[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 27 20:12:22 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2d0d1f4a by security tracker role at 2024-02-27T20:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,211 @@
+CVE-2024-27508 (Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/cryp ...)
+ TODO: check
+CVE-2024-27507 (libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2l ...)
+ TODO: check
+CVE-2024-27099 (The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Ser ...)
+ TODO: check
+CVE-2024-26473 (A reflected cross-site scripting (XSS) vulnerability in SocialMediaWeb ...)
+ TODO: check
+CVE-2024-26472 (A reflected cross-site scripting (XSS) vulnerability in SocialMediaWeb ...)
+ TODO: check
+CVE-2024-26471 (A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBa ...)
+ TODO: check
+CVE-2024-26470 (A host header injection vulnerability in the forgot password function ...)
+ TODO: check
+CVE-2024-26464 (net-snmp 5.9.4 contains a memory leak vulnerability in /net-snmp/apps/ ...)
+ TODO: check
+CVE-2024-26143 (Rails is a web-application framework. There is a possible XSS vulnerab ...)
+ TODO: check
+CVE-2024-26142 (Rails is a web-application framework. Starting in version 7.1.0, there ...)
+ TODO: check
+CVE-2024-25846 (In the module "Product Catalog (CSV, Excel) Import" (simpleimportprodu ...)
+ TODO: check
+CVE-2024-25843 (In the module "Import/Update Bulk Product from any Csv/Excel File Pro" ...)
+ TODO: check
+CVE-2024-25841 (In the module "So Flexibilite" (soflexibilite) from Common-Services fo ...)
+ TODO: check
+CVE-2024-25840 (In the module "Account Manager | Sales Representative & Dealers | CRM" ...)
+ TODO: check
+CVE-2024-25723 (ZenML Server in the ZenML machine learning package before 0.46.7 for P ...)
+ TODO: check
+CVE-2024-25400 (Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.ph ...)
+ TODO: check
+CVE-2024-25399 (Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via admi ...)
+ TODO: check
+CVE-2024-25398 (In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted n ...)
+ TODO: check
+CVE-2024-24323 (SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a re ...)
+ TODO: check
+CVE-2024-22251 (VMware Workstation and Fusion contain an out-of-bounds read vulnerabil ...)
+ TODO: check
+CVE-2024-21742 (Improper input validation allows for header injection in MIME4J librar ...)
+ TODO: check
+CVE-2024-1928 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2024-1927 (A vulnerability classified as critical was found in SourceCodester Web ...)
+ TODO: check
+CVE-2024-1926 (A vulnerability was found in SourceCodester Free and Open Source Inven ...)
+ TODO: check
+CVE-2024-1925 (A vulnerability was found in Ctcms 2.1.2. It has been declared as crit ...)
+ TODO: check
+CVE-2024-1924 (A vulnerability was found in CodeAstro Membership Management System 1. ...)
+ TODO: check
+CVE-2024-1923 (A vulnerability was found in SourceCodester Simple Student Attendance ...)
+ TODO: check
+CVE-2024-1922 (A vulnerability has been found in SourceCodester Online Job Portal 1.0 ...)
+ TODO: check
+CVE-2024-1921 (A vulnerability, which was classified as critical, was found in osuuu ...)
+ TODO: check
+CVE-2024-1920 (A vulnerability, which was classified as critical, has been found in o ...)
+ TODO: check
+CVE-2024-1919 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2024-1918 (A vulnerability has been found in Beijing Baichuo Smart S42 Management ...)
+ TODO: check
+CVE-2024-1912 (The Categorify plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2024-1910 (The Categorify plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2024-1909 (The Categorify plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2024-1907 (The Categorify plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2024-1906 (The Categorify plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2024-1653 (The Categorify plugin for WordPress is vulnerable to unauthorized modi ...)
+ TODO: check
+CVE-2024-1652 (The Categorify plugin for WordPress is vulnerable to unauthorized modi ...)
