[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 30 21:13:10 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce618bb3 by security tracker role at 2024-07-30T20:12:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,117 @@
+CVE-2024-7297 (Langflow versions prior to 1.0.13 suffer from a Privilege Escalation v ...)
+ TODO: check
+CVE-2024-7226 (A vulnerability was found in SourceCodester Medicine Tracker System 1. ...)
+ TODO: check
+CVE-2024-7225 (A vulnerability was found in SourceCodester Insurance Management Syste ...)
+ TODO: check
+CVE-2024-7209 (A vulnerability exists in the use of shared SPF records in multi-tenan ...)
+ TODO: check
+CVE-2024-7208 (Hosted services do not verify the sender of an email against authentic ...)
+ TODO: check
+CVE-2024-7127 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
+ TODO: check
+CVE-2024-6699 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-5486 (A vulnerability exists in ClearPass Policy Manager that allows for an ...)
+ TODO: check
+CVE-2024-5250 (In versions of Akana API Platform prior to 2024.1.0 overly verbose err ...)
+ TODO: check
+CVE-2024-5249 (In versions of Akana API Platform prior to 2024.1.0, SAML tokens can b ...)
+ TODO: check
+CVE-2024-4188 (Unprotected Transport of Credentials vulnerability in OpenText\u2122 D ...)
+ TODO: check
+CVE-2024-41945 (fuels-ts is a library for interacting with Fuel v2. The typescript SD ...)
+ TODO: check
+CVE-2024-41944 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
+ TODO: check
+CVE-2024-41943 (I, Librarian is an open-source version of a PDF managing SaaS. PDF not ...)
+ TODO: check
+CVE-2024-41924 (Acceptance of extraneous untrusted data with trusted data vulnerabilit ...)
+ TODO: check
+CVE-2024-41916 (A vulnerability exists in ClearPass Policy Manager that allows for an ...)
+ TODO: check
+CVE-2024-41915 (A vulnerability in the web-based management interface of ClearPass Pol ...)
+ TODO: check
+CVE-2024-41804 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
+ TODO: check
+CVE-2024-41803 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
+ TODO: check
+CVE-2024-41802 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
+ TODO: check
+CVE-2024-41702 (SiberianCMS - CWE-89: Improper Neutralization of Special Elements used ...)
+ TODO: check
+CVE-2024-41701 (AccuPOS - CWE-200: Exposure of Sensitive Information to an Unauthorize ...)
+ TODO: check
+CVE-2024-41696 (Priority PRI WEB PortalAdd-On for Priority ERP on prem - CWE-200: E ...)
+ TODO: check
+CVE-2024-41695 (Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Di ...)
+ TODO: check
+CVE-2024-41694 (Cybonet - CWE-200: Exposure of Sensitive Information to an Unauthorize ...)
+ TODO: check
+CVE-2024-41693 (Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags i ...)
+ TODO: check
+CVE-2024-41611 (In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service c ...)
+ TODO: check
+CVE-2024-41610 (D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded cr ...)
+ TODO: check
+CVE-2024-41443 (A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of ...)
+ TODO: check
+CVE-2024-41440 (A heap buffer overflow in the function png_quantize() of hicolor v0.5. ...)
+ TODO: check
+CVE-2024-41439 (A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) ...)
+ TODO: check
+CVE-2024-41438 (A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h ...)
+ TODO: check
+CVE-2024-41437 (A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png ...)
+ TODO: check
+CVE-2024-41305 (A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS ...)
+ TODO: check
+CVE-2024-41304 (An arbitrary file upload vulnerability in the uploadFileAction() funct ...)
+ TODO: check
+CVE-2024-41141 (Stored cross-site scripting vulnerability exists in EC-CUBE Web API Pl ...)
+ TODO: check
+CVE-2024-41109 (Pimcore's Admin Classic Bundle provides a backend user interface for P ...)
+ TODO: check
+CVE-2024-40895 (FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/ ...)
+ TODO: check
+CVE-2024-3930 (In versions of Akana API Platform prior to 2024.1.0a flaw resulting in ...)
+ TODO: check
+CVE-2024-39320 (Discourse is an open source discussion platform. Prior to 3.2.5 and 3. ...)
+ TODO: check
+CVE-2024-39012 (ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollut ...)
+ TODO: check
+CVE-2024-39011 (Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers ...)
+ TODO: check
+CVE-2024-39010 (chase-moskal snapstate v0.0.9 was discovered to contain a prototype po ...)
