[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 2 20:12:13 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
65cca1f1 by security tracker role at 2024-12-02T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,89 +1,345 @@
-CVE-2024-53124 [net: fix data-races around sk->sk_forward_alloc]
+CVE-2024-8785 (In WhatsUp Gold versions released before 2024.0.1, aremote unauthentic ...)
+ TODO: check
+CVE-2024-5890 (ServiceNow has addressed an HTML injection vulnerability that was iden ...)
+ TODO: check
+CVE-2024-53992 (unzip-bot is a Telegram bot to extract various types of archives. User ...)
+ TODO: check
+CVE-2024-53990 (The AsyncHttpClient (AHC) library allows Java applications to easily e ...)
+ TODO: check
+CVE-2024-53984 (Nanopb is a small code-size Protocol Buffers implementation. When the ...)
+ TODO: check
+CVE-2024-53981 (python-multipart is a streaming multipart parser for Python. When pars ...)
+ TODO: check
+CVE-2024-53900 (Mongoose before 8.8.3 can improperly use $where in match.)
+ TODO: check
+CVE-2024-53862 (Argo Workflows is an open source container-native workflow engine for ...)
+ TODO: check
+CVE-2024-53793 (Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence L ...)
+ TODO: check
+CVE-2024-53792 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-53789 (Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanc ...)
+ TODO: check
+CVE-2024-53784 (Missing Authorization vulnerability in E-goi Smart Marketing SMS and N ...)
+ TODO: check
+CVE-2024-53782 (Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Vi ...)
+ TODO: check
+CVE-2024-53781 (Cross-Site Request Forgery (CSRF) vulnerability in Home Junction Spati ...)
+ TODO: check
+CVE-2024-53780 (Cross-Site Request Forgery (CSRF) vulnerability in Rajeev Chauhan Load ...)
+ TODO: check
+CVE-2024-53779 (Cross-Site Request Forgery (CSRF) vulnerability in Max Engel Yahoo! We ...)
+ TODO: check
+CVE-2024-53777 (Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Sim ...)
+ TODO: check
+CVE-2024-53776 (Cross-Site Request Forgery (CSRF) vulnerability in Raphael Heide Donat ...)
+ TODO: check
+CVE-2024-53775 (Cross-Site Request Forgery (CSRF) vulnerability in TannerRitchie Web A ...)
+ TODO: check
+CVE-2024-53770 (Cross-Site Request Forgery (CSRF) vulnerability in Peter MacIntyre Rin ...)
+ TODO: check
+CVE-2024-53769 (Cross-Site Request Forgery (CSRF) vulnerability in Ludovic RIAUDEL Cus ...)
+ TODO: check
+CVE-2024-53765 (Cross-Site Request Forgery (CSRF) vulnerability in Think201 Mins To Re ...)
+ TODO: check
+CVE-2024-53762 (Cross-Site Request Forgery (CSRF) vulnerability in Faster Themes FastB ...)
+ TODO: check
+CVE-2024-53761 (Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP Revisions ...)
+ TODO: check
+CVE-2024-53759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53755 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Thir ...)
+ TODO: check
+CVE-2024-53754 (Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Out Of ...)
+ TODO: check
+CVE-2024-53753 (Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBoo ...)
+ TODO: check
+CVE-2024-53751 (Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build ...)
+ TODO: check
+CVE-2024-53741 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53740 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53730 (Cross-Site Request Forgery (CSRF) vulnerability in Aaron Hodge Silver ...)
+ TODO: check
+CVE-2024-53729 (Cross-Site Request Forgery (CSRF) vulnerability in Plumeria Web Design ...)
+ TODO: check
+CVE-2024-53728 (Cross-Site Request Forgery (CSRF) vulnerability in SEO-K\xfcche Intern ...)
+ TODO: check
+CVE-2024-53727 (Cross-Site Request Forgery (CSRF) vulnerability in LinkLaunder.com Lin ...)
+ TODO: check
+CVE-2024-53726 (Cross-Site Request Forgery (CSRF) vulnerability in Realty Candy Realty ...)
+ TODO: check
+CVE-2024-53725 (Cross-Site Request Forgery (CSRF) vulnerability in Script-Recipes Post ...)
+ TODO: check
+CVE-2024-53724 (Cross-Site Request Forgery (CSRF) vulnerability in Ronny L. Bull IceSt ...)
+ TODO: check
+CVE-2024-53723 (Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI ...)
+ TODO: check
+CVE-2024-53722 (Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon ...)
