[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 21 09:12:39 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
26a8b277 by security tracker role at 2024-08-21T08:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,216 +1,270 @@
-CVE-2023-52914 [io_uring/poll: add hash if ready poll request can't complete inline]
+CVE-2024-8023 (A vulnerability classified as critical has been found in chillzhuang S ...)
+ TODO: check
+CVE-2024-8022 (A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03 ...)
+ TODO: check
+CVE-2024-7998 (In affected versions of Octopus Server OIDC cookies were using the wro ...)
+ TODO: check
+CVE-2024-7854 (The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in ...)
+ TODO: check
+CVE-2024-7651 (The App Builder \u2013 Create Native Android & iOS Apps On The Flight ...)
+ TODO: check
+CVE-2024-7647 (The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-7629 (The Responsive video plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-7390 (The WP Testimonial Widget plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2024-7134 (The LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews plugin ...)
+ TODO: check
+CVE-2024-7090 (The LH Add Media From Url plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2024-7032 (The Smart Online Order for Clover plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-7030 (The Smart Online Order for Clover plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-7013 (Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and a ...)
+ TODO: check
+CVE-2024-6883 (The Event Espresso 4 Decaf \u2013 Event Registration Event Ticketing p ...)
+ TODO: check
+CVE-2024-6767 (The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-6568 (The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPr ...)
+ TODO: check
+CVE-2024-6339 (The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Sit ...)
+ TODO: check
+CVE-2024-5880 (The Hide My Site plugin for WordPress is vulnerable to Sensitive Infor ...)
+ TODO: check
+CVE-2024-43403 (Kanister is a data protection workflow management tool. The kanister h ...)
+ TODO: check
+CVE-2024-43396 (Khoj is an application that creates personal AI agents. The Automation ...)
+ TODO: check
+CVE-2024-42939 (A cross-site scripting (XSS) vulnerability in the component /index/ind ...)
+ TODO: check
+CVE-2024-42363 (Prior to 3385, the user-controlled role parameter enters the applicati ...)
+ TODO: check
+CVE-2024-42362 (Hertzbeat is an open source, real-time monitoring system. Hertzbeat ha ...)
+ TODO: check
+CVE-2024-42361 (Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1. ...)
+ TODO: check
+CVE-2024-41658 (Casdoor is a UI-first Identity and Access Management (IAM) / Single-Si ...)
+ TODO: check
+CVE-2024-41657 (Casdoor is a UI-first Identity and Access Management (IAM) / Single-Si ...)
+ TODO: check
+CVE-2024-38305 (Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a ...)
+ TODO: check
+CVE-2023-52914 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/febb985c06cb6f5fac63598c0bffd4fd823d110d (6.2-rc4)
-CVE-2023-52913 [drm/i915: Fix potential context UAFs]
+CVE-2023-52913 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/afce71ff6daa9c0f852df0727fe32c6fb107f0fa (6.2-rc4)
-CVE-2023-52912 [drm/amdgpu: Fixed bug on error when unloading amdgpu]
+CVE-2023-52912 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/99f1a36c90a7524972be5a028424c57fa17753ee (6.2-rc4)
-CVE-2023-52911 [drm/msm: another fix for the headless Adreno GPU]
+CVE-2023-52911 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/00dd060ab3cf95ca6ede7853bc14397014971b5e (6.2-rc4)
-CVE-2023-52910 [iommu/iova: Fix alloc iova overflows issue]
+CVE-2023-52910 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dcdb3ba7e2a8caae7bfefd603bc22fd0ce9a389c (6.2-rc4)
-CVE-2023-52909 [nfsd: fix handling of cached open files in nfsd4_open codepath]