+ TODO: check
+CVE-2024-38986 (Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execu ...)
+ TODO: check
+CVE-2024-38984 (Prototype Pollution in lukebond json-override 0.2.0 allows attackers t ...)
+ TODO: check
+CVE-2024-38909 (Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. C ...)
+ TODO: check
+CVE-2024-38432 (MatrixTafnit v8 - CWE-646: Reliance on File Name or Extension of ...)
+ TODO: check
+CVE-2024-38431 (MatrixTafnit v8 - CWE-204: Observable Response Discrepancy)
+ TODO: check
+CVE-2024-38430 (Matrix - CWE-79: Improper Neutralization of Input During Web Page Gene ...)
+ TODO: check
+CVE-2024-38429 (MatrixTafnit v8 - CWE-552: Files or Directories Accessible to Extern ...)
+ TODO: check
+CVE-2024-37299 (Discourse is an open source discussion platform. Prior to 3.2.5 and 3. ...)
+ TODO: check
+CVE-2024-37165 (Discourse is an open source discussion platform. Prior to 3.2.3 and 3. ...)
+ TODO: check
+CVE-2024-36572 (Prototype pollution in allpro form-manager 0.7.4 allows attackers to r ...)
+ TODO: check
+CVE-2024-23091 (Weak password hashing using MD5 in funzioni.php in HotelDruid before 1 ...)
+ TODO: check
+CVE-2023-48396 (Web Authentication vulnerability in Apache SeaTunnel.Since the jwt key ...)
+ TODO: check
+CVE-2023-38001 (IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forg ...)
+ TODO: check
+CVE-2023-33976 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2024-7252 (Comodo Internet Security Pro cmdagent Link Following Local Privilege E ...)
NOT-FOR-US: Comodo
CVE-2024-7251 (Comodo Internet Security Pro cmdagent Link Following Local Privilege E ...)
@@ -62,297 +176,297 @@ CVE-2024-5765 (The WpStickyBar WordPress plugin through 2.1.0 does not properly
NOT-FOR-US: WordPress plugin
CVE-2024-4096 (The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-42231 [btrfs: zoned: fix calc_available_free_space() for zoned mode]
+CVE-2024-42231 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/64d2c847ba380e07b9072d65a50aa6469d2aa43f (6.10-rc7)
-CVE-2024-42230 [powerpc/pseries: Fix scv instruction crash with kexec]
+CVE-2024-42230 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/21a741eb75f80397e5f7d3739e24d7d75e619011 (6.10-rc7)
-CVE-2024-42229 [crypto: aead,cipher - zeroize key buffer after use]
+CVE-2024-42229 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/23e4099bdc3c8381992f9eb975c79196d6755210 (6.10-rc1)
-CVE-2024-42228 [drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc]
+CVE-2024-42228 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)
-CVE-2024-42227 [drm/amd/display: Fix overlapping copy within dml_core_mode_programming]
+CVE-2024-42227 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/f1fd8a0a54e6d23a6d16ee29159f247862460fd1 (6.10-rc1)
-CVE-2024-42226 [usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB]
+CVE-2024-42226 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.99-1
NOTE: https://git.kernel.org/linus/66cb618bf0bb82859875b00eeffaf223557cb416 (6.10-rc1)
-CVE-2024-42225 [wifi: mt76: replace skb_put with skb_put_zero]
+CVE-2024-42225 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/7f819a2f4fbc510e088b49c79addcf1734503578 (6.10-rc1)
-CVE-2024-42224 [net: dsa: mv88e6xxx: Correct check for empty list]
+CVE-2024-42224 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)
-CVE-2024-42223 [media: dvb-frontends: tda10048: Fix integer overflow]
+CVE-2024-42223 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/1aa1329a67cc214c3b7bd2a14d1301a795760b07 (6.10-rc1)
-CVE-2024-42162 [gve: Account for stopped queues when reading NIC stats]
+CVE-2024-42162 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/af9bcf910b1f86244f39e15e701b2dc564b469a6 (6.10-rc1)
-CVE-2024-42161 [bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD]
+CVE-2024-42161 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/009367099eb61a4fc2af44d4eb06b6b4de7de6db (6.10-rc1)
-CVE-2024-42160 [f2fs: check validation of fault attrs in f2fs_build_fault_attr()]
+CVE-2024-42160 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)
-CVE-2024-42159 [scsi: mpi3mr: Sanitise num_phys]
+CVE-2024-42159 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)
-CVE-2024-42158 [s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings]
+CVE-2024-42158 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/22e6824622e8a8889df0f8fc4ed5aea0e702a694 (6.10-rc1)