+ TODO: check
+CVE-2024-53721 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53720 (Cross-Site Request Forgery (CSRF) vulnerability in ole1986 , MachineIT ...)
+ TODO: check
+CVE-2024-53719 (Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax \u20 ...)
+ TODO: check
+CVE-2024-53718 (Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi ...)
+ TODO: check
+CVE-2024-53717 (Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg yP ...)
+ TODO: check
+CVE-2024-53716 (Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto to ...)
+ TODO: check
+CVE-2024-53715 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simp ...)
+ TODO: check
+CVE-2024-53714 (Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Contin ...)
+ TODO: check
+CVE-2024-53713 (Cross-Site Request Forgery (CSRF) vulnerability in Alain Diart for les ...)
+ TODO: check
+CVE-2024-53712 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin McCabe Kevin' ...)
+ TODO: check
+CVE-2024-53711 (Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Ho ...)
+ TODO: check
+CVE-2024-53710 (Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS allow ...)
+ TODO: check
+CVE-2024-53709 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53708 (Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessi ...)
+ TODO: check
+CVE-2024-53707 (Cross-Site Request Forgery (CSRF) vulnerability in Ahmet \u0130mamo\u0 ...)
+ TODO: check
+CVE-2024-53617 (A Cross Site Scripting vulnerability in LibrePhotos before commit 3223 ...)
+ TODO: check
+CVE-2024-53566 (An issue in the action_listcategories() function of Sangoma Asterisk v ...)
+ TODO: check
+CVE-2024-53564 (An authenticated arbitrary file upload vulnerability in the component ...)
+ TODO: check
+CVE-2024-53484 (Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation d ...)
+ TODO: check
+CVE-2024-53459 (Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) vi ...)
+ TODO: check
+CVE-2024-53364 (A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking ...)
+ TODO: check
+CVE-2024-53259 (quic-go is an implementation of the QUIC protocol in Go. An off-path a ...)
+ TODO: check
+CVE-2024-52806 (SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functio ...)
+ TODO: check
+CVE-2024-52732 (Incorrect access control in wms-Warehouse management system-zeqp v2.20 ...)
+ TODO: check
+CVE-2024-52724 (ZZCMS 2023 was discovered to contain a SQL injection vulnerability in ...)
+ TODO: check
+CVE-2024-52503 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52494 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52493 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52492 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52491 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52489 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52487 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52486 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52484 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52483 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52482 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52479 (Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify ...)
+ TODO: check
+CVE-2024-52478 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52477 (Cross-Site Request Forgery (CSRF) vulnerability in No-nonsense Labs Do ...)
+ TODO: check
+CVE-2024-52476 (Unrestricted Upload of File with Dangerous Type vulnerability in stefa ...)
+ TODO: check
+CVE-2024-52469 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52468 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52467 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52466 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52465 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52464 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52463 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52462 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52461 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52460 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52459 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52458 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52457 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52456 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52455 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52454 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52452 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-51900 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-50381 (A vulnerability exists in Snap One OVRC cloud where an attacker can im ...)
+ TODO: check
+CVE-2024-50380 (Snap One OVRC cloud uses the MAC address as an identifier to provide i ...)
+ TODO: check
+CVE-2024-49763 (PlexRipper is a cross-platform media downloader for Plex. PlexRipper\u ...)
+ TODO: check
+CVE-2024-46909 (In WhatsUp Gold versions released before 2024.0.1, aremote unauthentic ...)
+ TODO: check
+CVE-2024-46908 (In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vul ...)
+ TODO: check
+CVE-2024-46907 (In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vul ...)
+ TODO: check
+CVE-2024-46906 (In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vul ...)
+ TODO: check
+CVE-2024-46905 (In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vul ...)
+ TODO: check
+CVE-2024-43053 (Memory corruption while invoking IOCTL calls from user space to read W ...)
+ TODO: check
+CVE-2024-43052 (Memory corruption while processing API calls to NPU with invalid input ...)
+ TODO: check
+CVE-2024-43050 (Memory corruption while invoking IOCTL calls from user space to issue ...)
+ TODO: check
+CVE-2024-43049 (Memory corruption while invoking IOCTL calls from user space to set ge ...)
+ TODO: check
+CVE-2024-43048 (Memory corruption when invalid input is passed to invoke GPU Headroom ...)
+ TODO: check
+CVE-2024-39343 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...)
+ TODO: check
+CVE-2024-38827 (The usage of String.toLowerCase()and String.toUpperCase()has some Loca ...)
