[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 29 20:12:07 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
578b38f0 by security tracker role at 2024-02-29T20:11:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,136 +1,198 @@
-CVE-2024-26620 [s390/vfio-ap: always filter entire AP matrix]
+CVE-2024-2009 (A vulnerability was found in Nway Pro 9. It has been rated as problema ...)
+	TODO: check
+CVE-2024-2007 (A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declare ...)
+	TODO: check
+CVE-2024-2001 (A Cross-Site Scripting vulnerability in Cockpit CMS affecting version  ...)
+	TODO: check
+CVE-2024-27906 (Apache Airflow, versions before 2.8.2, has a vulnerability that allows ...)
+	TODO: check
+CVE-2024-27662 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer d ...)
+	TODO: check
+CVE-2024-27661 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer der ...)
+	TODO: check
+CVE-2024-27660 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer d ...)
+	TODO: check
+CVE-2024-27659 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer der ...)
+	TODO: check
+CVE-2024-27658 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer der ...)
+	TODO: check
+CVE-2024-27657 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+	TODO: check
+CVE-2024-27656 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+	TODO: check
+CVE-2024-27655 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+	TODO: check
+CVE-2024-27094 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
+	TODO: check
+CVE-2024-26548 (An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remot ...)
+	TODO: check
+CVE-2024-25811 (An access control issue in Dreamer CMS v4.0.1 allows attackers to down ...)
+	TODO: check
+CVE-2024-25180 (An issue discovered in pdfmake 0.2.9 allows remote attackers to run ar ...)
+	TODO: check
+CVE-2024-24818 (EspoCRM is an Open Source Customer Relationship Management software. A ...)
+	TODO: check
+CVE-2024-24246 (Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to  ...)
+	TODO: check
+CVE-2024-24110 (SQL Injection vulnerability in crmeb_java before v1.3.4 allows attacke ...)
+	TODO: check
+CVE-2024-20765 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-1953 (Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and ...)
+	TODO: check
+CVE-2024-1952 (Mattermost version 8.1.x before 8.1.9 fails to sanitize data associate ...)
+	TODO: check
+CVE-2024-1949 (A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x  ...)
+	TODO: check
+CVE-2024-1942 (Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0  ...)
+	TODO: check
+CVE-2024-1908 (An Improper Privilege Management vulnerabilitywas identified in GitHub ...)
+	TODO: check
+CVE-2024-1888 (Mattermost fails to check the"invite_guest" permission when invitinggu ...)
+	TODO: check
+CVE-2024-1619 (Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for ...)
+	TODO: check
+CVE-2024-1595 (Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82   insecurely lo ...)
+	TODO: check
+CVE-2024-0864 (Enabling Simple Ajax Uploader plugin included in Laragon open-source s ...)
+	TODO: check
+CVE-2024-0068 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
+	TODO: check
+CVE-2023-6132 (The vulnerability, if exploited, could allow a malicious entity with a ...)