-CVE-2024-42157 [s390/pkey: Wipe sensitive data on failure]
+CVE-2024-42157 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/1d8c270de5eb74245d72325d285894a577a945d9 (6.10-rc1)
-CVE-2024-42156 [s390/pkey: Wipe copies of clear-key structures on failure]
+CVE-2024-42156 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/d65d76a44ffe74c73298ada25b0f578680576073 (6.10-rc1)
-CVE-2024-42155 [s390/pkey: Wipe copies of protected- and secure-keys]
+CVE-2024-42155 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207 (6.10-rc1)
-CVE-2024-42154 [tcp_metrics: validate source addr length]
+CVE-2024-42154 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)
-CVE-2024-42153 [i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr]
+CVE-2024-42153 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/f63b94be6942ba82c55343e196bd09b53227618e (6.10-rc7)
-CVE-2024-42152 [nvmet: fix a possible leak when destroy a ctrl during qp establishment]
+CVE-2024-42152 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4 (6.10-rc2)
-CVE-2024-42151 [bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable]
+CVE-2024-42151 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/1479eaff1f16983d8fda7c5a08a586c21891087d (6.10-rc1)
-CVE-2024-42150 [net: txgbe: remove separate irq request for MSI and INTx]
+CVE-2024-42150 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bd07a98178462e7a02ed2bf7dec90a00944c1da5 (6.10-rc7)
-CVE-2024-42149 [fs: don't misleadingly warn during thaw operations]
+CVE-2024-42149 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2ae4db5647d807efb6a87c09efaa6d1db9c905d7 (6.10-rc7)
-CVE-2024-42148 [bnx2x: Fix multiple UBSAN array-index-out-of-bounds]
+CVE-2024-42148 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/134061163ee5ca4759de5c24ca3bd71608891ba7 (6.10-rc7)
-CVE-2024-42147 [crypto: hisilicon/debugfs - Fix debugfs uninit process issue]
+CVE-2024-42147 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/8be0913389718e8d27c4f1d4537b5e1b99ed7739 (6.10-rc1)
-CVE-2024-42146 [drm/xe: Add outer runtime_pm protection to xe_live_ktest at xe_dma_buf]
+CVE-2024-42146 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/f9116f658a6217b101e3b4e89f845775b6fb05d9 (6.10-rc1)
-CVE-2024-42145 [IB/core: Implement a limit on UMAD receive List]
+CVE-2024-42145 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/ca0b44e20a6f3032224599f02e7c8fb49525c894 (6.10-rc1)
-CVE-2024-42144 [thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data]
+CVE-2024-42144 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/a1191a77351e25ddf091bb1a231cae12ee598b5d (6.10-rc1)
-CVE-2024-42143 [orangefs: fix out-of-bounds fsid access]
+CVE-2024-42143 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/53e4efa470d5fc6a96662d2d3322cfc925818517 (6.10-rc1)
-CVE-2024-42142 [net/mlx5: E-switch, Create ingress ACL when needed]
+CVE-2024-42142 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b20c2fb45470d0c7a603613c9cfa5d45720e17f2 (6.10-rc7)
-CVE-2024-42141 [Bluetooth: ISO: Check socket flag instead of hcon]
+CVE-2024-42141 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/596b6f081336e77764ca35cfeab66d0fcdbe544e (6.10-rc7)
-CVE-2024-42140 [riscv: kexec: Avoid deadlock in kexec crash path]
+CVE-2024-42140 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c562ba719df570c986caf0941fea2449150bcbc4 (6.10-rc7)
-CVE-2024-42139 [ice: Fix improper extts handling]
+CVE-2024-42139 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)
-CVE-2024-42138 [mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file]
+CVE-2024-42138 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8ce34dccbe8fa7d2ef86f2d8e7db2a9b67cabfc3 (6.10-rc7)
-CVE-2024-42137 [Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot]
+CVE-2024-42137 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/88e72239ead9814b886db54fc4ee39ef3c2b8f26 (6.10-rc7)
-CVE-2024-42136 [cdrom: rearrange last_media_change check to avoid unintentional overflow]
+CVE-2024-42136 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/efb905aeb44b0e99c0e6b07865b1885ae0471ebf (6.10-rc1)
-CVE-2024-42135 [vhost_task: Handle SIGKILL by flushing work and exiting]
+CVE-2024-42135 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/db5247d9bf5c6ade9fd70b4e4897441e0269b233 (6.10-rc1)
