[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 26 21:12:36 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
62deea4a by security tracker role at 2024-08-26T20:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,165 +1,321 @@
-CVE-2024-44942 [f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC]
+CVE-2024-8188
+ REJECTED
+CVE-2024-8174 (A vulnerability has been found in code-projects Blood Bank System 1.0 ...)
+ TODO: check
+CVE-2024-8173 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2024-8172 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-8171 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
+ TODO: check
+CVE-2024-8170 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2024-8169 (A vulnerability was found in code-projects Online Quiz Site 1.0. It ha ...)
+ TODO: check
+CVE-2024-8168 (A vulnerability was found in code-projects Online Bus Reservation Site ...)
+ TODO: check
+CVE-2024-8167 (A vulnerability was found in code-projects Job Portal 1.0. It has been ...)
+ TODO: check
+CVE-2024-8166 (A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classif ...)
+ TODO: check
+CVE-2024-8165 (A vulnerability, which was classified as problematic, was found in Che ...)
+ TODO: check
+CVE-2024-8164 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2024-8163 (A vulnerability classified as critical was found in Chengdu Everbrite ...)
+ TODO: check
+CVE-2024-8162 (A vulnerability classified as critical has been found in TOTOLINK T10 ...)
+ TODO: check
+CVE-2024-8161 (SQL injection vulnerability in ATISolutions CIGES affecting versions l ...)
+ TODO: check
+CVE-2024-8158 (A bug in the 9p authentication implementation within lib9p allows an a ...)
+ TODO: check
+CVE-2024-8155 (A vulnerability classified as critical was found in ContiNew Admin 3.2 ...)
+ TODO: check
+CVE-2024-8154 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2024-8153 (A vulnerability was found in SourceCodester QR Code Bookmark System 1. ...)
+ TODO: check
+CVE-2024-8152 (A vulnerability was found in SourceCodester QR Code Bookmark System 1. ...)
+ TODO: check
+CVE-2024-8151 (A vulnerability was found in SourceCodester Interactive Map with Marke ...)
+ TODO: check
+CVE-2024-8150 (A vulnerability was found in ContiNew Admin 3.2.0 and classified as cr ...)
+ TODO: check
+CVE-2024-8105 (A vulnerability related to the use an insecure Platform Key (PK) has b ...)
+ TODO: check
+CVE-2024-8073 (Improper Input Validation vulnerability in Hillstone Networks Hillston ...)
+ TODO: check
+CVE-2024-7988 (A remote code execution vulnerability exists in the Rockwell Automatio ...)
+ TODO: check
+CVE-2024-7987 (A remote code execution vulnerability exists in the Rockwell Automatio ...)
+ TODO: check
+CVE-2024-7401 (Netskope was notified about a security gap in Netskope Client enrollme ...)
+ TODO: check
+CVE-2024-7313 (The Shield Security WordPress plugin before 20.0.6 does not sanitise ...)
+ TODO: check
+CVE-2024-6879 (The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails ...)
+ TODO: check
+CVE-2024-45265 (A SQL injection vulnerability in the poll component in SkySystem Arfa- ...)
+ TODO: check
+CVE-2024-45258 (The req package before 3.43.4 for Go may send an unintended request wh ...)
+ TODO: check
+CVE-2024-45256 (An arbitrary file write issue in the exfiltration endpoint in BYOB (Bu ...)
+ TODO: check
+CVE-2024-45241 (A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf ...)
+ TODO: check
+CVE-2024-44797 (A cross-site scripting (XSS) vulnerability in the component /managers/ ...)
+ TODO: check
+CVE-2024-44796 (A cross-site scripting (XSS) vulnerability in the component /auth/Azur ...)
+ TODO: check
+CVE-2024-44795 (A cross-site scripting (XSS) vulnerability in the component /login/dis ...)
+ TODO: check
+CVE-2024-44794 (A cross-site scripting (XSS) vulnerability in the component /master/au ...)
+ TODO: check
+CVE-2024-44793 (A cross-site scripting (XSS) vulnerability in the component /managers/ ...)
+ TODO: check
+CVE-2024-44565 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName par ...)
+ TODO: check
+CVE-2024-44563 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port ...)
+ TODO: check
+CVE-2024-44558 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...)
+ TODO: check
+CVE-2024-44557 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode ...)
