[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 12 21:12:46 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
39dbeee4 by security tracker role at 2024-07-12T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,454 +1,570 @@
-CVE-2024-41006 [netrom: Fix a memory leak in nr_heartbeat_expiry()]
+CVE-2024-6495 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-6353 (The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL I ...)
+ TODO: check
+CVE-2024-6328 (The MStore API \u2013 Create Native Android & iOS Apps On The Cloud pl ...)
+ TODO: check
+CVE-2024-5325 (The Form Vibes plugin for WordPress is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2024-40690 (IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This ...)
+ TODO: check
+CVE-2024-40552 (PublicCMS v4.0.202302.e was discovered to contain a remote commande ex ...)
+ TODO: check
+CVE-2024-40551 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...)
+ TODO: check
+CVE-2024-40550 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...)
+ TODO: check
+CVE-2024-40549 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...)
+ TODO: check
+CVE-2024-40548 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...)
+ TODO: check
+CVE-2024-40547 (PublicCMS v4.0.202302.e was discovered to contain an arbitrary file co ...)
+ TODO: check
+CVE-2024-40546 (An arbitrary file upload vulnerability in the component /admin/cmsWebF ...)
+ TODO: check
+CVE-2024-40545 (An arbitrary file upload vulnerability in the component /admin/cmsWebF ...)
+ TODO: check
+CVE-2024-40544 (PublicCMS v4.0.202302.e was discovered to contain a Server-Side Reques ...)
+ TODO: check
+CVE-2024-40543 (PublicCMS v4.0.202302.e was discovered to contain a Server-Side Reques ...)
+ TODO: check
+CVE-2024-40542 (my-springsecurity-plus before v2024.07.03 was discovered to contain a ...)
+ TODO: check
+CVE-2024-40541 (my-springsecurity-plus before v2024.07.03 was discovered to contain a ...)
+ TODO: check
+CVE-2024-40540 (my-springsecurity-plus before v2024.07.03 was discovered to contain a ...)
+ TODO: check
+CVE-2024-40539 (my-springsecurity-plus before v2024.07.03 was discovered to contain a ...)
+ TODO: check
+CVE-2024-40522 (There is a remote code execution vulnerability in SeaCMS 12.9. The vul ...)
+ TODO: check
+CVE-2024-40521 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...)
+ TODO: check
+CVE-2024-40520 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...)
+ TODO: check
+CVE-2024-40519 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...)
+ TODO: check
+CVE-2024-40518 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...)
+ TODO: check
+CVE-2024-40110 (Sourcecodester Poultry Farm Management System v1.0 contains an Unauthe ...)
+ TODO: check
+CVE-2024-39917 (xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have ...)
+ TODO: check
+CVE-2024-39916 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
+ TODO: check
+CVE-2024-39914 (FOG is a cloning/imaging/rescue suite/inventory management system. Pri ...)
+ TODO: check
+CVE-2024-39909 (KubeClarity is a tool for detection and management of Software Bill Of ...)
+ TODO: check
+CVE-2024-39903 (Solara is a pure Python, React-style framework for scaling Jupyter and ...)
+ TODO: check
+CVE-2024-39340 (Securepoint UTM before 12.6.5 mishandles OTP codes.)
+ TODO: check
+CVE-2024-38736 (Unrestricted Upload of File with Dangerous Type vulnerability in Realt ...)
+ TODO: check
+CVE-2024-38735 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-38734 (Unrestricted Upload of File with Dangerous Type vulnerability in Sprea ...)
+ TODO: check
+CVE-2024-38717 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-38716 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-38715 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-38709 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-38706 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-38704 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-38700 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
+ TODO: check
+CVE-2024-37941 (Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juice ...)
+ TODO: check
+CVE-2024-37940 (Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutio ...)
+ TODO: check
+CVE-2024-37939 (Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia ...)
+ TODO: check
+CVE-2024-37938 (Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Sociall ...)
+ TODO: check
+CVE-2024-37933 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-37932 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37928 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37927 (Improper Privilege Management vulnerability in NooTheme Jobmonster all ...)
+ TODO: check
+CVE-2024-37564 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-37560 (Improper Privilege Management vulnerability in IqbalRony WP User Switc ...)