+ TODO: check
+CVE-2024-1650 (The Categorify plugin for WordPress is vulnerable to unauthorized modi ...)
+ TODO: check
+CVE-2024-1649 (The Categorify plugin for WordPress is vulnerable to unauthorized modi ...)
+ TODO: check
+CVE-2024-1423
+ REJECTED
+CVE-2024-1403 (In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 1 ...)
+ TODO: check
+CVE-2024-1106 (The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise a ...)
+ TODO: check
+CVE-2024-0855 (The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the ev ...)
+ TODO: check
+CVE-2024-0819 (Improper initialization of default settings in TeamViewer Remote Clien ...)
+ TODO: check
+CVE-2024-0551 (Enable exports of the database and associated exported information of ...)
+ TODO: check
+CVE-2024-0197 (A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to ...)
+ TODO: check
+CVE-2023-7203 (The Smart Forms WordPress plugin before 2.6.87 does not have authorisa ...)
+ TODO: check
+CVE-2023-7202 (The Fatal Error Notify WordPress plugin before 1.5.3 does not have aut ...)
+ TODO: check
+CVE-2023-7198 (The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to ...)
+ TODO: check
+CVE-2023-7167 (The Persian Fonts WordPress plugin through 1.6 does not sanitise and e ...)
+ TODO: check
+CVE-2023-7165 (The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files ...)
+ TODO: check
+CVE-2023-7115 (The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not san ...)
+ TODO: check
+CVE-2023-7016 (A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Wi ...)
+ TODO: check
+CVE-2023-6585 (The WP JobSearch WordPress plugin before 2.3.4 does not validate files ...)
+ TODO: check
+CVE-2023-6584 (The WP JobSearch WordPress plugin before 2.3.4 does not prevent attack ...)
+ TODO: check
+CVE-2023-5993 (A flaw in the Windows Installer in Thales SafeNet Authentication Clien ...)
+ TODO: check
+CVE-2023-5947
+ REJECTED
+CVE-2023-50380 (XML External Entity injection in apache ambari versions <= 2.7.7,Users ...)
+ TODO: check
+CVE-2023-48682 (Stored cross-site scripting (XSS) vulnerability in unit name. The foll ...)
+ TODO: check
+CVE-2023-48681 (Self cross-site scripting (XSS) vulnerability in storage nodes search ...)
+ TODO: check
+CVE-2023-48680 (Sensitive information disclosure due to excessive collection of system ...)
+ TODO: check
+CVE-2023-48679 (Stored cross-site scripting (XSS) vulnerability due to missing origin ...)
+ TODO: check
+CVE-2023-48678 (Sensitive information disclosure due to insecure folder permissions. T ...)
+ TODO: check
+CVE-2021-46975 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2021-46974 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2021-46973 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2021-46972 (In the Linux kernel, the following vulnerability has been resolved: o ...)
+ TODO: check
+CVE-2021-46971 (In the Linux kernel, the following vulnerability has been resolved: p ...)
+ TODO: check
+CVE-2021-46970 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2021-46969 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2021-46968 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2021-46967 (In the Linux kernel, the following vulnerability has been resolved: v ...)
+ TODO: check
+CVE-2021-46966 (In the Linux kernel, the following vulnerability has been resolved: A ...)
+ TODO: check
+CVE-2021-46965 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2021-46964 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2021-46963 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2021-46962 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2021-46961 (In the Linux kernel, the following vulnerability has been resolved: i ...)
+ TODO: check
+CVE-2021-46960 (In the Linux kernel, the following vulnerability has been resolved: c ...)
+ TODO: check
+CVE-2021-46958 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2021-46957 (In the Linux kernel, the following vulnerability has been resolved: r ...)
+ TODO: check
+CVE-2021-46956 (In the Linux kernel, the following vulnerability has been resolved: v ...)
+ TODO: check
+CVE-2021-46955 (In the Linux kernel, the following vulnerability has been resolved: o ...)
