[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 20 21:12:46 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
79387d27 by security tracker role at 2024-06-20T20:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,310 +1,408 @@
-CVE-2023-52883 [drm/amdgpu: Fix possible null pointer dereference]
+CVE-2024-6196 (A vulnerability was found in itsourcecode Banking Management System 1. ...)
+	TODO: check
+CVE-2024-6195 (A vulnerability has been found in itsourcecode Tailoring Management Sy ...)
+	TODO: check
+CVE-2024-6194 (A vulnerability, which was classified as critical, was found in itsour ...)
+	TODO: check
+CVE-2024-6193 (A vulnerability, which was classified as critical, has been found in i ...)
+	TODO: check
+CVE-2024-6192 (A vulnerability classified as critical was found in itsourcecode Loan  ...)
+	TODO: check
+CVE-2024-6191 (A vulnerability classified as critical has been found in itsourcecode  ...)
+	TODO: check
+CVE-2024-6190 (A vulnerability was found in itsourcecode Farm Management System 1.0.  ...)
+	TODO: check
+CVE-2024-6189 (A vulnerability was found in Tenda A301 15.13.08.12. It has been class ...)
+	TODO: check
+CVE-2024-6188 (A vulnerability was found in Parsec Automation TrackSYS 11.x.x and cla ...)
+	TODO: check
+CVE-2024-6187 (A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as  ...)
+	TODO: check
+CVE-2024-6186 (A vulnerability, which was classified as critical, was found in Ruijie ...)
+	TODO: check
+CVE-2024-6185 (A vulnerability, which was classified as critical, has been found in R ...)
+	TODO: check
+CVE-2024-6184 (A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. ...)
+	TODO: check
+CVE-2024-6183 (A vulnerability classified as problematic has been found in EZ-Suite E ...)
+	TODO: check
+CVE-2024-6182 (A vulnerability was found in LabVantage LIMS 2017. It has been rated a ...)
+	TODO: check
+CVE-2024-6181 (A vulnerability was found in LabVantage LIMS 2017. It has been declare ...)
+	TODO: check
+CVE-2024-6162 (A vulnerability was found in Undertow. URL-encoded request path inform ...)
+	TODO: check
+CVE-2024-5886
+	REJECTED
+CVE-2024-5156 (The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
+	TODO: check
+CVE-2024-5036 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...)
+	TODO: check
+CVE-2024-37897 (SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S  ...)
+	TODO: check
+CVE-2024-37818 (Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery ...)
+	TODO: check
+CVE-2024-37699 (An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Inj ...)
+	TODO: check
+CVE-2024-37676 (An issue in htop-dev htop v.2.20 allows a local attacker to cause an o ...)
+	TODO: check
+CVE-2024-37674 (Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote ...)
+	TODO: check
+CVE-2024-37626 (A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 fir ...)
+	TODO: check
+CVE-2024-37532 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity ...)
+	TODO: check
+CVE-2024-37352 (There is a cross-site scripting vulnerability in the management UI of  ...)
+	TODO: check
+CVE-2024-37351 (There is a cross-site scripting vulnerability in the management UI of  ...)
+	TODO: check
+CVE-2024-37350 (There is a cross-site scripting vulnerability in the policy management ...)
+	TODO: check
+CVE-2024-37349 (There is a cross-site scripting vulnerability in the management UI of  ...)
+	TODO: check
+CVE-2024-37348 (There is a cross-site scripting vulnerability in the management UI of  ...)
+	TODO: check
+CVE-2024-37347 (There is a cross-site scripting vulnerability in the pool configuratio ...)
+	TODO: check
+CVE-2024-37346 (There is an insufficient input validation vulnerability in the Warehou ...)
+	TODO: check
+CVE-2024-37345 (There is a cross-site scripting vulnerability in the Secure Access adm ...)
+	TODO: check
+CVE-2024-37344 (There is a cross-site scripting vulnerability in the Policy management ...)
+	TODO: check
+CVE-2024-37343 (There is a cross-site scripting vulnerability in the Secure Access adm ...)
+	TODO: check
+CVE-2024-37222 (Cross Site Scripting (XSS) vulnerability in Averta Master Slider allow ...)
+	TODO: check
+CVE-2024-34693 (Improper Input Validation vulnerability in Apache Superset, allows for ...)
+	TODO: check
+CVE-2024-33335 (SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote at ...)
+	TODO: check
+CVE-2024-29013 (Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows ...)
+	TODO: check
+CVE-2024-29012 (Stack-based buffer overflow vulnerability in the SonicOS HTTP server a ...)
+	TODO: check
+CVE-2024-28397 (An issue in the component js2py.disable_pyimport() of js2py up to v0.7 ...)