+ TODO: check
+CVE-2024-37544 (Missing Authorization vulnerability in Tobias Conrad Get Better Review ...)
+ TODO: check
+CVE-2024-37405 (Livechat messages can be leaked by combining two NoSQL injections affe ...)
+ TODO: check
+CVE-2024-37213 (Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Team Ali2Wo ...)
+ TODO: check
+CVE-2024-37202 (Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom ...)
+ TODO: check
+CVE-2024-36522 (The default configuration of XSLTResourceStream.java is vulnerable to ...)
+ TODO: check
+CVE-2024-35773 (Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT ...)
+ TODO: check
+CVE-2023-41093 (Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ...)
+ TODO: check
+CVE-2024-41006 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/0b9130247f3b6a1122478471ff0e014ea96bb735 (6.10-rc5)
-CVE-2024-41005 [netpoll: Fix race condition in netpoll_owner_active]
+CVE-2024-41005 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/c2e6a872bde9912f1a7579639c5ca3adf1003916 (6.10-rc1)
-CVE-2024-41004 [tracing: Build event generation tests only as modules]
+CVE-2024-41004 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/3572bd5689b0812b161b40279e39ca5b66d73e88 (6.10-rc5)
-CVE-2024-41003 [bpf: Fix reg_set_min_max corruption of fake_reg]
+CVE-2024-41003 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/92424801261d1564a0bb759da3cf3ccd69fdf5a2 (6.10-rc5)
-CVE-2024-41002 [crypto: hisilicon/sec - Fix memory leak for sec resource release]
+CVE-2024-41002 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/bba4250757b4ae1680fea435a358d8093f254094 (6.10-rc1)
-CVE-2024-41001 [io_uring/sqpoll: work around a potential audit memory leak]
+CVE-2024-41001 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae (6.10-rc1)
-CVE-2024-41000 [block/ioctl: prefer different overflow check]
+CVE-2024-41000 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9 (6.10-rc1)
-CVE-2024-40999 [net: ena: Add validation for completion descriptors consistency]
+CVE-2024-40999 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7 (6.10-rc1)
-CVE-2024-40998 [ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()]
+CVE-2024-40998 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c (6.10-rc1)
-CVE-2024-40997 [cpufreq: amd-pstate: fix memory leak on CPU EPP exit]
+CVE-2024-40997 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/cea04f3d9aeebda9d9c063c0dfa71e739c322c81 (6.10-rc1)
-CVE-2024-40996 [bpf: Avoid splat in pskb_pull_reason]
+CVE-2024-40996 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2bbe3e5a2f4ef69d13be54f1cf895b4658287080 (6.10-rc5)
-CVE-2024-40995 [net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()]
+CVE-2024-40995 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/d864319871b05fadd153e0aede4811ca7008f5d6 (6.10-rc5)
-CVE-2024-40994 [ptp: fix integer overflow in max_vclocks_store]
+CVE-2024-40994 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/81d23d2a24012e448f651e007fac2cfd20a45ce0 (6.10-rc5)
-CVE-2024-40993 [netfilter: ipset: Fix suspicious rcu_dereference_protected()]
+CVE-2024-40993 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/8ecd06277a7664f4ef018abae3abd3451d64e7a6 (6.10-rc5)
-CVE-2024-40992 [RDMA/rxe: Fix responder length checking for UD request packets]
+CVE-2024-40992 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f67ac0061c7614c1548963d3ef1ee1606efd8636 (6.10-rc5)
-CVE-2024-40991 [dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id()]
+CVE-2024-40991 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ba27e9d2207784da748b19170a2e56bd7770bd81 (6.10-rc5)
-CVE-2024-40990 [RDMA/mlx5: Add check for srq max_sge attribute]
+CVE-2024-40990 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/36ab7ada64caf08f10ee5a114d39964d1f91e81d (6.10-rc5)
-CVE-2024-40989 [KVM: arm64: Disassociate vcpus from redistributor region on teardown]
+CVE-2024-40989 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8 (6.10-rc5)
-CVE-2024-40988 [drm/radeon: fix UBSAN warning in kv_dpm.c]
+CVE-2024-40988 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/a498df5421fd737d11bfd152428ba6b1c8538321 (6.10-rc5)
-CVE-2024-40987 [drm/amdgpu: fix UBSAN warning in kv_dpm.c]
+CVE-2024-40987 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/f0d576f840153392d04b2d52cf3adab8f62e8cb6 (6.10-rc5)
-CVE-2024-40986 [dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr()]
+CVE-2024-40986 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/462237d2d93fc9e9221d1cf9f773954d27da83c0 (6.10-rc5)
-CVE-2024-40985 [net/tcp_ao: Don't leak ao_info on error-path]
+CVE-2024-40985 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f9ae848904289ddb16c7c9e4553ed4c64300de49 (6.10-rc5)
-CVE-2024-40984 [ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."]