+ TODO: check
+CVE-2021-46954 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2021-46953 (In the Linux kernel, the following vulnerability has been resolved: A ...)
+ TODO: check
+CVE-2021-46952 (In the Linux kernel, the following vulnerability has been resolved: N ...)
+ TODO: check
+CVE-2021-46951 (In the Linux kernel, the following vulnerability has been resolved: t ...)
+ TODO: check
+CVE-2021-46950 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2021-46949 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2021-46948 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2021-46947 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2021-46946 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2021-46945 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2021-46944 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2021-46943 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2021-46942 (In the Linux kernel, the following vulnerability has been resolved: i ...)
+ TODO: check
+CVE-2021-46941 (In the Linux kernel, the following vulnerability has been resolved: u ...)
+ TODO: check
+CVE-2021-46940 (In the Linux kernel, the following vulnerability has been resolved: t ...)
+ TODO: check
+CVE-2021-46939 (In the Linux kernel, the following vulnerability has been resolved: t ...)
+ TODO: check
+CVE-2021-46938 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2020-36777 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2020-36776 (In the Linux kernel, the following vulnerability has been resolved: t ...)
+ TODO: check
CVE-2024-27354
- phpseclib 1.0.23-1
- php-phpseclib 2.0.47-1
@@ -8,11 +216,11 @@ CVE-2024-27355
- php-phpseclib 2.0.47-1
- php-phpseclib3 3.0.36-1
NOTE: https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
-CVE-2023-50379
+CVE-2023-50379 (Malicious code injection in Apache Ambari in prior to 2.7.8.Users are ...)
NOT-FOR-US: Apache Ambari
-CVE-2023-51747
+CVE-2023-51747 (Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP s ...)
NOT-FOR-US: Apache James
-CVE-2024-27905
+CVE-2024-27905 (** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to a ...)
NOT-FOR-US: Apache Aurora
CVE-2024-27356 (An issue was discovered on certain GL-iNet devices. Attackers can down ...)
NOT-FOR-US: GL-iNet devices
@@ -66,145 +274,145 @@ CVE-2023-41506 (An arbitrary file upload vulnerability in the Update/Edit Studen
NOT-FOR-US: Update/Edit Student's Profile Picture function of Student Enrollment In PHP
CVE-2023-36237 (Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 all ...)
NOT-FOR-US: Bagisto
-CVE-2021-46937 [mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()']
+CVE-2021-46937 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ebb3f994dd92f8fb4d70c7541091216c1e10cb71 (5.16-rc8)
-CVE-2021-46936 [net: fix use-after-free in tw_timer_handler]
+CVE-2021-46936 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0 (5.16-rc8)
-CVE-2021-46935 [binder: fix async_free_space accounting for empty parcels]
+CVE-2021-46935 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/cfd0d84ba28c18b531648c9d4a35ecca89ad9901 (5.16-rc8)
-CVE-2021-46934 [i2c: validate user data in compat ioctl]
+CVE-2021-46934 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/bb436283e25aaf1533ce061605d23a9564447bdf (5.16-rc8)
-CVE-2021-46933 [usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.]