-CVE-2024-42134 [virtio-pci: Check if is_avq is NULL]
+CVE-2024-42134 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/c8fae27d141a32a1624d0d0d5419d94252824498 (6.10-rc1)
-CVE-2024-42133 [Bluetooth: Ignore too large handle values in BIG]
+CVE-2024-42133 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/015d79c96d62cd8a4a359fcf5be40d58088c936b (6.10-rc7)
-CVE-2024-42132 [bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX]
+CVE-2024-42132 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1cc18c2ab2e8c54c355ea7c0423a636e415a0c23 (6.10-rc7)
-CVE-2024-42131 [mm: avoid overflows in dirty throttling logic]
+CVE-2024-42131 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/385d838df280eba6c8680f9777bfa0d0bfe7e8b2 (6.10-rc7)
-CVE-2024-42130 [nfc/nci: Add the inconsistency check between the input data length and count]
+CVE-2024-42130 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/068648aab72c9ba7b0597354ef4d81ffaac7b979 (6.10-rc2)
-CVE-2024-42129 [leds: mlxreg: Use devm_mutex_init() for mutex initialization]
+CVE-2024-42129 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/efc347b9efee1c2b081f5281d33be4559fa50a16 (6.10-rc1)
-CVE-2024-42128 [leds: an30259a: Use devm_mutex_init() for mutex initialization]
+CVE-2024-42128 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/c382e2e3eccb6b7ca8c7aff5092c1668428e7de6 (6.10-rc1)
-CVE-2024-42127 [drm/lima: fix shared irq handling on driver remove]
+CVE-2024-42127 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/a6683c690bbfd1f371510cb051e8fa49507f3f5e (6.10-rc1)
-CVE-2024-42126 [powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.]
+CVE-2024-42126 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/0db880fc865ffb522141ced4bfa66c12ab1fbb70 (6.10-rc1)
-CVE-2024-42125 [wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband]
+CVE-2024-42125 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)
-CVE-2024-42124 [scsi: qedf: Make qedf_execute_tmf() non-preemptible]
+CVE-2024-42124 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/0d8b637c9c5eeaa1a4e3dfb336f3ff918eb64fec (6.10-rc1)
-CVE-2024-42123 [drm/amdgpu: fix double free err_addr pointer warnings]
+CVE-2024-42123 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/506c245f3f1cd989cb89811a7f06e04ff8813a0d (6.10-rc1)
-CVE-2024-42122 [drm/amd/display: Add NULL pointer check for kzalloc]
+CVE-2024-42122 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)
-CVE-2024-42121 [drm/amd/display: Check index msg_id before read or write]
+CVE-2024-42121 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/59d99deb330af206a4541db0c4da8f73880fba03 (6.10-rc1)
-CVE-2024-42120 [drm/amd/display: Check pipe offset before setting vblank]
+CVE-2024-42120 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/5396a70e8cf462ec5ccf2dc8de103c79de9489e6 (6.10-rc1)
-CVE-2024-42119 [drm/amd/display: Skip finding free audio for unknown engine_id]
+CVE-2024-42119 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3 (6.10-rc1)
-CVE-2024-42118 [drm/amd/display: Do not return negative stream id for array]
+CVE-2024-42118 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/3ac31c9a707dd1c7c890b95333182f955e9dcb57 (6.10-rc1)
-CVE-2024-42117 [drm/amd/display: ASSERT when failing to find index by plane/stream id]
+CVE-2024-42117 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/01eb50e53c1ce505bf449348d433181310288765 (6.10-rc1)
-CVE-2024-42116 [igc: fix a log entry using uninitialized netdev]
+CVE-2024-42116 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)
-CVE-2024-42115 [jffs2: Fix potential illegal address access in jffs2_free_inode]
+CVE-2024-42115 (In the Linux kernel, the following vulnerability has been resolved: j ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/af9a8730ddb6a4b2edd779ccc0aceb994d616830 (6.10-rc1)
-CVE-2024-42114 [wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values]
+CVE-2024-42114 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/d1cba2ea8121e7fdbe1328cea782876b1dd80993 (6.10-rc7)
-CVE-2024-42113 [net: txgbe: initialize num_q_vectors for MSI/INTx interrupts]
+CVE-2024-42113 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7c36711a2cd8059c2d24f5e5c1d76e8ea2d5613c (6.10-rc7)
-CVE-2024-42112 [net: txgbe: free isb resources at the right time]
+CVE-2024-42112 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/935124dd5883b5de68dc5a94f582480a10643dc9 (6.10-rc7)