+CVE-2024-40984 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/a83e1385b780d41307433ddbc86e3c528db031f0 (6.10-rc5)
-CVE-2024-40983 [tipc: force a dst refcount before doing decryption]
+CVE-2024-40983 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269 (6.10-rc5)
-CVE-2024-40982 [ssb: Fix potential NULL pointer dereference in ssb_device_uevent()]
+CVE-2024-40982 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/789c17185fb0f39560496c2beab9b57ce1d0cbe7 (6.10-rc1)
-CVE-2024-40981 [batman-adv: bypass empty buckets in batadv_purge_orig_ref()]
+CVE-2024-40981 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/40dc8ab605894acae1473e434944924a22cfaaa0 (6.10-rc1)
-CVE-2024-40980 [drop_monitor: replace spin_lock by raw_spin_lock]
+CVE-2024-40980 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/f1e197a665c2148ebc25fe09c53689e60afea195 (6.10-rc1)
-CVE-2024-40979 [wifi: ath12k: fix kernel crash during resume]
+CVE-2024-40979 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/303c017821d88ebad887814114d4e5966d320b28 (6.10-rc1)
-CVE-2024-40978 [scsi: qedi: Fix crash while reading debugfs attribute]
+CVE-2024-40978 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/28027ec8e32ecbadcd67623edb290dad61e735b5 (6.10-rc1)
-CVE-2024-40977 [wifi: mt76: mt7921s: fix potential hung tasks during chip recovery]
+CVE-2024-40977 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/ecf0b2b8a37c8464186620bef37812a117ff6366 (6.10-rc1)
-CVE-2024-40976 [drm/lima: mask irqs in timeout path before hard reset]
+CVE-2024-40976 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/a421cc7a6a001b70415aa4f66024fa6178885a14 (6.10-rc1)
-CVE-2024-40975 [platform/x86: x86-android-tablets: Unregister devices in reverse order]
+CVE-2024-40975 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/3de0f2627ef849735f155c1818247f58404dddfe (6.10-rc1)
-CVE-2024-40974 [powerpc/pseries: Enforce hcall result buffer validity and size]
+CVE-2024-40974 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/ff2e185cf73df480ec69675936c4ee75a445c3e4 (6.10-rc1)
-CVE-2024-40973 [media: mtk-vcodec: potential null pointer deference in SCP]
+CVE-2024-40973 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/53dbe08504442dc7ba4865c09b3bbf5fe849681b (6.10-rc1)
-CVE-2024-40972 [ext4: do not create EA inode under buffer lock]
+CVE-2024-40972 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/0a46ef234756dca04623b7591e8ebb3440622f0b (6.10-rc1)
-CVE-2024-40971 [f2fs: remove clear SB_INLINECRYPT flag in default_options]
+CVE-2024-40971 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/ac5eecf481c29942eb9a862e758c0c8b68090c33 (6.10-rc1)
-CVE-2024-40970 [Avoid hw_desc array overrun in dw-axi-dmac]
+CVE-2024-40970 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/333e11bf47fa8d477db90e2900b1ed3c9ae9b697 (6.10-rc1)
-CVE-2024-40969 [f2fs: don't set RO when shutting down f2fs]
+CVE-2024-40969 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/3bdb7f161697e2d5123b89fe1778ef17a44858e7 (6.10-rc1)
-CVE-2024-40968 [MIPS: Octeon: Add PCIe link status check]
+CVE-2024-40968 (In the Linux kernel, the following vulnerability has been resolved: M ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/29b83a64df3b42c88c0338696feb6fdcd7f1f3b7 (6.10-rc1)
-CVE-2024-40967 [serial: imx: Introduce timeout when waiting on transmitter empty]
+CVE-2024-40967 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2 (6.10-rc1)
-CVE-2024-40966 [tty: add the option to have a tty reject a new ldisc]
+CVE-2024-40966 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b (6.10-rc1)
-CVE-2024-40965 [i2c: lpi2c: Avoid calling clk_get_rate during transfer]
+CVE-2024-40965 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/4268254a39484fc11ba991ae148bacbe75d9cc0a (6.10-rc1)
-CVE-2024-40964 [ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()]