+	TODO: check
+CVE-2024-28147 (An authenticated user can upload arbitrary files in the upload  functi ...)
+	TODO: check
+CVE-2023-49113 (The Kiuwan Local Analyzer (KLA) Java scanning application contains sev ...)
+	TODO: check
+CVE-2023-49112 (Kiuwan provides an API endpoint  /saas/rest/v1/info/application  to ge ...)
+	TODO: check
+CVE-2023-49111 (For Kiuwan installations with SSO (single sign-on) enabled, an  unauth ...)
+	TODO: check
+CVE-2023-49110 (When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan  ...)
+	TODO: check
+CVE-2023-3353
+	REJECTED
+CVE-2023-52883 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.5.10-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/51b79f33817544e3b4df838d86e8e8e4388ff684 (6.6-rc7)
-CVE-2022-48771 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
+CVE-2022-48771 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c (5.17-rc2)
-CVE-2022-48770 [bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()]
+CVE-2022-48770 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b992f01e66150fc5e90be4a96f5eb8e634c8249e (5.17-rc2)
-CVE-2022-48769 [efi: runtime: avoid EFIv2 runtime services on Apple x86 machines]
+CVE-2022-48769 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/f5390cd0b43c2e54c7cf5506c7da4a37c5cef746 (5.17-rc2)
-CVE-2022-48768 [tracing/histogram: Fix a potential memory leak for kstrdup()]
+CVE-2022-48768 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e629e7b525a179e29d53463d992bdee759c950fb (5.17-rc2)
-CVE-2022-48767 [ceph: properly put ceph_string reference after async create attempt]
+CVE-2022-48767 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/932a9b5870d38b87ba0a9923c804b1af7d3605b9 (5.17-rc2)
-CVE-2022-48766 [drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.]
+CVE-2022-48766 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 5.16.7-1
 	NOTE: https://git.kernel.org/linus/25f1488bdbba63415239ff301fe61a8546140d9f (5.17-rc2)
-CVE-2022-48765 [KVM: LAPIC: Also cancel preemption timer during SET_LAPIC]
+CVE-2022-48765 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 5.16.7-1
 	NOTE: https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 (5.17-rc2)
-CVE-2022-48764 [KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}]
+CVE-2022-48764 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 5.16.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/811f95ff95270e6048197821434d9301e3d7f07c (5.17-rc2)
-CVE-2022-48763 [KVM: x86: Forcibly leave nested virt when SMM state is toggled]
+CVE-2022-48763 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/f7e570780efc5cec9b2ed1e0472a7da14e864fdb (5.17-rc2)
-CVE-2022-48762 [arm64: extable: fix load_unaligned_zeropad() reg indices]
+CVE-2022-48762 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 5.16.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3758a6c74e08bdc15ccccd6872a6ad37d165239a (5.17-rc2)
-CVE-2022-48761 [usb: xhci-plat: fix crash when suspend if remote wake enable]
+CVE-2022-48761 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/9df478463d9feb90dae24f183383961cf123a0ec (5.17-rc2)
-CVE-2022-48760 [USB: core: Fix hang in usb_kill_urb by adding memory barriers]
+CVE-2022-48760 (In the Linux kernel, the following vulnerability has been resolved:  U ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/26fbe9772b8c459687930511444ce443011f86bf (5.17-rc2)
-CVE-2022-48759 [rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev]
+CVE-2022-48759 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/b7fb2dad571d1e21173c06cef0bced77b323990a (5.17-rc2)
-CVE-2022-48758 [scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()]
+CVE-2022-48758 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/847f9ea4c5186fdb7b84297e3eeed9e340e83fce (5.17-rc2)
-CVE-2022-48757 [net: fix information leakage in /proc/net/ptype]
+CVE-2022-48757 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/47934e06b65637c88a762d9c98329ae6e3238888 (5.17-rc2)
-CVE-2022-48756 [drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable]
+CVE-2022-48756 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/5e761a2287234bc402ba7ef07129f5103bcd775c (5.17-rc2)
-CVE-2022-48755 [powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06]
+CVE-2022-48755 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/3f5f766d5f7f95a69a630da3544a1a0cee1cdddf (5.17-rc2)
-CVE-2022-48754 [phylib: fix potential use-after-free]
+CVE-2022-48754 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/cbda1b16687580d5beee38273f6241ae3725960c (5.17-rc2)
-CVE-2022-48753 [block: fix memory leak in disk_register_independent_access_ranges]
+CVE-2022-48753 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 5.16.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/83114df32ae779df57e0af99a8ba6c3968b2ba3d (5.17-rc2)
-CVE-2022-48752 [powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending]
+CVE-2022-48752 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/fb6433b48a178d4672cb26632454ee0b21056eaa (5.17-rc2)
-CVE-2022-48751 [net/smc: Transitional solution for clcsock race issue]
+CVE-2022-48751 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.7-1
 	NOTE: https://git.kernel.org/linus/c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760 (5.17-rc2)
-CVE-2022-48750 [hwmon: (nct6775) Fix crash in clear_caseopen]
+CVE-2022-48750 (In the Linux kernel, the following vulnerability has been resolved:  h ...)