+CVE-2023-52909 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.1.7-1
[bullseye] - linux 5.10.221-1
NOTE: https://git.kernel.org/linus/0b3a551fa58b4da941efeb209b3770868e2eddd7 (6.2-rc4)
-CVE-2023-52908 [drm/amdgpu: Fix potential NULL dereference]
+CVE-2023-52908 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0be7ed8e7eb15282b5d0f6fdfea884db594ea9bf (6.2-rc4)
-CVE-2023-52907 [nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()]
+CVE-2023-52907 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/9dab880d675b9d0dd56c6428e4e8352a3339371d (6.2-rc4)
-CVE-2023-52906 [net/sched: act_mpls: Fix warning during failed attribute validation]
+CVE-2023-52906 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/9e17f99220d111ea031b44153fdfe364b0024ff2 (6.2-rc4)
-CVE-2023-52905 [octeontx2-pf: Fix resource leakage in VF driver unbind]
+CVE-2023-52905 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/53da7aec32982f5ee775b69dce06d63992ce4af3 (6.2-rc4)
-CVE-2023-52904 [ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()]
+CVE-2023-52904 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/92a9c0ad86d47ff4cce899012e355c400f02cfb8 (6.2-rc4)
-CVE-2023-52903 [io_uring: lock overflowing for IOPOLL]
+CVE-2023-52903 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/544d163d659d45a206d8929370d5a2984e546cb7 (6.2-rc4)
-CVE-2023-52902 [nommu: fix memory leak in do_mmap() error path]
+CVE-2023-52902 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.1.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7f31cced5724e6d414fe750aa1cd7e7b578ec22f (6.2-rc5)
-CVE-2023-52901 [usb: xhci: Check endpoint is valid before dereferencing it]
+CVE-2023-52901 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/e8fb5bc76eb86437ab87002d4a36d6da02165654 (6.2-rc5)
-CVE-2023-52900 [nilfs2: fix general protection fault in nilfs_btree_insert()]
+CVE-2023-52900 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/7633355e5c7f29c049a9048e461427d1d8ed3051 (6.2-rc5)
-CVE-2023-52899 [Add exception protection processing for vd in axi_chan_handle_err function]
+CVE-2023-52899 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/57054fe516d59d03a7bcf1888e82479ccc244f87 (6.2-rc5)
-CVE-2023-52898 [xhci: Fix null pointer dereference when host dies]
+CVE-2023-52898 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/a2bc47c43e70cf904b1af49f76d572326c08bca7 (6.2-rc5)
-CVE-2023-52897 [btrfs: qgroup: do not warn on record without old_roots populated]
+CVE-2023-52897 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.1.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/75181406b4eafacc531ff2ee5fb032bd93317e2b (6.2-rc5)
-CVE-2023-52896 [btrfs: fix race between quota rescan and disable leading to NULL pointer deref]
+CVE-2023-52896 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/b7adbf9ada3513d2092362c8eac5cddc5b651f5c (6.2-rc5)
-CVE-2023-52895 [io_uring/poll: don't reissue in case of poll race on multishot request]
+CVE-2023-52895 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8caa03f10bf92cb8657408a6ece6a8a73f96ce13 (6.2-rc5)
-CVE-2023-52894 [usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()]
+CVE-2023-52894 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/c6ec929595c7443250b2a4faea988c62019d5cd2 (6.2-rc5)
-CVE-2023-52893 [gsmi: fix null-deref in gsmi_get_variable]
+CVE-2023-52893 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/a769b05eeed7accc4019a1ed9799dd72067f1ce8 (6.2-rc5)
-CVE-2022-48899 [drm/virtio: Fix GEM handle creation UAF]
+CVE-2022-48899 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/52531258318ed59a2dc5a43df2eaf0eb1d65438e (6.2-rc4)
-CVE-2022-48898 [drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer]
+CVE-2022-48898 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/1cba0d150fa102439114a91b3e215909efc9f169 (6.2-rc4)
-CVE-2022-48897 [arm64/mm: fix incorrect file_map_count for invalid pmd]