+CVE-2024-40964 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6386682cdc8b41319c92fbbe421953e33a28840c (6.10-rc5)
-CVE-2024-40963 [mips: bmips: BCM6358: make sure CBR is correctly set]
+CVE-2024-40963 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/ce5cdd3b05216b704a704f466fb4c2dff3778caf (6.10-rc5)
-CVE-2024-40962 [btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes]
+CVE-2024-40962 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cebae292e0c32a228e8f2219c270a7237be24a6a (6.10-rc5)
-CVE-2024-40961 [ipv6: prevent possible NULL deref in fib6_nh_init()]
+CVE-2024-40961 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/2eab4543a2204092c3a7af81d7d6c506e59a03a6 (6.10-rc5)
-CVE-2024-40960 [ipv6: prevent possible NULL dereference in rt6_probe()]
+CVE-2024-40960 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/b86762dbe19a62e785c189f313cda5b989931f37 (6.10-rc5)
-CVE-2024-40959 [xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()]
+CVE-2024-40959 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/d46401052c2d5614da8efea5788532f0401cb164 (6.10-rc5)
-CVE-2024-40958 [netns: Make get_net_ns() handle zero refcount net]
+CVE-2024-40958 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/ff960f9d3edbe08a736b5a224d91a305ccc946b0 (6.10-rc5)
-CVE-2024-40957 [seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors]
+CVE-2024-40957 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9a3bc8d16e0aacd65c31aaf23a2bced3288a7779 (6.10-rc5)
-CVE-2024-40956 [dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list]
+CVE-2024-40956 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e3215deca4520773cd2b155bed164c12365149a7 (6.10-rc5)
-CVE-2024-40955 [ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()]
+CVE-2024-40955 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/13df4d44a3aaabe61cd01d277b6ee23ead2a5206 (6.10-rc1)
-CVE-2024-40954 [net: do not leave a dangling sk pointer, when socket creation fails]
+CVE-2024-40954 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2 (6.10-rc5)
-CVE-2024-40953 [KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()]
+CVE-2024-40953 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/49f683b41f28918df3e51ddc0d928cb2e934ccdb (6.10-rc5)
-CVE-2024-40952 [ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()]
+CVE-2024-40952 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/58f7e1e2c9e72c7974054c64c3abeac81c11f822 (6.10-rc5)
-CVE-2024-40951 [ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()]
+CVE-2024-40951 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/685d03c3795378fca6a1b3d43581f7f1a3fc095f (6.10-rc5)
-CVE-2024-40950 [mm: huge_memory: fix misused mapping_large_folio_support() for anon folios]
+CVE-2024-40950 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6a50c9b512f7734bc356f4bd47885a6f7c98491a (6.10-rc5)
-CVE-2024-40949 [mm: shmem: fix getting incorrect lruvec when replacing a shmem folio]
+CVE-2024-40949 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9094b4a1c76cfe84b906cc152bab34d4ba26fa5c (6.10-rc5)
-CVE-2024-40948 [mm/page_table_check: fix crash on ZONE_DEVICE]
+CVE-2024-40948 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43 (6.10-rc5)
-CVE-2024-40947 [ima: Avoid blocking in RCU read-side critical section]
+CVE-2024-40947 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/9a95c5bfbf02a0a7f5983280fe284a0ff0836c34 (6.10-rc5)
-CVE-2024-40946 [hid: asus: asus_report_fixup: fix potential read out of bounds]
+CVE-2024-40946 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/89e1ee118d6f0ee6bd6e80d8fe08839875daa241 (6.10-rc3)
-CVE-2024-40945 [iommu: Return right value in iommu_sva_bind_device()]
+CVE-2024-40945 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/89e8a2366e3bce584b6c01549d5019c5cda1205e (6.10-rc3)
-CVE-2024-40944 [x86/kexec: Fix bug with call depth tracking]
+CVE-2024-40944 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/93c1800b3799f17375989b0daf76497dd3e80922 (6.10-rc3)
