[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Feb 25 20:12:11 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea924967 by security tracker role at 2024-02-25T20:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,58 +1,70 @@
-CVE-2022-48626 [moxart: fix potential use-after-free on remove path]
+CVE-2024-0798 (A user with a `default` role given to them by the admin can sent `DELE ...)
+	TODO: check
+CVE-2024-0455 (The inclusion of the web scraper for AnythingLLM means that any user w ...)
+	TODO: check
+CVE-2024-0440 (Attacker, with permission to submit a link or submits a link via POST  ...)
+	TODO: check
+CVE-2024-0439 (As a manager, you should not be able to modify a series of settings. I ...)
+	TODO: check
+CVE-2024-0436 (Theoretically, it would be possible for an attacker to brute-force the ...)
+	TODO: check
+CVE-2024-0435 (User can send a chat that contains an XSS opportunity that will then r ...)
+	TODO: check
+CVE-2022-48626 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 5.16.10-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4)
-CVE-2021-46905 [net: hso: fix NULL-deref on disconnect regression]
+CVE-2021-46905 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <not-affected> (No Debian released version vulnerable))
 	NOTE: https://git.kernel.org/linus/2ad5692db72874f02b9ad551d26345437ea4f7f3 (5.13-rc1)
-CVE-2021-46904 [net: hso: fix null-ptr-deref during tty device unregistration]
+CVE-2021-46904 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.38-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/8a12f8836145ffe37e9c8733dce18c22fb668b66 (5.12-rc7)
-CVE-2023-52465 [power: supply: Fix null pointer dereference in smb2_probe]
+CVE-2023-52465 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/88f04bc3e737155e13caddf0ba8ed19db87f0212 (6.8-rc1)
-CVE-2023-52466 [PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()]
+CVE-2023-52466 (In the Linux kernel, the following vulnerability has been resolved:  P ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3171e46d677a668eed3086da78671f1e4f5b8405 (6.8-rc1)
-CVE-2023-52467 [mfd: syscon: Fix null pointer dereference in of_syscon_register()]
+CVE-2023-52467 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[bullseye] - linux 5.10.209-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/41673c66b3d0c09915698fec5c13b24336f18dd1 (6.8-rc1)
-CVE-2023-52468 [class: fix use-after-free in class_register()]
+CVE-2023-52468 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/93ec4a3b76404bce01bd5c9032bef5df6feb1d62 (6.8-rc1)
-CVE-2023-52469 [drivers/amd/pm: fix a use-after-free in kv_parse_power_table]
+CVE-2023-52469 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[bullseye] - linux 5.10.209-1
 	NOTE: https://git.kernel.org/linus/28dd788382c43b330480f57cd34cde0840896743 (6.8-rc1)
-CVE-2023-52470 [drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()]
+CVE-2023-52470 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[bullseye] - linux 5.10.209-1
 	NOTE: https://git.kernel.org/linus/7a2464fac80d42f6f8819fed97a553e9c2f43310 (6.8-rc1)
-CVE-2023-52471 [ice: Fix some null pointer dereference issues in ice_ptp.c]
+CVE-2023-52471 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3027e7b15b02d2d37e3f82d6b8404f6d37e3b8cf (6.8-rc1)
-CVE-2023-52472 [crypto: rsa - add a check for allocation failure]
+CVE-2023-52472 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d872ca165cb67112f2841ef9c37d51ef7e63d1e4 (6.8-rc1)
-CVE-2023-52473 [thermal: core: Fix NULL pointer dereference in zone registration error path]
+CVE-2023-52473 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1787,7 +1799,7 @@ CVE-2023-52160 (The implementation of PEAP in wpa_supplicant through 2.10 allows
 	NOTE: https://lists.infradead.org/pipermail/hostap/2024-February/042362.html
 	NOTE: https://lists.infradead.org/pipermail/hostap/2024-February/042364.html
 CVE-2023-52161 (The Access Point functionality in eapol_auth_key_handle in eapol.c in  ...)
-	{DLA-3738-1}
+	{DSA-5631-1 DLA-3738-1}
 	- iwd 2.14-1 (bug #1064062)
 	NOTE: https://www.top10vpn.com/research/wifi-vulnerabilities/
 	NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca (2.14)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea924967a12d126288964c7ec664a0484ab0059d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea924967a12d126288964c7ec664a0484ab0059d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240225/45e34888/attachment.htm>

More information about the debian-security-tracker-commits mailing list