[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 23 20:12:31 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a302c90e by security tracker role at 2024-02-23T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,86 +1,158 @@
-CVE-2024-26597 [net: qualcomm: rmnet: fix global oob in rmnet_policy]
+CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are vulnerabl ...)
+ TODO: check
+CVE-2024-27318 (Versions of the package onnx before and including 1.15.0 are vulnerabl ...)
+ TODO: check
+CVE-2024-26150 (`@backstage/backend-common` is a common functionality library for back ...)
+ TODO: check
+CVE-2024-25928 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-25915 (Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pex ...)
+ TODO: check
+CVE-2024-25629 (c-ares is a C library for asynchronous DNS requests. `ares__read_line( ...)
+ TODO: check
+CVE-2024-23320 (Improper Input Validation vulnerability in Apache DolphinScheduler. An ...)
+ TODO: check
+CVE-2024-22776 (Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-bas ...)
+ TODO: check
+CVE-2024-1834 (A vulnerability was found in SourceCodester Simple Student Attendance ...)
+ TODO: check
+CVE-2024-1833 (A vulnerability was found in SourceCodester Employee Management System ...)
+ TODO: check
+CVE-2024-1832 (A vulnerability has been found in SourceCodester Complete File Managem ...)
+ TODO: check
+CVE-2024-1831 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2024-1830 (A vulnerability was found in code-projects Library System 1.0. It has ...)
+ TODO: check
+CVE-2024-1829 (A vulnerability was found in code-projects Library System 1.0. It has ...)
+ TODO: check
+CVE-2024-1828 (A vulnerability was found in code-projects Library System 1.0. It has ...)
+ TODO: check
+CVE-2024-1827 (A vulnerability was found in code-projects Library System 1.0 and clas ...)
+ TODO: check
+CVE-2024-1826 (A vulnerability has been found in code-projects Library System 1.0 and ...)
+ TODO: check
+CVE-2024-1825 (A vulnerability, which was classified as problematic, was found in Cod ...)
+ TODO: check
+CVE-2024-1824 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2024-1823 (A vulnerability classified as critical was found in CodeAstro Simple V ...)
+ TODO: check
+CVE-2024-1822 (A vulnerability classified as problematic has been found in PHPGurukul ...)
+ TODO: check
+CVE-2024-1821 (A vulnerability was found in code-projects Crime Reporting System 1.0. ...)
+ TODO: check
+CVE-2024-1820 (A vulnerability was found in code-projects Crime Reporting System 1.0. ...)
+ TODO: check
+CVE-2024-1819 (A vulnerability was found in CodeAstro Membership Management System 1. ...)
+ TODO: check
+CVE-2024-1818 (A vulnerability was found in CodeAstro Membership Management System 1. ...)
+ TODO: check
+CVE-2024-1817 (A vulnerability has been found in Demososo DM Enterprise Website Build ...)
+ TODO: check
+CVE-2024-1590 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
+ TODO: check
+CVE-2024-1362 (The Colibri Page Builder plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2024-1361 (The Colibri Page Builder plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2024-1360 (The Colibri WP theme for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2024-0563 (Denial of service condition in M-Files Server inversions before 24.2 ( ...)
+ TODO: check
+CVE-2023-52457 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2023-51394 (High traffic environments may result in NULL Pointer Dereference vulne ...)
+ TODO: check
+CVE-2023-51393 (Due to an allocation of resources without limits, an uncontrolled reso ...)
+ TODO: check
+CVE-2023-51392 (Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of ...)
+ TODO: check
+CVE-2023-4826 (The SocialDriver WordPress theme before version 2024 has a prototype p ...)