+ TODO: check
+CVE-2024-44556 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbal ...)
+ TODO: check
+CVE-2024-44555 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan ...)
+ TODO: check
+CVE-2024-44553 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode ...)
+ TODO: check
+CVE-2024-44552 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbal ...)
+ TODO: check
+CVE-2024-44551 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan ...)
+ TODO: check
+CVE-2024-44550 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...)
+ TODO: check
+CVE-2024-44549 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port ...)
+ TODO: check
+CVE-2024-43967 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43966 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-43806 (Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `r ...)
+ TODO: check
+CVE-2024-43802 (Vim is an improved version of the unix vi text editor. When flushing t ...)
+ TODO: check
+CVE-2024-43444 (Passwords of agents and customers are displayed in plain text in the O ...)
+ TODO: check
+CVE-2024-43443 (Improper Neutralization of Input done by an attacker with admin privil ...)
+ TODO: check
+CVE-2024-43442 (Improper Neutralization of Input done by an attacker with admin privil ...)
+ TODO: check
+CVE-2024-43319 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-43289 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-43283 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-42913 (RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2024-42906 (TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) v ...)
+ TODO: check
+CVE-2024-42818 (A cross-site scripting (XSS) vulnerability in the Config-Create functi ...)
+ TODO: check
+CVE-2024-42816 (A cross-site scripting (XSS) vulnerability in the Create Product funct ...)
+ TODO: check
+CVE-2024-42792 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipa ...)
+ TODO: check
+CVE-2024-42791 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipa ...)
+ TODO: check
+CVE-2024-42790 (A Reflected Cross Site Scripting (XSS) vulnerability was found in "/mu ...)
+ TODO: check
+CVE-2024-42789 (A Reflected Cross Site Scripting (XSS) vulnerability was found in "/mu ...)
+ TODO: check
+CVE-2024-42788 (A Stored Cross Site Scripting (XSS) vulnerability was found in "/music ...)
+ TODO: check
+CVE-2024-42787 (A Stored Cross Site Scripting (XSS) vulnerability was found in "/music ...)
+ TODO: check
+CVE-2024-41996 (Validating the order of the public keys in the Diffie-Hellman Key Agre ...)
+ TODO: check
+CVE-2024-41879 (Acrobat Reader versions 127.0.2651.105 and earlier are affected by an ...)
+ TODO: check
+CVE-2024-41444 (SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of ...)
+ TODO: check
+CVE-2024-41285 (A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows ...)
+ TODO: check
+CVE-2024-39097 (There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below v ...)
+ TODO: check
+CVE-2024-38859 (XSS in the view page with the SLA column configured in Checkmk version ...)
+ TODO: check
+CVE-2024-34087 (An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24. ...)
+ TODO: check
+CVE-2024-28077 (A denial-of-service issue was discovered on certain GL-iNet devices. S ...)
+ TODO: check
+CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on Unix pla ...)
+ TODO: check
+CVE-2024-44942 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)
-CVE-2024-44941 [f2fs: fix to cover read extent cache access with lock]
+CVE-2024-44941 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)
-CVE-2024-44940 [fou: remove warn in gue_gro_receive on unsupported protocol]
+CVE-2024-44940 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)
-CVE-2024-44939 [jfs: fix null ptr deref in dtInsertEntry]
+CVE-2024-44939 (In the Linux kernel, the following vulnerability has been resolved: j ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)
-CVE-2024-44938 [jfs: Fix shift-out-of-bounds in dbDiscardAG]
+CVE-2024-44938 (In the Linux kernel, the following vulnerability has been resolved: j ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)
-CVE-2024-44937 [platform/x86: intel-vbtn: Protect ACPI notify handler against recursion]
+CVE-2024-44937 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)
-CVE-2024-44936 [power: supply: rt5033: Bring back i2c_set_clientdata]
+CVE-2024-44936 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d3911f1639e67fc7b12aae0efa5a540976d7443b (6.11-rc3)
-CVE-2024-44935 [sctp: Fix null-ptr-deref in reuseport_add_sock().]