+ TODO: check
+CVE-2024-33063 (Transient DOS while parsing the ML IE when a beacon with common info l ...)
+ TODO: check
+CVE-2024-33056 (Memory corruption when allocating and accessing an entry in an SMEM pa ...)
+ TODO: check
+CVE-2024-33053 (Memory corruption when multiple threads try to unregister the CVP buff ...)
+ TODO: check
+CVE-2024-33044 (Memory corruption while Configuring the SMR/S2CR register in Bypass mo ...)
+ TODO: check
+CVE-2024-33040 (Memory corruption while invoking redundant release command to release ...)
+ TODO: check
+CVE-2024-33039 (Memory corruption when PAL client calls PAL service APIs by passing a ...)
+ TODO: check
+CVE-2024-33037 (Information disclosure as NPU firmware can send invalid IPC message to ...)
+ TODO: check
+CVE-2024-33036 (Memory corruption while parsing sensor packets in camera driver, user- ...)
+ TODO: check
+CVE-2024-31669 (rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Con ...)
+ TODO: check
+CVE-2024-29645 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an at ...)
+ TODO: check
+CVE-2024-12015 (The 'Project Manager' WordPress Plugin is affected by an authenticated ...)
+ TODO: check
+CVE-2024-10905 (IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 ...)
+ TODO: check
+CVE-2024-10490 (An \u201cAuthentication Bypass Using an Alternate Path or Channel\u201 ...)
+ TODO: check
+CVE-2024-53124 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.10-1
NOTE: https://git.kernel.org/linus/073d89808c065ac4c672c0a613a71b27a80691cb (6.12)
-CVE-2024-53123 [mptcp: error out earlier on disconnect]
+CVE-2024-53123 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/581302298524e9d77c4c44ff5156a6cd112227ae (6.12)
-CVE-2024-53122 [mptcp: cope racing subflow creation in mptcp_rcv_space_adjust]
+CVE-2024-53122 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/ce7356ae35943cc6494cc692e62d51a734062b7d (6.12)
-CVE-2024-53121 [net/mlx5: fs, lock FTE when checking if active]
+CVE-2024-53121 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/9ca314419930f9135727e39d77e66262d5f7bef6 (6.12)
-CVE-2024-53120 [net/mlx5e: CT: Fix null-ptr-deref in add rule err flow]
+CVE-2024-53120 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e99c6873229fe0482e7ceb7d5600e32d623ed9d9 (6.12)
-CVE-2024-53119 [virtio/vsock: Fix accept_queue memory leak]
+CVE-2024-53119 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/d7b0ff5a866724c3ad21f2628c22a63336deec3f (6.12)
-CVE-2024-53118 [vsock: Fix sk_error_queue memory leak]
+CVE-2024-53118 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33 (6.12)
-CVE-2024-53117 [virtio/vsock: Improve MSG_ZEROCOPY error handling]
+CVE-2024-53117 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/60cf6206a1f513512f5d73fa4d3dbbcad2e7dcd6 (6.12)
-CVE-2024-53116 [drm/panthor: Fix handling of partial GPU mapping of BOs]
+CVE-2024-53116 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3387e043918e154ca08d83954966a8b087fe2835 (6.12)
-CVE-2024-53115 [drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle]
+CVE-2024-53115 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/93d1f41a82de382845af460bf03bcb17dcbf08c5 (6.12)
-CVE-2024-53114 [x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client]
+CVE-2024-53114 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.11.10-1
NOTE: https://git.kernel.org/linus/a5ca1dc46a6b610dd4627d8b633d6c84f9724ef0 (6.12)
-CVE-2024-53113 [mm: fix NULL pointer dereference in alloc_pages_bulk_noprof]
+CVE-2024-53113 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8ce41b0f9d77cca074df25afd39b86e2ee3aa68e (6.12)
-CVE-2024-53112 [ocfs2: uncache inode which has failed entering the group]
+CVE-2024-53112 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/737f34137844d6572ab7d473c998c7f977ff30eb (6.12)
-CVE-2024-53111 [mm/mremap: fix address wraparound in move_page_tables()]
+CVE-2024-53111 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a4a282daf1a190f03790bf163458ea3c8d28d217 (6.12)
-CVE-2024-53110 [vp_vdpa: fix id_table array not null terminated error]
+CVE-2024-53110 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4e39ecadf1d2a08187139619f1f314b64ba7d947 (6.12)
-CVE-2024-53109 [nommu: pass NULL argument to vma_iter_prealloc()]
+CVE-2024-53109 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/247d720b2c5d22f7281437fd6054a138256986ba (6.12)
-CVE-2024-53108 [drm/amd/display: Adjust VSDB parser for replay feature]
+CVE-2024-53108 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.10-1
NOTE: https://git.kernel.org/linus/16dd2825c23530f2259fc671960a3a65d2af69bd (6.12)
-CVE-2024-53107 [fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()]
+CVE-2024-53107 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/669b0cb81e4e4e78cff77a5b367c7f70c0c6c05e (6.12)
-CVE-2024-53106 [ima: fix buffer overrun in ima_eventdigest_init_common]
+CVE-2024-53106 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/923168a0631bc42fffd55087b337b1b6c54dcff5 (6.12)
-CVE-2024-53105 [mm: page_alloc: move mlocked flag clearance into free_pages_prepare()]
+CVE-2024-53105 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.11.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/66edc3a5894c74f8887c8af23b97593a0dd0df4d (6.12)
@@ -153,7 +409,8 @@ CVE-2024-12007 (A vulnerability, which was classified as critical, was found in
TODO: check
CVE-2024-11856 (A security vulnerability in HPE IceWall products could be exploited re ...)