+	TODO: check
+CVE-2024-26620 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/850fb7fa8c684a4c6bf0e4b6978f4ddcc5d43d11 (6.8-rc1)
-CVE-2024-26619 [riscv: Fix module loading free order]
+CVE-2024-26619 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/78996eee79ebdfe8b6f0e54cb6dcc792d5129291 (6.8-rc1)
-CVE-2024-26618 [arm64/sme: Always exit sme_alloc() early with existing storage]
+CVE-2024-26618 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 6.6.15-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9 (6.8-rc1)
-CVE-2024-26617 [fs/proc/task_mmu: move mmu notification mechanism inside mm lock]
+CVE-2024-26617 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/4cccb6221cae6d020270606b9e52b1678fc8b71a (6.8-rc1)
-CVE-2024-26616 [btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned]
+CVE-2024-26616 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/f546c4282673497a06ecb6190b50ae7f6c85b02f (6.8-rc2)
-CVE-2024-26615 [net/smc: fix illegal rmb_desc access in SMC-D connection dump]
+CVE-2024-26615 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	NOTE: https://git.kernel.org/linus/dbc153fd3c142909e564bb256da087e13fbf239c (6.8-rc2)
-CVE-2024-26614 [tcp: make sure init the accept_queue's spinlocks once]
+CVE-2024-26614 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	NOTE: https://git.kernel.org/linus/198bc90e0e734e5f98c3d2833e8390cac3df61b2 (6.8-rc2)
-CVE-2024-26613 [net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv]
+CVE-2024-26613 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	NOTE: https://git.kernel.org/linus/13e788deb7348cc88df34bed736c3b3b9927ea52 (6.8-rc2)
-CVE-2024-26612 [netfs, fscache: Prevent Oops in fscache_put_cache()]
+CVE-2024-26612 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68 (6.8-rc2)
-CVE-2024-26611 [xsk: fix usage of multi-buffer BPF helpers for ZC XDP]
+CVE-2024-26611 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c5114710c8ce86b8317e9b448f4fd15c711c2a82 (6.8-rc2)
-CVE-2024-26610 [wifi: iwlwifi: fix a memory corruption]
+CVE-2024-26610 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d (6.8-rc2)
-CVE-2024-26609 [netfilter: nf_tables: reject QUEUE/DROP verdict parameters]
+CVE-2024-26609 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	NOTE: https://git.kernel.org/linus/f342de4e2f33e0e39165d8639387aa6c19dff660 (6.8-rc2)
-CVE-2024-26608 [ksmbd: fix global oob in ksmbd_nl_policy]
+CVE-2024-26608 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/ebeae8adf89d9a82359f6659b1663d09beec2faa (6.8-rc2)
-CVE-2024-26607 [drm/bridge: sii902x: Fix probing race issue]
+CVE-2024-26607 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/08ac6f132dd77e40f786d8af51140c96c6d739c9 (6.8-rc2)
-CVE-2023-52498 [PM: sleep: Fix possible deadlocks in core system-wide PM code]
+CVE-2023-52498 (In the Linux kernel, the following vulnerability has been resolved:  P ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	NOTE: https://git.kernel.org/linus/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557 (6.8-rc1)
-CVE-2023-52497 [erofs: fix lz4 inplace decompression]
+CVE-2023-52497 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3c12466b6b7bf1e56f9b32c366a3d83d87afb4de (6.8-rc1)
-CVE-2023-52496 [mtd: maps: vmu-flash: Fix the (mtd core) switch to ref counters]
+CVE-2023-52496 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a7d84a2e7663bbe12394cc771107e04668ea313a (6.8-rc1)
-CVE-2023-52495 [soc: qcom: pmic_glink_altmode: fix port sanity check]
+CVE-2023-52495 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0 (6.8-rc1)
-CVE-2023-52494 [bus: mhi: host: Add alignment check for event ring read pointer]
+CVE-2023-52494 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/eff9704f5332a13b08fbdbe0f84059c9e7051d5f (6.8-rc1)
-CVE-2023-52493 [bus: mhi: host: Drop chan lock before queuing buffers]
+CVE-2023-52493 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/01bd694ac2f682fb8017e16148b928482bc8fa4b (6.8-rc1)
-CVE-2023-52492 [dmaengine: fix NULL pointer in channel unregistration function]
+CVE-2023-52492 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/f5c24d94512f1b288262beda4d3dcb9629222fc7 (6.8-rc1)
-CVE-2023-52491 [media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run]