+CVE-2021-46933 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/b1e0887379422975f237d43d8839b751a6bcf154 (5.16-rc8)
-CVE-2021-46932 [Input: appletouch - initialize work before device registration]
+CVE-2021-46932 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0 (5.16-rc8)
-CVE-2021-46931 [net/mlx5e: Wrap the tx reporter dump callback to extract the sq]
+CVE-2021-46931 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/918fc3855a6507a200e9cf22c20be852c0982687 (5.16-rc8)
-CVE-2021-46930 [usb: mtu3: fix list_head check warning]
+CVE-2021-46930 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf (5.16-rc8)
-CVE-2021-46929 [sctp: use call_rcu to free endpoint]
+CVE-2021-46929 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/5ec7d18d1813a5bead0b495045606c93873aecbb (5.16-rc8)
-CVE-2021-46928 [parisc: Clear stale IIR value on instruction access rights trap]
+CVE-2021-46928 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
NOTE: https://git.kernel.org/linus/484730e5862f6b872dca13840bed40fd7c60fa26 (5.16-rc7)
-CVE-2021-46927 [nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert]
+CVE-2021-46927 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3a0152b219523227c2a62a0a122cf99608287176 (5.16-rc8)
-CVE-2021-46926 [ALSA: hda: intel-sdw-acpi: harden detection of controller]
+CVE-2021-46926 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 5.15.15-1
NOTE: https://git.kernel.org/linus/385f287f9853da402d94278e59f594501c1d1dad (5.16-rc7)
-CVE-2021-46925 [net/smc: fix kernel panic caused by race of smc_sock]
+CVE-2021-46925 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
NOTE: https://git.kernel.org/linus/349d43127dac00c15231e8ffbcaabd70f7b0e544 (5.16-rc8)
-CVE-2021-46924 [NFC: st21nfca: Fix memory leak in device probe and remove]
+CVE-2021-46924 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/1b9dadba502234eea7244879b8d5d126bfaf9f0c (5.16-rc8)
-CVE-2021-46923 [fs/mount_setattr: always cleanup mount_kattr]
+CVE-2021-46923 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/012e332286e2bb9f6ac77d195f17e74b2963d663 (5.16-rc8)
-CVE-2021-46922 [KEYS: trusted: Fix TPM reservation for seal/unseal]
+CVE-2021-46922 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9d5171eab462a63e2fbebfccf6026e92be018f20 (5.12)
-CVE-2021-46921 [locking/qrwlock: Fix ordering in queued_write_lock_slowpath()]
+CVE-2021-46921 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 5.10.38-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896 (5.12)
-CVE-2021-46920 [dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback]
+CVE-2021-46920 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ea941ac294d75d0ace50797aebf0056f6f8f7a7f (5.12-rc8)
-CVE-2021-46919 [dmaengine: idxd: fix wq size store permission state]
+CVE-2021-46919 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0fff71c5a311e1264988179f7dcc217fda15fadd (5.12-rc8)
-CVE-2021-46918 [dmaengine: idxd: clear MSIX permission entry on shutdown]
+CVE-2021-46918 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6df0e6c57dfc064af330071f372f11aa8c584997 (5.12-rc8)
-CVE-2021-46917 [dmaengine: idxd: fix wq cleanup of WQCFG registers]
+CVE-2021-46917 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ea9aadc06a9f10ad20a90edc0a484f1147d88a7a (5.12-rc8)
-CVE-2021-46916 [ixgbe: Fix NULL pointer dereference in ethtool loopback test]
+CVE-2021-46916 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.14.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/31166efb1cee348eb6314e9c0095d84cbeb66b9d (5.12-rc8)
-CVE-2021-46914 [ixgbe: fix unbalanced device enable/disable in suspend/resume]
+CVE-2021-46914 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/debb9df311582c83fe369baa35fa4b92e8a9c58a (5.12-rc8)
-CVE-2021-46915 [netfilter: nft_limit: avoid possible divide error in nft_limit_init]
+CVE-2021-46915 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.10.38-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/b895bdf5d643b6feb7c60856326dd4feb6981560 (5.12-rc8)
-CVE-2021-46913 [netfilter: nftables: clone set element expression template]
+CVE-2021-46913 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4d8f9065830e526c83199186c5f56a6514f457d2 (5.12-rc8)
-CVE-2021-46912 [net: Make tcp_allowed_congestion_control readonly in non-init netns]
+CVE-2021-46912 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/97684f0970f6e112926de631fdd98d9693c7e5c1 (5.12-rc8)
-CVE-2021-46911 [ch_ktls: Fix kernel panic]
+CVE-2021-46911 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1a73e427b824133940c2dd95ebe26b6dce1cbf10 (5.12-rc8)
-CVE-2021-46910 [ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled]
+CVE-2021-46910 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 5.14.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d624833f5984d484c5e3196f34b926f9e71dafee (5.12-rc8)
-CVE-2021-46909 [ARM: footbridge: fix PCI interrupt mapping]
+CVE-2021-46909 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 5.10.38-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/30e3b4f256b4e366a61658c294f6a21b8626dda7 (5.12-rc8)
-CVE-2021-46908 [bpf: Use correct permission flag for mixed signed bounds arithmetic]
+CVE-2021-46908 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9601148392520e2e134936e76788fc2a6371e7be (5.12-rc8)
-CVE-2021-46907 [KVM: VMX: Don't use vcpu->run->internal.ndata as an array index]
+CVE-2021-46907 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a (5.12-rc8)
-CVE-2024-26144 [Possible Sensitive Session Information Leak in Active Storage]
+CVE-2024-26144 (Rails is a web-application framework. Starting with version 5.2.0, the ...)