-CVE-2024-40943 [ocfs2: fix races between hole punching and AIO+DIO]
+CVE-2024-40943 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/952b023f06a24b2ad6ba67304c4c84d45bea2f18 (6.10-rc1)
-CVE-2024-40942 [wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects]
+CVE-2024-40942 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/b7d7f11a291830fdf69d3301075dd0fb347ced84 (6.10-rc3)
-CVE-2024-40941 [wifi: iwlwifi: mvm: don't read past the mfuart notifcation]
+CVE-2024-40941 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/4bb95f4535489ed830cf9b34b0a891e384d1aee4 (6.10-rc3)
-CVE-2024-40940 [net/mlx5: Fix tainted pointer delete is case of flow rules creation fail]
+CVE-2024-40940 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/229bedbf62b13af5aba6525ad10b62ad38d9ccb5 (6.10-rc3)
-CVE-2024-40939 [net: wwan: iosm: Fix tainted pointer delete is case of region creation fail]
+CVE-2024-40939 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b0c9a26435413b81799047a7be53255640432547 (6.10-rc3)
-CVE-2024-40938 [landlock: Fix d_parent walk]
+CVE-2024-40938 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc (6.10-rc2)
-CVE-2024-40937 [gve: Clear napi->skb before dev_kfree_skb_any()]
+CVE-2024-40937 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e (6.10-rc4)
-CVE-2024-40936 [cxl/region: Fix memregion leaks in devm_cxl_add_region()]
+CVE-2024-40936 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/49ba7b515c4c0719b866d16f068e62d16a8a3dd1 (6.10-rc3)
-CVE-2024-40935 [cachefiles: flush all requests after setting CACHEFILES_DEAD]
+CVE-2024-40935 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/85e833cd7243bda7285492b0653c3abb1e2e757b (6.10-rc4)
-CVE-2024-40934 [HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()]
+CVE-2024-40934 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/ce3af2ee95170b7d9e15fff6e500d67deab1e7b3 (6.10-rc3)
-CVE-2024-40933 [iio: temperature: mlx90635: Fix ERR_PTR dereference in mlx90635_probe()]
+CVE-2024-40933 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a23c14b062d8800a2192077d83273bbfe6c7552d (6.10-rc4)
-CVE-2024-40932 [drm/exynos/vidi: fix memory leak in .get_modes()]
+CVE-2024-40932 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/38e3825631b1f314b21e3ade00b5a4d737eb054e (6.10-rc4)
-CVE-2024-40931 [mptcp: ensure snd_una is properly initialized on connect]
+CVE-2024-40931 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3 (6.10-rc4)
-CVE-2024-40930 [wifi: cfg80211: validate HE operation element parsing]
+CVE-2024-40930 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4dc3a3893dae5a7f73e5809273aca0f1f3548d55 (6.10-rc3)
-CVE-2024-40929 [wifi: iwlwifi: mvm: check n_ssids before accessing the ssids]
+CVE-2024-40929 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/60d62757df30b74bf397a2847a6db7385c6ee281 (6.10-rc3)
-CVE-2024-40928 [net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()]
+CVE-2024-40928 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0dcc53abf58d572d34c5313de85f607cd33fc691 (6.10-rc3)
-CVE-2024-40927 [xhci: Handle TD clearing for multiple streams case]
+CVE-2024-40927 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/5ceac4402f5d975e5a01c806438eb4e554771577 (6.10-rc4)
-CVE-2024-40926 [drm/nouveau: don't attempt to schedule hpd_work on headless cards]
+CVE-2024-40926 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b96a225377b6602299a03d2ce3c289b68cd41bb7 (6.10-rc4)
-CVE-2024-40925 [block: fix request.queuelist usage in flush]
+CVE-2024-40925 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d0321c812d89c5910d8da8e4b10c891c6b96ff70 (6.10-rc4)
-CVE-2024-40924 [drm/i915/dpt: Make DPT object unshrinkable]
+CVE-2024-40924 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/43e2b37e2ab660c3565d4cff27922bc70e79c3f1 (6.10-rc2)
-CVE-2024-40923 [vmxnet3: disable rx data ring on dma allocation failure]