+ TODO: check
+CVE-2024-26597 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
NOTE: https://git.kernel.org/linus/b33fb5b801c6db408b774a68e7c8722796b59ecc (6.8-rc1)
-CVE-2023-52464 [EDAC/thunderx: Fix possible out-of-bounds string access]
+CVE-2023-52464 (In the Linux kernel, the following vulnerability has been resolved: E ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
NOTE: https://git.kernel.org/linus/475c58e1a471e9b873e3e39958c64a2d278275c8 (6.8-rc1)
-CVE-2023-52463 [efivarfs: force RO when remounting if SetVariable is not supported]
+CVE-2023-52463 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0e8d2444168dd519fea501599d150e62718ed2fe (6.8-rc1)
-CVE-2023-52459 [media: v4l: async: Fix duplicated list deletion]
+CVE-2023-52459 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2 (6.8-rc1)
-CVE-2024-26599 [pwm: Fix out-of-bounds access in of_pwm_single_xlate()]
+CVE-2024-26599 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a297d07b9a1e4fb8cda25a4a2363a507d294b7c9 (6.8-rc1)
-CVE-2024-26598 [KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache]
+CVE-2024-26598 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
NOTE: https://git.kernel.org/linus/ad362fe07fecf0aba839ff2cc59a3617bd42c33f (6.8-rc1)
-CVE-2024-26596 [net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events]
+CVE-2024-26596 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/844f104790bd69c2e4dbb9ee3eba46fde1fcea7b (6.8-rc1)
-CVE-2024-26595 [mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path]
+CVE-2024-26595 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.6.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809 (6.8-rc1)
-CVE-2023-52461 [drm/sched: Fix bounds limiting when given a malformed entity]
+CVE-2023-52461 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2bbe6ab2be53858507f11f99f856846d04765ae3 (6.8-rc1)
-CVE-2023-52462 [bpf: fix check for attempt to corrupt spilled pointer]
+CVE-2023-52462 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae (6.8-rc1)
-CVE-2023-52460 [drm/amd/display: Fix NULL pointer dereference at hibernate]
+CVE-2023-52460 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b719a9c15d52d4f56bdea8241a5d90fd9197ce99 (6.8-rc1)
-CVE-2023-52458 [block: add check that partition length needs to be aligned with block size]
+CVE-2023-52458 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE: https://git.kernel.org/linus/6f64f866aa1ae6975c95d805ed51d7e9433a0016 (6.8-rc1)
-CVE-2023-52456 [serial: imx: fix tx statemachine deadlock]
+CVE-2023-52456 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0 (6.8-rc1)
-CVE-2023-52455 [iommu: Don't reserve 0-length IOVA region]
+CVE-2023-52455 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bb57f6705960bebeb832142ce9abf43220c3eab1 (6.8-rc1)
-CVE-2023-52454 [nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length]
+CVE-2023-52454 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/efa56305908ba20de2104f1b8508c6a7401833be (6.8-rc1)
-CVE-2023-52453 [hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume]
+CVE-2023-52453 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/be12ad45e15b5ee0e2526a50266ba1d295d26a88 (6.8-rc1)
-CVE-2024-26594 [ksmbd: validate mech token in session setup]
+CVE-2024-26594 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -91,7 +163,7 @@ CVE-2024-22025
NOTE: https://nodejs.org/en/blog/release/v18.19.1
NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda (v18.x)
NOTE: https://github.com/nodejs/node/commit/9052ef43dc2d1b0db340591a9bc9e45a25c01d90 (main)
-CVE-2024-26593 [i2c: i801: Fix block process call transactions]
+CVE-2024-26593 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21 (6.8-rc5)
CVE-2024-23807
@@ -885,7 +957,7 @@ CVE-2024-1554 (The `fetch()` API and navigation incorrectly shared the same cach
- firefox 123.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1554
CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thun ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -893,7 +965,7 @@ CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1553
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1553
CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric convers ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -901,7 +973,7 @@ CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric co
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1552
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1552
CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in multipar ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -909,7 +981,7 @@ CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in mul
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1551
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1551
CVE-2024-1550 (A malicious website could have used a combination of exiting fullscree ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -917,7 +989,7 @@ CVE-2024-1550 (A malicious website could have used a combination of exiting full
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1550
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1550
CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor could h ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -925,7 +997,7 @@ CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor co
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1549
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1549
CVE-2024-1548 (A website could have obscured the fullscreen notification by using a d ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -933,7 +1005,7 @@ CVE-2024-1548 (A website could have obscured the fullscreen notification by usin
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1548
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1548
CVE-2024-1547 (Through a series of API calls and redirects, an attacker-controlled al ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -941,7 +1013,7 @@ CVE-2024-1547 (Through a series of API calls and redirects, an attacker-controll
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1547
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1547
CVE-2024-1546 (When storing and re-accessing data on a networking channel, the length ...)
- {DSA-5627-1}
+ {DSA-5630-1 DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird 1:115.8.0-1
@@ -5231,7 +5303,8 @@ CVE-2023-7225 (The MapPress Maps for WordPress plugin for WordPress is vulnerabl
NOT-FOR-US: WordPress plugin
CVE-2023-5372 (The post-authentication command injection vulnerability in Zyxel NAS32 ...)
NOT-FOR-US: Zyxel
-CVE-2023-52071 (tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to contain ...)
+CVE-2023-52071
+ REJECTED
- curl 8.4.0-1 (unimportant)
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -12609,7 +12682,7 @@ CVE-2023-50272 (A potential security vulnerability has been identified in HPE In
NOT-FOR-US: HPE
CVE-2023-49706 (Defective request context handling in Self Service in LinOTP 3.x befor ...)
NOT-FOR-US: LinOTP
-CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer ve ...)
+CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer ver ...)
NOT-FOR-US: kalcaddle KodExplorer
CVE-2023-49006 (Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version ...)
- phpsysinfo 3.4.3-1
@@ -67311,8 +67384,8 @@ CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24417 (Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Wor ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24416
- RESERVED
+CVE-2023-24416 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI Cha ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...)
@@ -91270,8 +91343,8 @@ CVE-2022-43844 (IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.
NOT-FOR-US: IBM
CVE-2022-43843 (IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected c ...)
NOT-FOR-US: IBM
-CVE-2022-43842
- RESERVED
+CVE-2022-43842 (IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. ...)
+ TODO: check
CVE-2022-43841
RESERVED
CVE-2022-43840
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a302c90e96d400ccd53f43c546d776c01944cc44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a302c90e96d400ccd53f43c546d776c01944cc44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240223/794bb455/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list