+CVE-2022-48897 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/74c2f81054510d45b813548cb0a1c4ebf87cdd5f (6.2-rc4)
-CVE-2022-48896 [ixgbe: fix pci device refcount leak]
+CVE-2022-48896 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/b93fb4405fcb5112c5739c5349afb52ec7f15c07 (6.2-rc4)
-CVE-2022-48895 [iommu/arm-smmu: Don't unregister on shutdown]
+CVE-2022-48895 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ce31e6ca68bd7639bd3e5ef97be215031842bbab (6.2-rc4)
-CVE-2022-48894 [iommu/arm-smmu-v3: Don't unregister on shutdown]
+CVE-2022-48894 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/32ea2c57dc216b6ad8125fa680d31daa5d421c95 (6.2-rc4)
-CVE-2022-48893 [drm/i915/gt: Cleanup partial engine discovery failures]
+CVE-2022-48893 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/78a033433a5ae4fee85511ee075bc9a48312c79e (6.2-rc1)
-CVE-2022-48892 [sched/core: Fix use-after-free bug in dup_user_cpus_ptr()]
+CVE-2022-48892 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/87ca4f9efbd7cc649ff43b87970888f2812945b8 (6.2-rc4)
-CVE-2022-48891 [regulator: da9211: Use irq handler when ready]
+CVE-2022-48891 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/02228f6aa6a64d588bc31e3267d05ff184d772eb (6.2-rc4)
-CVE-2022-48890 [scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM]
+CVE-2022-48890 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/67ff3d0a49f3d445c3922e30a54e03c161da561e (6.2-rc4)
-CVE-2022-48889 [ASoC: Intel: sof-nau8825: fix module alias overflow]
+CVE-2022-48889 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3e78986a840d59dd27e636eae3f52dc11125c835 (6.2-rc4)
-CVE-2022-48888 [drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path]
+CVE-2022-48888 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/45dac1352b55b1d8cb17f218936b2bc2bc1fb4ee (6.2-rc4)
-CVE-2022-48887 [drm/vmwgfx: Remove rcu locks from user resources]
+CVE-2022-48887 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/a309c7194e8a2f8bd4539b9449917913f6c2cd50 (6.2-rc4)
-CVE-2022-48886 [ice: Add check for kzalloc]
+CVE-2022-48886 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/40543b3d9d2c13227ecd3aa90a713c201d1d7f09 (6.2-rc4)
-CVE-2022-48885 [ice: Fix potential memory leak in ice_gnss_tty_write()]
+CVE-2022-48885 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f58985620f55580a07d40062c4115d8c9cf6ae27 (6.2-rc4)
-CVE-2022-48884 [net/mlx5: Fix command stats access after free]
+CVE-2022-48884 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/da2e552b469a0cd130ff70a88ccc4139da428a65 (6.2-rc4)
-CVE-2022-48883 [net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent]
+CVE-2022-48883 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/31c70bfe58ef09fe36327ddcced9143a16e9e83d (6.2-rc4)
-CVE-2022-48882 [net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)]
+CVE-2022-48882 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9828994ac492e8e7de47fe66097b7e665328f348 (6.2-rc4)
-CVE-2022-48881 [platform/x86/amd: Fix refcount leak in amd_pmc_probe]
+CVE-2022-48881 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ccb32e2be14271a60e9ba89c6d5660cc9998773c (6.2-rc4)
-CVE-2022-48880 [platform/surface: aggregator: Add missing call to ssam_request_sync_free()]
+CVE-2022-48880 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c965daac370f08a9b71d573a71d13cda76f2a884 (6.2-rc4)
-CVE-2022-48879 [efi: fix NULL-deref in init error path]
+CVE-2022-48879 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/703c13fe3c9af557d312f5895ed6a5fda2711104 (6.2-rc4)
-CVE-2022-48878 [Bluetooth: hci_qca: Fix driver shutdown on closed serdev]
+CVE-2022-48878 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/272970be3dabd24cbe50e393ffee8f04aec3b9a8 (6.2-rc5)
-CVE-2022-48877 [f2fs: let's avoid panic if extent_tree is not created]