- rails <unfixed>
NOTE: https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
CVE-2024-27092 (Hoppscotch is an API development ecosystem. Due to lack of validation ...)
@@ -261,7 +469,8 @@ CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq
CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c ...)
- opennds <unfixed>
NOTE: https://github.com/LuMingYinDetect/openNDS_defects/blob/main/openNDS_detect_1.md
-CVE-2024-25760 (yasm 1.3.0 contains a memory leak via /yasm/tools/genmacro/genmacro.c.)
+CVE-2024-25760
+ REJECTED
- yasm <unfixed> (unimportant)
NOTE: Memory leak in CLI tool, no security impact
NOTE: https://github.com/LuMingYinDetect/yasm_defects/blob/main/yasm_detect_2.md
@@ -366,7 +575,7 @@ CVE-2023-49959 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injec
NOT-FOR-US: Indo-Sol PROFINET-INspektor NT
CVE-2023-49114 (A DLL hijacking vulnerability was identified in the Qognify VMS Client ...)
NOT-FOR-US: Qognify VMS Client Viewer
-CVE-2023-51518
+CVE-2023-51518 (Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint o ...)
NOT-FOR-US: Apache James
CVE-2023-52474 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 6.3.7-1
@@ -1062,7 +1271,7 @@ CVE-2024-26147 (Helm is a package manager for Charts for Kubernetes. Versions pr
- helm-kubernetes <itp> (bug #910799)
CVE-2024-1726
NOT-FOR-US: Quarkus
-CVE-2024-1722
+CVE-2024-1722 (A flaw was found in Keycloak. In certain conditions, this issue may al ...)
NOT-FOR-US: Keycloak
CVE-2023-6787
NOT-FOR-US: Keycloak
@@ -2220,6 +2429,7 @@ CVE-2023-45860 (In Hazelcast Platform through 5.3.4, a security issue exists wit
CVE-2023-40085 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...)
NOT-FOR-US: Android
CVE-2023-52160 (The implementation of PEAP in wpa_supplicant through 2.10 allows authe ...)
+ {DLA-3743-1}
- wpa <unfixed> (bug #1064061)
NOTE: https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c
NOTE: https://www.top10vpn.com/research/wifi-vulnerabilities/
@@ -4383,7 +4593,7 @@ CVE-2024-1271 [privileges escalation from root to domain admin]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262978
TODO: only little information in RHBZ#2262978
CVE-2024-24577 (libgit2 is a portable C implementation of the Git core methods provide ...)
- {DSA-5619-1}
+ {DSA-5619-1 DLA-3742-1}
- libgit2 1.7.2+ds-1 (bug #1063416)
NOTE: https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8
NOTE: Fixed by: https://github.com/libgit2/libgit2/commit/eb4c1716cd92bf56f2770653a915d5fc01eab8f3 (v1.6.5)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d0d1f4acdcd3d0f41cf730833ecaaec3d811a7f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d0d1f4acdcd3d0f41cf730833ecaaec3d811a7f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240227/f5370180/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list