bpf: Avoid memory leak from perf_env__insert_btf()]
+CVE-2021-47190 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f (5.16-rc1)
-CVE-2021-47189 [btrfs: fix memory ordering between normal and ordered work functions]
+CVE-2021-47189 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/45da9c1767ac31857df572f0a909fbe88fd5a7e9 (5.16-rc2)
-CVE-2021-47188 [scsi: ufs: core: Improve SCSI abort handling]
+CVE-2021-47188 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
NOTE: https://git.kernel.org/linus/3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566 (5.16-rc2)
-CVE-2021-47187 [arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency]
+CVE-2021-47187 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/3f1dcaff642e75c1d2ad03f783fa8a3b1f56dd50 (5.16-rc1)
-CVE-2021-47186 [tipc: check for null after calling kmemdup]
+CVE-2021-47186 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/3e6db079751afd527bf3db32314ae938dc571916 (5.16-rc2)
-CVE-2021-47185 [tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc]
+CVE-2021-47185 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/3968ddcf05fb4b9409cd1859feb06a5b0550a1c1 (5.16-rc1)
-CVE-2021-47184 [i40e: Fix NULL ptr dereference on VSI filter sync]
+CVE-2021-47184 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/37d9e304acd903a445df8208b8a13d707902dea6 (5.16-rc2)
-CVE-2021-47183 [scsi: lpfc: Fix link down processing to address NULL pointer dereference]
+CVE-2021-47183 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
NOTE: https://git.kernel.org/linus/1854f53ccd88ad4e7568ddfafafffe71f1ceb0a6 (5.16-rc1)
-CVE-2021-47182 [scsi: core: Fix scsi_mode_sense() buffer length handling]
+CVE-2021-47182 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.5-1
NOTE: https://git.kernel.org/linus/17b49bcbf8351d3dbe57204468ac34f033ed60bc (5.16-rc1)
-CVE-2021-47181 [usb: musb: tusb6010: check return value after calling platform_get_resource()]
+CVE-2021-47181 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/14651496a3de6807a17c310f63c894ea0c5d858e (5.16-rc1)
-CVE-2024-26816 [x86, relocs: Ignore relocations in .notes section]
+CVE-2024-26816 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/aaa8736370db1a78f0e8434344a484f9fd20be3b (6.9-rc1)
-CVE-2024-26815 [net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check]
+CVE-2024-26815 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -179,7 +417,7 @@ CVE-2024-3447
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813
CVE-2024-2905
NOT-FOR-US: rpm-ostree
-CVE-2024-2243
+CVE-2024-2243 (A vulnerability was found in csmock where a regular user of the OSH se ...)
NOT-FOR-US: csmock
CVE-2024-3556
REJECTED
@@ -2190,7 +2428,7 @@ CVE-2024-3296 (A timing-based side-channel flaw exists in the rust-openssl packa
[bookworm] - rust-openssl <no-dsa> (Minor issue)
[bullseye] - rust-openssl <no-dsa> (Minor issue)
NOTE: https://github.com/sfackler/rust-openssl/issues/2171
-CVE-2024-31309
+CVE-2024-31309 (HTTP/2 CONTINUATIONDoS attack can cause Apache Traffic Server to consu ...)
- trafficserver <unfixed> (bug #1068417)
NOTE: https://www.kb.cert.org/vuls/id/421644
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2269627
@@ -3480,6 +3718,7 @@ CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing Authenticati
CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2024-28219 (In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists bec ...)
+ {DLA-3786-1}
- pillow 10.3.0-1
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
NOTE: https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061 (10.3.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2611a4fb4d63f263f47f8e3c87f7b79aac06504b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2611a4fb4d63f263f47f8e3c87f7b79aac06504b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240410/e3c3ab1c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list