+CVE-2022-48877 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/df9d44b645b83fffccfb4e28c1f93376585fdec8 (6.2-rc3)
-CVE-2022-48876 [wifi: mac80211: fix initialization of rx->link and rx->link_sta]
+CVE-2022-48876 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.1.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e66b7920aa5ac5b1a1997a454004ba9246a3c005 (6.2-rc5)
-CVE-2022-48875 [wifi: mac80211: sdata can be NULL during AMPDU start]
+CVE-2022-48875 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/69403bad97aa0162e3d7911b27e25abe774093df (6.2-rc5)
-CVE-2022-48874 [misc: fastrpc: Fix use-after-free and race in fastrpc_map_find]
+CVE-2022-48874 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.1.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9446fa1683a7e3937d9970248ced427c1983a1c5 (6.2-rc5)
-CVE-2022-48873 [misc: fastrpc: Don't remove map on creater_process and device_release]
+CVE-2022-48873 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/5bb96c8f9268e2fdb0e5321cbc358ee5941efc15 (6.2-rc5)
-CVE-2022-48872 [misc: fastrpc: Fix use-after-free race condition for maps]
+CVE-2022-48872 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/96b328d119eca7563c1edcc4e1039a62e6370ecb (6.2-rc5)
-CVE-2022-48871 [tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer]
+CVE-2022-48871 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/b8caf69a6946e18ffebad49847e258f5b6d52ac2 (6.2-rc5)
-CVE-2022-48870 [tty: fix possible null-ptr-defer in spk_ttyio_release]
+CVE-2022-48870 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.1.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5abbeebd8296c2301023b8dc4b5a6c0d5229b4f5 (6.2-rc5)
-CVE-2022-48869 [USB: gadgetfs: Fix race between mounting and unmounting]
+CVE-2022-48869 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/d18dcfe9860e842f394e37ba01ca9440ab2178f4 (6.2-rc5)
-CVE-2022-48868 [dmaengine: idxd: Let probe fail when workqueue cannot be enabled]
+CVE-2022-48868 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b51b75f0604f17c0f6f3b6f68f1a521a5cc6b04f (6.2-rc5)
-CVE-2022-48867 [dmaengine: idxd: Prevent use after free on completion memory]
+CVE-2022-48867 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.1.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1beeec45f9ac31eba52478379f70a5fa9c2ad005 (6.2-rc5)
@@ -219,90 +273,90 @@ CVE-2024-8007
CVE-2024-22034
- osc 1.9.0-1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1225911
-CVE-2024-43882 [exec: Fix ToCToU between perm check and set-uid/gid usage]
+CVE-2024-43882 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)
-CVE-2024-43881 [wifi: ath12k: change DMA direction while mapping reinjected packets]
+CVE-2024-43881 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)
-CVE-2024-43880 [mlxsw: spectrum_acl_erp: Fix object nesting warning]
+CVE-2024-43880 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)
-CVE-2024-43879 [wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()]
+CVE-2024-43879 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)
-CVE-2024-43878 [xfrm: Fix input error path memory access]
+CVE-2024-43878 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/54fcc6189dfb822eea984fa2b3e477a02447279d (6.11-rc1)
-CVE-2024-43877 [media: pci: ivtv: Add check for DMA map result]
+CVE-2024-43877 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)
-CVE-2024-43876 [PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()]
+CVE-2024-43876 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)
-CVE-2024-43875 [PCI: endpoint: Clean up error handling in vpci_scan_bus()]
+CVE-2024-43875 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)
-CVE-2024-43874 [crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked]
+CVE-2024-43874 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/468e3295774d0edce15f4ae475913b5076dd4f40 (6.11-rc1)
-CVE-2024-43873 [vhost/vsock: always initialize seqpacket_allow]