+CVE-2024-44935 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)
-CVE-2024-44934 [net: bridge: mcast: wait for previous gc cycles when removing port]
+CVE-2024-44934 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)
-CVE-2024-44933 [bnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl()]
+CVE-2024-44933 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/da03f5d1b2c319a2b74fe76edeadcd8fa5f44376 (6.11-rc3)
-CVE-2024-44932 [idpf: fix UAFs when destroying the queues]
+CVE-2024-44932 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)
-CVE-2024-44931 [gpio: prevent potential speculation leaks in gpio_device_get_desc()]
+CVE-2024-44931 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)
-CVE-2024-43914 [md/raid5: avoid BUG_ON() while continue reshape after reassembling]
+CVE-2024-43914 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)
-CVE-2024-43913 [nvme: apple: fix device reference counting]
+CVE-2024-43913 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)
-CVE-2024-43912 [wifi: nl80211: disallow setting special AP channel widths]
+CVE-2024-43912 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)
-CVE-2024-43911 [wifi: mac80211: fix NULL dereference at band check in starting tx ba session]
+CVE-2024-43911 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)
-CVE-2024-43910 [bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses]
+CVE-2024-43910 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)
-CVE-2024-43909 [drm/amdgpu/pm: Fix the null pointer dereference for smu7]
+CVE-2024-43909 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)
-CVE-2024-43908 [drm/amdgpu: Fix the null pointer dereference to ras_manager]
+CVE-2024-43908 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)
-CVE-2024-43907 [drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules]
+CVE-2024-43907 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)
-CVE-2024-43906 [drm/admgpu: fix dereferencing null pointer context]
+CVE-2024-43906 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)
-CVE-2024-43905 [drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr]
+CVE-2024-43905 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)
-CVE-2024-43904 [drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing]
+CVE-2024-43904 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)
-CVE-2024-43903 [drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update]
+CVE-2024-43903 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)
-CVE-2024-43902 [drm/amd/display: Add null checker before passing variables]
+CVE-2024-43902 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)
-CVE-2024-43901 [drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401]
+CVE-2024-43901 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/5af757124792817f8eb1bd0c80ad60fab519586b (6.11-rc1)
-CVE-2024-43900 [media: xc2028: avoid use-after-free in load_firmware_cb()]
+CVE-2024-43900 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)
-CVE-2024-43899 [drm/amd/display: Fix null pointer deref in dcn20_resource.c]
+CVE-2024-43899 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)
-CVE-2024-43898 [ext4: sanity check for NULL pointer after ext4_force_shutdown]
+CVE-2024-43898 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)
-CVE-2024-43897 [net: drop bad gso csum_start and offset in virtio_net_hdr]
+CVE-2024-43897 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/89add40066f9ed9abe5f7f886fe5789ff7e0c50e (6.11-rc2)
-CVE-2024-43896 [ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL]
+CVE-2024-43896 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dc268085e499666b9f4f0fcb4c5a94e1c0b193b3 (6.11-rc3)
-CVE-2024-43895 [drm/amd/display: Skip Recompute DSC Params if no Stream on Link]
+CVE-2024-43895 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)
-CVE-2024-43894 [drm/client: fix null pointer dereference in drm_client_modeset_probe]
+CVE-2024-43894 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)
-CVE-2024-43893 [serial: core: check uartclk for zero to avoid divide by zero]
+CVE-2024-43893 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)
-CVE-2024-43892 [memcg: protect concurrent access to mem_cgroup_idr]
+CVE-2024-43892 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)
-CVE-2024-43891 [tracing: Have format file honor EVENT_FILE_FL_FREED]
+CVE-2024-43891 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)
-CVE-2024-43890 [tracing: Fix overflow in get_free_elt()]
+CVE-2024-43890 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)
-CVE-2024-43889 [padata: Fix possible divide-by-0 panic in padata_mt_helper()]
+CVE-2024-43889 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)
-CVE-2024-43888 [mm: list_lru: fix UAF for memory cgroup]
+CVE-2024-43888 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)
-CVE-2024-43887 [net/tcp: Disable TCP-AO static key after RCU grace period]
+CVE-2024-43887 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)
-CVE-2024-43886 [drm/amd/display: Add null check in resource_log_pipe_topology_update]
+CVE-2024-43886 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.6-1
NOTE: https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)
-CVE-2024-43885 [btrfs: fix double inode unlock for direct IO sync writes]
+CVE-2024-43885 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115 (6.11-rc3)
-CVE-2024-43884 [Bluetooth: MGMT: Add error handling to pair_device()]
+CVE-2024-43884 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)
CVE-2024-8147 (A vulnerability was found in code-projects Pharmacy Management System ...)