TODO: check
-CVE-2024-52596
+CVE-2024-52596 (SimpleSAMLphp xml-common is a common classes for handling XML-structur ...)
+ {DSA-5822-1 DLA-3981-1}
- simplesamlphp <unfixed> (bug #1088904)
NOTE: https://github.com/simplesamlphp/simplesamlphp/releases/tag/v2.3.4
NOTE: Fixed by: https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7 (v4.16.14)
@@ -1019,7 +1276,7 @@ CVE-2024-11692 (An attacker could cause a select dropdown to be shown over anoth
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11692
-CVE-2024-11700 (Malicious websites may have been able to user intent confirmation thro ...)
+CVE-2024-11700 (Malicious websites may have been able to perform user intent confirmat ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11700
CVE-2024-11691 (Certain WebGL operations on Apple silicon M series devices could have ...)
@@ -5313,6 +5570,7 @@ CVE-2024-21541 (All versions of the package dom-iterator are vulnerable to Arbit
CVE-2024-21540
REJECTED
CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions improperly valida ...)
+ {DLA-3980-1}
- python3.12 <not-affected> (Fixed with first upload to Debian unstable)
- python3.11 3.11.4-1
- python3.9 <removed>
@@ -11565,7 +11823,7 @@ CVE-2024-53899 (virtualenv before 20.26.6 allows command injection through the a
NOTE: https://github.com/pypa/virtualenv/pull/2771
NOTE: Fixed by: https://github.com/pypa/virtualenv/commit/86dddeda7c991f8529e1995bbff280fb7b761972 (20.26.6)
CVE-2024-9287 (A vulnerability has been found in the CPython `venv` module and CLI wh ...)
- {DLA-3966-1}
+ {DLA-3980-1 DLA-3966-1}
- python3.13 <unfixed>
- python3.12 <unfixed>
- python3.11 <removed>
@@ -23766,6 +24024,7 @@ CVE-2024-34463 (BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send
CVE-2023-49233 (Insufficient access checks in Visual Planning Admin Center 8 before v. ...)
NOT-FOR-US: Visual Planning Admin Center
CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython. Regul ...)
+ {DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
@@ -25568,7 +25827,7 @@ CVE-2024-38208 (Microsoft Edge for Android Spoofing Vulnerability)
CVE-2023-7260 (Path Traversal vulnerability discovered in OpenText\u2122 CX-E Voice, ...)
NOT-FOR-US: OpenText
CVE-2024-8088 (There is a HIGH severity vulnerability affecting the CPython "zipfile" ...)
- {DSA-5759-1}
+ {DSA-5759-1 DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
@@ -26817,6 +27076,7 @@ CVE-2024-7924 (A vulnerability was found in ZZCMS 2023. It has been declared as
CVE-2024-7922 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...)
NOT-FOR-US: D-Link
CVE-2024-7592 (There is a LOW severity vulnerability affecting CPython, specifically ...)
+ {DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
@@ -31057,6 +31317,7 @@ CVE-2024-7357 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Li
CVE-2024-7211 (The 1E Platform's component utilized the third-party Duende Identity S ...)
NOT-FOR-US: 1E Platform
CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython. The emai ...)