+CVE-2023-52491 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	NOTE: https://git.kernel.org/linus/206c857dd17d4d026de85866f1b5f0969f2a109e (6.8-rc1)
-CVE-2023-52490 [mm: migrate: fix getting incorrect page mapping during page migration]
+CVE-2023-52490 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d1adb25df7111de83b64655a80b5a135adbded61 (6.8-rc1)
-CVE-2023-52489 [mm/sparsemem: fix race in accessing memory_section->usage]
+CVE-2023-52489 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/5ec8e8ea8b7783fab150cf86404fc38cb4db8800 (6.8-rc1)
-CVE-2023-52488 [serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO]
+CVE-2023-52488 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	NOTE: https://git.kernel.org/linus/dbf4ab821804df071c8b566d9813083125e6d97b (6.8-rc1)
-CVE-2023-52487 [net/mlx5e: Fix peer flow lists handling]
+CVE-2023-52487 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d76fdd31f953ac5046555171620f2562715e9b71 (6.8-rc2)
-CVE-2023-52486 [drm: Don't unref the same fb many times by mistake due to deadlock handling]
+CVE-2023-52486 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.6.15-1
 	[bookworm] - linux 6.1.76-1
 	NOTE: https://git.kernel.org/linus/cb4daf271302d71a6b9a7c01bd0b6d76febd8f0c (6.8-rc1)
-CVE-2023-52485 [drm/amd/display: Wake DMCUB before sending a command]
+CVE-2023-52485 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/8892780834ae294bc3697c7d0e056d7743900b39 (6.8-rc1)
 CVE-2024-0074
@@ -4384,7 +4446,7 @@ CVE-2024-1309 (Uncontrolled Resource Consumption vulnerability in Honeywell Niag
 	NOT-FOR-US: Honeywell
 CVE-2024-1216 (Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerabi ...)
 	NOT-FOR-US: Twister Antivirus
-CVE-2024-1163 (Path Traversal in GitHub repository mbloch/mapshaper prior to 0.6.44.)
+CVE-2024-1163 (Uncontrolled Resource Consumption in GitHub repository mbloch/mapshape ...)
 	NOT-FOR-US: mapshaper
 CVE-2024-1160 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
 	NOT-FOR-US: WordPress plugin
@@ -6506,7 +6568,7 @@ CVE-2024-22779 (Directory Traversal vulnerability in Kihron ServerRPExposer v.1.
 	NOT-FOR-US: Kihron ServerRPExposer
 CVE-2024-22533 (Before Beetl v3.15.12, the rendering template has a server-side templa ...)
 	NOT-FOR-US: Beetl
-CVE-2024-22320 (IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11. ...)
+CVE-2024-22320 (IBM Operational Decision Manager 8.10.3 could allow a remote authentic ...)
 	NOT-FOR-US: IBM
 CVE-2024-22319 (IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11. ...)
 	NOT-FOR-US: IBM
@@ -194313,7 +194375,7 @@ CVE-2021-33573
 CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...)
 	NOT-FOR-US: F-Secure
 CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4,  ...)
-	{DLA-2676-1}
+	{DLA-3744-1 DLA-2676-1}
 	- python-django 2:2.2.24-1 (bug #989394)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
 	NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main)
@@ -195262,7 +195324,7 @@ CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.
 	[stretch] - pg-partman <no-dsa> (Minor issue)
 	NOTE: https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3
 CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a  ...)
-	{DLA-2676-1}
+	{DLA-3744-1 DLA-2676-1}
 	- python-django 2:2.2.24-1 (bug #989394)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
 	NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main)
@@ -199821,7 +199883,7 @@ CVE-2021-31544
 CVE-2021-31543
 	RESERVED
 CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...)
-	{DLA-2651-1}
+	{DLA-3744-1 DLA-2651-1}
 	- python-django 2:2.2.21-1 (bug #988053)
 	NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/
 	NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main)
@@ -207549,7 +207611,7 @@ CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.
 CVE-2021-28659
 	RESERVED
 CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,  ...)
-	{DLA-2622-1}
+	{DLA-3744-1 DLA-2622-1}
 	- python-django 2:2.2.20-1 (bug #986447)
 	NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
 	NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/578b38f00c55f3f4a2d2fc55a68e6337be537488

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/578b38f00c55f3f4a2d2fc55a68e6337be537488
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240229/2345bb2a/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list