@@ -316,7 +472,8 @@ CVE-2024-43032 (autMan v2.9.6 allows attackers to bypass authentication via a cr
NOT-FOR-US: autMan
CVE-2024-43031 (autMan v2.9.6 was discovered to contain an access control issue.)
NOT-FOR-US: autMan
-CVE-2024-42992 (Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file r ...)
+CVE-2024-42992
+ REJECTED
- pandas <undetermined>
TODO: check, unclear report in https://github.com/juwenyi/CVE-2024-42992
CVE-2024-42918 (itsourcecode Online Accreditation Management System contains a Cross S ...)
@@ -7884,14 +8041,17 @@ CVE-2024-24622 (Softaculous Webuzo contains a command injection in the password
CVE-2024-24621 (Softaculous Webuzo contains an authentication bypass vulnerability thr ...)
NOT-FOR-US: Softaculous Webuzo
CVE-2024-35296 (Invalid Accept-Encoding header can cause Apache Traffic Server to fail ...)
+ {DSA-5758-1}
- trafficserver 9.2.5+ds-1 (bug #1077141)
NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
NOTE: https://github.com/apache/trafficserver/commit/4122abd9272d49cb4ed87d479e1febb0f1c7c1da
CVE-2024-35161 (Apache Traffic Server forwards malformed HTTP chunked trailer section ...)
+ {DSA-5758-1}
- trafficserver 9.2.5+ds-1 (bug #1077141)
NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
NOTE: https://github.com/apache/trafficserver/commit/3ba1e2685f89bcd631b66748f70f69a5eecf741b
CVE-2023-38522 (Apache Traffic Server accepts characters that are not allowed for HTTP ...)
+ {DSA-5758-1}
- trafficserver 9.2.5+ds-1 (bug #1077141)
NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
NOTE: https://github.com/apache/trafficserver/commit/b104992e2315969688a697cbf7d5007a7dca396f
@@ -32005,6 +32165,7 @@ CVE-2024-34090 (An issue was discovered in Archer Platform 6 before 2024.04. The
CVE-2024-34089 (An issue was discovered in Archer Platform 6 before 2024.04. There is ...)
NOT-FOR-US: Archer Platform
CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typo ...)
+ {DLA-3856-1}
- python-html-sanitizer <unfixed> (bug #1070710)
NOTE: https://github.com/matthiask/html-sanitizer/security/advisories/GHSA-wvhx-q427-fgh3
NOTE: https://github.com/matthiask/html-sanitizer/commit/48db42fc5143d0140c32d929c46b802f96913550 (2.4.2)
@@ -85183,7 +85344,7 @@ CVE-2023-32461 (Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer ove
NOT-FOR-US: Dell
CVE-2023-4958 (In Red Hat Advanced Cluster Security (RHACS), it was found that some s ...)
NOT-FOR-US: StackRox
-CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital Yepas all ...)
+CVE-2023-4972 (Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas ...)
NOT-FOR-US: Yepas Digital Yepas
CVE-2023-4965 (A vulnerability was found in phpipam 1.5.1. It has been rated as probl ...)
- phpipam <itp> (bug #731713)
@@ -87157,6 +87318,7 @@ CVE-2023-37827 (A cross-site scripting (XSS) vulnerability in General Solutions
CVE-2023-37826 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement
CVE-2023-36328 (Integer Overflow vulnerability in mp_grow in libtom libtommath before ...)
+ {DLA-3857-1}
- libtommath 1.2.1-1 (bug #1051100)
[bookworm] - libtommath 1.2.0-6+deb12u1
[buster] - libtommath <no-dsa> (Minor issue)
@@ -117064,8 +117226,8 @@ CVE-2023-26317 (A vulnerability has been discovered in Xiaomi routers that could
NOT-FOR-US: Xiaomi
CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service Application pro ...)
NOT-FOR-US: Xiaomi
-CVE-2023-26315
- RESERVED
+CVE-2023-26315 (The Xiaomi router AX9000 has a post-authentication command injection v ...)
+ TODO: check
CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: MedData Informatics MedDataPACS
CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox CLI f ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62deea4aa7777ee57f6e1baa002d8cc970f2597c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62deea4aa7777ee57f6e1baa002d8cc970f2597c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240826/9225133f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list