+ {DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.5-1
- python3.11 <removed>
@@ -42640,7 +42901,7 @@ CVE-2024-6055 (Improper removal of sensitive information in data source export f
CVE-2024-5741 (Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2. ...)
- check-mk <removed>
CVE-2024-4032 (The \u201cipaddress\u201d module contained incorrect information about ...)
- {DSA-5759-1}
+ {DSA-5759-1 DLA-3980-1}
- python3.13 <not-affected> (Fixed before initial upload to Debian unstable)
- python3.12 3.12.4-1
- python3.11 <removed>
@@ -42754,7 +43015,7 @@ CVE-2024-36527 (puppeteer-renderer v.3.2.0 and before is vulnerable to Directory
CVE-2024-1469
REJECTED
CVE-2024-0397 (A defect was discovered in the Python \u201cssl\u201d module where the ...)
- {DSA-5759-1}
+ {DSA-5759-1 DLA-3980-1}
- python3.13 <not-affected> (Fixed before initial upload to Debian unstable)
- python3.12 3.12.3-1
- python3.11 3.11.9-1
@@ -73990,7 +74251,7 @@ CVE-2024-1145 (User enumeration vulnerability in Devklan's Alma Blog that affect
CVE-2024-1144 (Improper access control vulnerability in Devklan's Alma Blog that affe ...)
NOT-FOR-US: Devklan's Alma Blog
CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting versions ...)
- {DLA-3948-1 DLA-3772-1 DLA-3771-1}
+ {DLA-3980-1 DLA-3948-1 DLA-3772-1 DLA-3771-1}
- pypy3 7.3.16+dfsg-1
[bookworm] - pypy3 7.3.11+dfsg-2+deb12u2
- python3.12 3.12.2-1
@@ -74010,7 +74271,7 @@ CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting vers
NOTE: https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 (v3.9.19)
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/
CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory` class ...)
- {DLA-3948-1 DLA-3772-1}
+ {DLA-3980-1 DLA-3948-1 DLA-3772-1}
- python3.12 3.12.1-1
- python3.11 3.11.8-1 (bug #1070135)
[bookworm] - python3.11 3.11.2-6+deb12u2
@@ -113959,7 +114220,7 @@ CVE-2023-32078 (Netmaker makes networks with WireGuard. An Insecure Direct Objec
CVE-2023-32077 (Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0 ...)
NOT-FOR-US: Netmaker
CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...)
- {DLA-3948-1 DLA-3614-1 DLA-3575-1}
+ {DLA-3980-1 DLA-3948-1 DLA-3614-1 DLA-3575-1}
- python3.12 3.12.0~rc1-2
- python3.11 3.11.5-1
[bookworm] - python3.11 3.11.2-6+deb12u2
@@ -140785,7 +141046,7 @@ CVE-2023-27045
CVE-2023-27044
RESERVED
CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses e-mail ad ...)
- {DLA-3966-1}
+ {DLA-3980-1 DLA-3966-1}
- python3.12 3.12.6-1 (bug #1059299)
- python3.11 <removed> (bug #1059298)
[bookworm] - python3.11 <postponed> (Minor issue, wait until upstream has decided whether to backport to older branches)
@@ -148989,7 +149250,7 @@ CVE-2023-24331 (Command Injection vulnerability in D-Link Dir 816 with firmware
CVE-2023-24330 (Command Injection vulnerability in D-Link Dir 882 with firmware versio ...)
NOT-FOR-US: D-Link
CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 allows ...)
- {DLA-3948-1 DLA-3575-1}
+ {DLA-3980-1 DLA-3948-1 DLA-3575-1}
- python3.11 3.11.4-1
[bookworm] - python3.11 3.11.2-6+deb12u2
- python3.9 <removed>
@@ -166712,7 +166973,7 @@ CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, t
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/403
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/merge_requests/85
CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary quadra ...)
- {DLA-3966-1 DLA-3477-1 DLA-3432-1}
+ {DLA-3980-1 DLA-3966-1 DLA-3477-1 DLA-3432-1}
- python3.11 3.11.1-1
- python3.10 3.10.9-1
- python3.9 <removed>
@@ -175531,6 +175792,7 @@ CVE-2022-3505 (A vulnerability was found in SourceCodester Sanitization Manageme
CVE-2022-3504 (A vulnerability was found in SourceCodester Sanitization Management Sy ...)
NOT-FOR-US: SourceCodester
CVE-2022-42919 (Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows lo ...)