+CVE-2024-43873 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)
-CVE-2024-43872 [RDMA/hns: Fix soft lockup under heavy CEQE load]
+CVE-2024-43872 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)
-CVE-2024-43871 [devres: Fix memory leakage caused by driver API devm_free_percpu()]
+CVE-2024-43871 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)
-CVE-2024-43870 [perf: Fix event leak upon exit]
+CVE-2024-43870 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)
-CVE-2024-43869 [perf: Fix event leak upon exec and file release]
+CVE-2024-43869 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)
-CVE-2024-43868 [riscv/purgatory: align riscv_kernel_entry]
+CVE-2024-43868 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.10.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)
-CVE-2024-43867 [drm/nouveau: prime: fix refcount underflow]
+CVE-2024-43867 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.4-1
NOTE: https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)
-CVE-2024-43866 [net/mlx5: Always drain health in shutdown callback]
+CVE-2024-43866 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.4-1
NOTE: https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)
-CVE-2024-43865 [s390/fpu: Re-add exception handling in load_fpu_state()]
+CVE-2024-43865 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4734406c39238cbeafe66f0060084caa3247ff53 (6.11-rc2)
-CVE-2024-43864 [net/mlx5e: Fix CT entry update leaks of modify header context]
+CVE-2024-43864 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)
-CVE-2024-43863 [drm/vmwgfx: Fix a deadlock in dma buf fence polling]
+CVE-2024-43863 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.4-1
NOTE: https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)
-CVE-2024-43862 [net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex]
+CVE-2024-43862 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c4d6a347ba7babdf9d90a0eb24048c266cae0532 (6.11-rc2)
-CVE-2024-43861 [net: usb: qmi_wwan: fix memory leak for not ip packets]
+CVE-2024-43861 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)
-CVE-2024-22281
+CVE-2024-22281 (** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component ...)
NOT-FOR-US: Apache Helix
CVE-2024-8005 (A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been clas ...)
NOT-FOR-US: demozx gf_cms
@@ -592,7 +646,7 @@ CVE-2024-35539 (Typecho v1.3.0 was discovered to contain a race condition vulner
NOT-FOR-US: Typecho
CVE-2024-35538 (Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerab ...)
NOT-FOR-US: Typecho
-CVE-2024-6508
+CVE-2024-6508 (An insufficient entropy vulnerability was found in the Openshift Conso ...)
NOT-FOR-US: OpenShift
CVE-2024-7958
REJECTED
@@ -1505,11 +1559,13 @@ CVE-2024-43374 (The UNIX editor Vim prior to version 9.1.0678 has a use-after-fr
NOTE: https://github.com/vim/vim/security/GHSA-2w8m-443v-cgvw
NOTE: https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 (v9.1.0678)
CVE-2024-23185
+ {DSA-5752-1}
- dovecot 1:2.3.21.1+dfsg1-1 (bug #1078877)
NOTE: https://www.openwall.com/lists/oss-security/2024/08/15/4
NOTE: Fixed by: https://github.com/dovecot/core/commit/f020e139c519121d9630a966310ea8e100ee33b7 (2.3.21.1)
NOTE: Fixed by: https://github.com/dovecot/core/commit/ce88c33abc37e408592eff70aeefa28f803effb9 (2.3.21.1)
CVE-2024-23184
+ {DSA-5752-1}
- dovecot 1:2.3.21.1+dfsg1-1 (bug #1078876)
NOTE: https://www.openwall.com/lists/oss-security/2024/08/15/3
NOTE: Fixed by: https://github.com/dovecot/core/commit/8e4c42dbb3c770fcdbc396f2abcf1bc228ec548d (2.3.21.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26a8b277a52cb181a632de38b2c2ad7df495709d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26a8b277a52cb181a632de38b2c2ad7df495709d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240821/73d69b5a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list