+CVE-2024-40923 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ffbe335b8d471f79b259e950cb20999700670456 (6.10-rc3)
-CVE-2024-40922 [io_uring/rsrc: don't lock while !TASK_RUNNING]
+CVE-2024-40922 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/54559642b96116b45e4b5ca7fd9f7835b8561272 (6.10-rc4)
-CVE-2024-40921 [net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state]
+CVE-2024-40921 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/36c92936e868601fa1f43da6758cf55805043509 (6.10-rc4)
-CVE-2024-40920 [net: bridge: mst: fix suspicious rcu usage in br_mst_set_state]
+CVE-2024-40920 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/546ceb1dfdac866648ec959cbc71d9525bd73462 (6.10-rc4)
-CVE-2024-40919 [bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()]
+CVE-2024-40919 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a9b9741854a9fe9df948af49ca5514e0ed0429df (6.10-rc4)
-CVE-2024-40918 [parisc: Try to fix random segmentation faults in package builds]
+CVE-2024-40918 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/72d95924ee35c8cd16ef52f912483ee938a34d49 (6.10-rc4)
-CVE-2024-40917 [memblock: make memblock_set_node() also warn about use of MAX_NUMNODES]
+CVE-2024-40917 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e0eec24e2e199873f43df99ec39773ad3af2bff7 (6.10-rc4)
-CVE-2024-40916 [drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found]
+CVE-2024-40916 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/799d4b392417ed6889030a5b2335ccb6dcf030ab (6.10-rc4)
-CVE-2024-40915 [riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context]
+CVE-2024-40915 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/fb1cf0878328fe75d47f0aed0a65b30126fcefc4 (6.10-rc1)
-CVE-2024-40914 [mm/huge_memory: don't unpoison huge_zero_folio]
+CVE-2024-40914 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fe6f86f4b40855a130a19aa589f9ba7f650423f4 (6.10-rc1)
-CVE-2024-40913 [cachefiles: defer exposing anon_fd until after copy_to_user() succeeds]
+CVE-2024-40913 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4b4391e77a6bf24cba2ef1590e113d9b73b11039 (6.10-rc4)
-CVE-2024-40912 [wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()]
+CVE-2024-40912 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/44c06bbde6443de206b30f513100b5670b23fc5e (6.10-rc3)
-CVE-2024-40911 [wifi: cfg80211: Lock wiphy in cfg80211_get_station]
+CVE-2024-40911 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/642f89daa34567d02f312d03e41523a894906dae (6.10-rc3)
-CVE-2024-40910 [ax25: Fix refcount imbalance on inbound connections]
+CVE-2024-40910 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/3c34fb0bd4a4237592c5ecb5b2e2531900c55774 (6.10-rc3)
-CVE-2024-40909 [bpf: Fix a potential use-after-free in bpf_link_free()]
+CVE-2024-40909 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2884dc7d08d98a89d8d65121524bb7533183a63a (6.10-rc3)
-CVE-2024-40908 [bpf: Set run context for rawtp test_run callback]
+CVE-2024-40908 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d0d1df8ba18abc57f28fb3bc053b2bf319367f2c (6.10-rc3)
-CVE-2024-40907 [ionic: fix kernel panic in XDP_TX action]
+CVE-2024-40907 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/491aee894a08bc9b8bb52e7363b9d4bc6403f363 (6.10-rc3)
-CVE-2024-40906 [net/mlx5: Always stop health timer during driver removal]
+CVE-2024-40906 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c8b3f38d2dae0397944814d691a419c451f9906f (6.10-rc3)
-CVE-2024-40905 [ipv6: fix possible race in __fib6_drop_pcpu_from()]
+CVE-2024-40905 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/b01e1c030770ff3b4fe37fc7cc6bca03f594133f (6.10-rc3)
-CVE-2024-40904 [USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages]
+CVE-2024-40904 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/22f00812862564b314784167a89f27b444f82a46 (6.10-rc4)
-CVE-2024-40903 [usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps]