-CVE-2024-42111 [btrfs: always do the basic checks for btrfs_qgroup_inherit structure]
+CVE-2024-42111 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/724d8042cef84496ddb4492dc120291f997ae26b (6.10-rc7)
-CVE-2024-42110 [net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()]
+CVE-2024-42110 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/e15a5d821e5192a3769d846079bc9aa380139baf (6.10-rc7)
-CVE-2024-42109 [netfilter: nf_tables: unconditionally flush pending work before notifier]
+CVE-2024-42109 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9f6958ba2e902f9820c594869bd710ba74b7c4c0 (6.10-rc7)
-CVE-2024-42108 [net: rswitch: Avoid use-after-free in rswitch_poll()]
+CVE-2024-42108 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9a0c28efeec6383ef22e97437616b920e7320b67 (6.10-rc7)
-CVE-2024-42107 [ice: Don't process extts if PTP is disabled]
+CVE-2024-42107 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)
-CVE-2024-42106 [inet_diag: Initialize pad field in struct inet_diag_req_v2]
+CVE-2024-42106 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/61cf1c739f08190a4cbf047b9fbb192a94d87e3f (6.10-rc7)
-CVE-2024-42105 [nilfs2: fix inode number range checks]
+CVE-2024-42105 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/e2fec219a36e0993642844be0f345513507031f4 (6.10-rc7)
-CVE-2024-42104 [nilfs2: add missing check for inode numbers on directory entries]
+CVE-2024-42104 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/bb76c6c274683c8570ad788f79d4b875bde0e458 (6.10-rc7)
-CVE-2024-42103 [btrfs: fix adding block group to a reclaim list and the unused list during reclaim]
+CVE-2024-42103 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/48f091fd50b2eb33ae5eaea9ed3c4f81603acf38 (6.10-rc7)
-CVE-2024-42102 [Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"]
+CVE-2024-42102 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/30139c702048f1097342a31302cbd3d478f50c63 (6.10-rc7)
-CVE-2024-42101 [drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes]
+CVE-2024-42101 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.9.9-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/80bec6825b19d95ccdfd3393cf8ec15ff2a749b4 (6.10-rc7)
-CVE-2024-42100 [clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common]
+CVE-2024-42100 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ea977d742507e534d9fe4f4d74256f6b7f589338 (6.10-rc7)
-CVE-2024-42099 [s390/dasd: Fix invalid dereferencing of indirect CCW data pointer]
+CVE-2024-42099 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b3a58f3b90f564f42a5c35778d8c5107b2c2150b (6.10-rc7)
-CVE-2023-52888 [media: mediatek: vcodec: Only free buffer VA that is not NULL]
+CVE-2023-52888 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.9-1
NOTE: https://git.kernel.org/linus/eb005c801ec70ff4307727bd3bd6e8280169ef32 (6.10-rc1)
CVE-2024-40836 (A logic issue was addressed with improved checks. This issue is fixed ...)
@@ -110554,10 +110668,10 @@ CVE-2023-26291 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: Forcepoint
CVE-2023-26290 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Forcepoint
-CVE-2023-26289
- RESERVED
-CVE-2023-26288
- RESERVED
+CVE-2023-26289 (IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, ...)
+ TODO: check
+CVE-2023-26288 (IBM Aspera Orchestrator 4.0.1 does not invalidate session after a pass ...)
+ TODO: check
CVE-2023-26287
RESERVED
CVE-2023-26286 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
@@ -169998,8 +170112,8 @@ CVE-2022-33169 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vul
NOT-FOR-US: IBM
CVE-2022-33168 (IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause ...)
NOT-FOR-US: IBM
-CVE-2022-33167
- RESERVED
+CVE-2022-33167 (IBM Security Directory Integrator 7.2.0 and IBM Security Verify Direct ...)
+ TODO: check
CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...)
NOT-FOR-US: IBM
CVE-2022-33165 (IBM Security Directory Server 6.4.0 could allow a remote attacker to t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce618bb367668b4233f5e9ed8f9dba0d087d3f4e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce618bb367668b4233f5e9ed8f9dba0d087d3f4e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240730/78daccf5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list