+ {DLA-3980-1}
- python3.11 3.11.0-2
- python3.10 3.10.8-2
- python3.9 <removed>
@@ -214088,7 +214350,7 @@ CVE-2022-1334 (The WP YouTube Live WordPress plugin before 1.8.3 does not valida
CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to properly chec ...)
NOT-FOR-US: Mattermost Playbooks plugin
CVE-2015-20107 (In Python (aka CPython) up to 3.10.8, the mailcap module does not add ...)
- {DLA-3477-1 DLA-3432-1}
+ {DLA-3980-1 DLA-3477-1 DLA-3432-1}
- python3.10 3.10.6-1
- python3.9 <removed>
- python3.7 <removed>
@@ -236894,7 +237156,7 @@ CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denia
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File Transfer Pro ...)
- {DLA-3477-1 DLA-3432-1 DLA-2919-1}
+ {DLA-3980-1 DLA-3477-1 DLA-3432-1 DLA-2919-1}
- python3.10 <not-affected> (Fixed before initial upload to Debian unstable)
- python3.9 3.9.7-1
- python3.7 <removed>
@@ -257571,7 +257833,7 @@ CVE-2021-3738 (In DCE/RPC it is possible to share the handles (cookies for resou
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response in the ...)
- {DLA-3966-1 DLA-3477-1 DLA-3432-1 DLA-2808-1}
+ {DLA-3980-1 DLA-3966-1 DLA-3477-1 DLA-3432-1 DLA-2808-1}
[experimental] - python3.9 3.9.6-1
- python3.9 3.9.7-1
- python3.7 <removed>
@@ -258782,7 +259044,7 @@ CVE-2021-39617
CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438)
NOT-FOR-US: Android
CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ...)
- {DLA-3477-1 DLA-3432-1 DLA-2808-1}
+ {DLA-3980-1 DLA-3477-1 DLA-3432-1 DLA-2808-1}
- python3.9 3.9.7-1
- python3.7 <removed>
- python3.5 <removed>
@@ -283990,6 +284252,7 @@ CVE-2021-29922 (library/std/src/net/parser.rs in Rust before 1.53.0 does not pro
NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md
NOTE: https://github.com/rust-lang/rust/commit/974192cd98b3efca8e5cd293f641f561e7487b30
CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles leading zero ...)
+ {DLA-3980-1}
[experimental] - python3.9 3.9.5-1
- python3.9 3.9.7-1 (bug #989195)
- python2.7 <not-affected> (Vulnerable code introduced later)
@@ -286620,7 +286883,7 @@ CVE-2021-28863
CVE-2021-28862
RESERVED
CVE-2021-28861 (Python 3.x through 3.10 has an open redirection vulnerability in lib/h ...)
- {DLA-3966-1}
+ {DLA-3980-1 DLA-3966-1}
- python3.11 3.11.0~b4-1 (unimportant)
- python3.10 3.10.6-1 (unimportant)
- python3.9 <removed> (unimportant)
@@ -288563,7 +288826,7 @@ CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier A
NOTE: Re-introduction of #378571 while migrating from debian/permissions to
NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2.
CVE-2021-3426 (There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ...)
- {DLA-3477-1 DLA-2619-1}
+ {DLA-3980-1 DLA-3477-1 DLA-2619-1}
[experimental] - python3.9 3.9.3-1
- python3.9 3.9.7-1
- python3.7 <removed>
@@ -363758,7 +364021,7 @@ CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions
NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master)
NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2)
CVE-2020-10735 (A flaw was found in python. In algorithms with quadratic time complexi ...)
- {DLA-3966-1 DLA-3477-1}
+ {DLA-3980-1 DLA-3966-1 DLA-3477-1}
- python3.11 3.11.0~rc2-1
- python3.10 3.10.7-1
- python3.9 <removed>
@@ -475658,10 +475921,10 @@ CVE-2018-9383
RESERVED
CVE-2018-9382
RESERVED
-CVE-2018-9381
- RESERVED
-CVE-2018-9380
- RESERVED
+CVE-2018-9381 (In gatts_process_read_by_type_req of gatt_sr.c, there is a possibleinf ...)
+ TODO: check
+CVE-2018-9380 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds w ...)
+ TODO: check
CVE-2018-9379
RESERVED
CVE-2018-9378
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65cca1f126004201a975d1b5a932f7c172a43e5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65cca1f126004201a975d1b5a932f7c172a43e5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241202/a7d68a21/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list