+CVE-2024-40903 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e7e921918d905544500ca7a95889f898121ba886 (6.10-rc4)
-CVE-2024-40902 [jfs: xattr: fix buffer overflow for invalid xattr]
+CVE-2024-40902 (In the Linux kernel, the following vulnerability has been resolved: j ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f (6.10-rc4)
-CVE-2024-40901 [scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory]
+CVE-2024-40901 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/4254dfeda82f20844299dca6c38cbffcfd499f41 (6.10-rc4)
-CVE-2024-40900 [cachefiles: remove requests from xarray during flushing requests]
+CVE-2024-40900 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0fc75c5940fa634d84e64c93bfc388e1274ed013 (6.10-rc4)
-CVE-2024-40899 [cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()]
+CVE-2024-40899 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/de3e26f9e5b76fc628077578c001c4a51bf54d06 (6.10-rc4)
-CVE-2024-39510 [cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()]
+CVE-2024-39510 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/da4a827416066191aafeeccee50a8836a826ba10 (6.10-rc4)
-CVE-2024-39509 [HID: core: remove unnecessary WARN_ON() in implement()]
+CVE-2024-39509 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5 (6.10-rc3)
-CVE-2024-39508 [io_uring/io-wq: Use set_bit() and test_bit() at worker->flags]
+CVE-2024-39508 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/8a565304927fbd28c9f028c492b5c1714002cbab (6.10-rc1)
-CVE-2024-39507 [net: hns3: fix kernel crash problem in concurrent scenario]
+CVE-2024-39507 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/12cda920212a49fa22d9e8b9492ac4ea013310a4 (6.10-rc4)
-CVE-2024-39506 [liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet]
+CVE-2024-39506 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/c44711b78608c98a3e6b49ce91678cd0917d5349 (6.10-rc4)
-CVE-2024-39505 [drm/komeda: check for error-valued pointer]
+CVE-2024-39505 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/b880018edd3a577e50366338194dee9b899947e0 (6.10-rc4)
-CVE-2024-39504 [netfilter: nft_inner: validate mandatory meta and payload]
+CVE-2024-39504 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c4ab9da85b9df3692f861512fe6c9812f38b7471 (6.10-rc4)
-CVE-2024-39503 [netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type]
+CVE-2024-39503 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10 (6.10-rc4)
-CVE-2024-39502 [ionic: fix use after netif_napi_del()]
+CVE-2024-39502 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/79f18a41dd056115d685f3b0a419c7cd40055e13 (6.10-rc4)
-CVE-2024-39501 [drivers: core: synchronize really_probe() and dev_uevent()]
+CVE-2024-39501 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/c0a40097f0bc81deafc15f9195d1fb54595cd6d0 (6.10-rc4)
-CVE-2024-39500 [sock_map: avoid race between sock_map_close and sk_psock_put]
+CVE-2024-39500 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4b4647add7d3c8530493f7247d11e257ee425bf0 (6.10-rc2)
-CVE-2024-39499 [vmci: prevent speculation leaks by sanitizing event in event_deliver()]
+CVE-2024-39499 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/8003f00d895310d409b2bf9ef907c56b42a4e0f4 (6.10-rc1)
-CVE-2024-39498 [drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2]
+CVE-2024-39498 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5a507b7d2be15fddb95bf8dee01110b723e2bcd9 (6.10-rc1)
-CVE-2024-39497 [drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)]
+CVE-2024-39497 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/39bc27bd688066a63e56f7f64ad34fae03fbe3b8 (6.10-rc2)
-CVE-2024-39496 [btrfs: zoned: fix use-after-free due to race with dev replace]
+CVE-2024-39496 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/0090d6e1b210551e63cf43958dc7a1ec942cdde9 (6.10-rc1)
-CVE-2024-39495 [greybus: Fix use-after-free bug in gb_interface_release due to race condition.]
+CVE-2024-39495 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/5c9c5d7f26acc2c669c1dcf57d1bb43ee99220ce (6.10-rc1)
-CVE-2024-39494 [ima: Fix use-after-free on a dentry's dname.name]
+CVE-2024-39494 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/be84f32bb2c981ca670922e047cdde1488b233de (6.10-rc1)
CVE-2024-6677 (Privilege escalation in uberAgent)
@@ -486,6 +602,7 @@ CVE-2024-2696 (The socialdriver-framework WordPress plugin before 2024.04.30 doe
CVE-2024-2640 (The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2430 (The Website Content in Page or Post WordPress plugin before 2024.04.09 ...)
+ TODO: check
CVE-2024-1375 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0974 (The Social Media Widget WordPress plugin before 4.0.9 does not sanitis ...)
@@ -1977,7 +2094,7 @@ CVE-2024-39896 (Directus is a real-time API and App dashboard for managing SQL d
NOT-FOR-US: Directus
CVE-2024-39895 (Directus is a real-time API and App dashboard for managing SQL databas ...)
NOT-FOR-US: Directus
-CVE-2024-39743 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to ...)
+CVE-2024-39743 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Deve ...)
NOT-FOR-US: IBM
CVE-2024-39742 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to ...)
NOT-FOR-US: IBM
@@ -2440,7 +2557,7 @@ CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an auth
NOTE: Fixed by: https://github.com/cockpit-project/cockpit/commit/08965365ac311f906a520cbf65427742d5f84ba4 (320)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2292897
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2290859
-CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and ...)
+CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p10, 2.2.0p29, 2.1.0p45, an ...)
- check-mk <removed>
CVE-2024-5887 (A Cross-Site Request Forgery (CSRF) vulnerability exists in stitionai/ ...)
NOT-FOR-US: stitionai/devika
@@ -2570,7 +2687,7 @@ CVE-2024-39322 (aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for ad
NOT-FOR-US: Aimeos e-commerce JSON API for administrative tasks
CVE-2024-38453 (The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows at ...)
NOT-FOR-US: Avalara for Salesforce CPQ app
-CVE-2024-37082 (Security check loophole in HAProxy release (in combination with routin ...)
+CVE-2024-37082 (When deploying Cloud Foundry together with the haproxy-boshrelease and ...)
TODO: check
CVE-2024-32673 (Improper Validation of Array Index vulnerability in Samsung Open Sourc ...)
TODO: check
@@ -447088,7 +447205,7 @@ CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a ref
NOT-FOR-US: CA API Developer Portal
CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored c ...)
NOT-FOR-US: CA API Developer Portal
-CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs ...)
+CVE-2018-1000040 (In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized val ...)
{DSA-4334-1}
- mupdf 1.13.0+ds1-1
[jessie] - mupdf <not-affected> (vulnerable code not present)
@@ -447099,7 +447216,7 @@ CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized val
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5609
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5610
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607
-CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the ...)
+CVE-2018-1000039 (In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs ...)
- mupdf 1.13.0+ds1-1
[stretch] - mupdf <not-affected> (vulnerable code not present)
[jessie] - mupdf <not-affected> (vulnerable code not present)
@@ -447111,7 +447228,7 @@ CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
-CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_l ...)
+CVE-2018-1000038 (In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in functi ...)
- mupdf 1.13.0+ds1-1
[stretch] - mupdf <not-affected> (vulnerable code not present)
[jessie] - mupdf <not-affected> (vulnerable code not present)
@@ -447119,7 +447236,7 @@ CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in functi
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5494
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
-CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF ...)
+CVE-2018-1000037 (In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in ...)
{DSA-4334-1}
- mupdf 1.13.0+ds1-1
[jessie] - mupdf <not-affected> (vulnerable code not present)
@@ -447132,7 +447249,7 @@ CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb
NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c
-CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...)
+CVE-2018-1000036 (In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF ...)
{DLA-2765-1}
- mupdf 1.14.0+ds1-1 (unimportant; bug #900129)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39dbeee445af521c4f38ad63f8d346ba112f409d
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39dbeee445af521c4f38ad63f8d346ba112f409d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240712/5081f16e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list