 	- linux 5.16.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/79da533d3cc717ccc05ddbd3190da8a72bc2408b (5.17-rc2)
-CVE-2022-48749 [drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc]
+CVE-2022-48749 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/170b22234d5495f5e0844246e23f004639ee89ba (5.17-rc2)
-CVE-2022-48748 [net: bridge: vlan: fix memory leak in __allowed_ingress]
+CVE-2022-48748 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/fd20d9738395cf8e27d0a17eba34169699fccdff (5.17-rc2)
-CVE-2022-48747 [block: Fix wrong offset in bio_truncate()]
+CVE-2022-48747 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/3ee859e384d453d6ac68bfd5971f630d9fa46ad3 (5.17-rc1)
-CVE-2022-48746 [net/mlx5e: Fix handling of wrong devices during bond netevent]
+CVE-2022-48746 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/ec41332e02bd0acf1f24206867bb6a02f5877a62 (5.17-rc3)
-CVE-2022-48745 [net/mlx5: Use del_timer_sync in fw reset flow of halting poll]
+CVE-2022-48745 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3c5193a87b0fea090aa3f769d020337662d87b5e (5.17-rc3)
-CVE-2022-48744 [net/mlx5e: Avoid field-overflowing memcpy()]
+CVE-2022-48744 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.7-1
 	NOTE: https://git.kernel.org/linus/ad5185735f7dab342fdd0dd41044da4c9ccfef67 (5.17-rc3)
-CVE-2022-48743 [net: amd-xgbe: Fix skb data length underflow]
+CVE-2022-48743 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/5aac9108a180fc06e28d4e7fb00247ce603b72ee (5.17-rc3)
-CVE-2022-48742 [rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()]
+CVE-2022-48742 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/c6f6f2444bdbe0079e41914a35081530d0409963 (5.17-rc3)
-CVE-2022-48741 [ovl: fix NULL pointer dereference in copy up warning]
+CVE-2022-48741 (In the Linux kernel, the following vulnerability has been resolved:  o ...)
 	- linux 5.16.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/4ee7e4a6c9b298da44029ed9ec8ed23ae49cc209 (5.17-rc3)
-CVE-2022-48740 [selinux: fix double free of cond_list on error paths]
+CVE-2022-48740 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/186edf7e368c40d06cf727a1ad14698ea67b74ad (5.17-rc3)
-CVE-2022-48739 [ASoC: hdmi-codec: Fix OOB memory accesses]
+CVE-2022-48739 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 5.16.10-1
 	NOTE: https://git.kernel.org/linus/06feec6005c9d9500cd286ec440aabf8b2ddd94d (5.17-rc3)
-CVE-2022-48738 [ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()]
+CVE-2022-48738 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0 (5.17-rc3)
-CVE-2022-48737 [ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()]
+CVE-2022-48737 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e (5.17-rc3)
-CVE-2022-48736 [ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()]
+CVE-2022-48736 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/4cf28e9ae6e2e11a044be1bcbcfa1b0d8675fe4d (5.17-rc3)
-CVE-2022-48735 [ALSA: hda: Fix UAF of leds class devs at unbinding]
+CVE-2022-48735 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/549f8ffc7b2f7561bea7f90930b6c5104318e87b (5.17-rc3)
-CVE-2022-48734 [btrfs: fix deadlock between quota disable and qgroup rescan worker]
+CVE-2022-48734 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/e804861bd4e69cc5fe1053eedcb024982dde8e48 (5.17-rc3)
-CVE-2022-48733 [btrfs: fix use-after-free after failure to create a snapshot]
+CVE-2022-48733 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 5.16.10-1
 	NOTE: https://git.kernel.org/linus/28b21c558a3753171097193b6f6602a94169093a (5.17-rc3)
-CVE-2022-48732 [drm/nouveau: fix off by one in BIOS boundary checking]
+CVE-2022-48732 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a (5.17-rc3)
-CVE-2022-48731 [mm/kmemleak: avoid scanning potential huge holes]
+CVE-2022-48731 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/c10a0f877fe007021d70f9cada240f42adc2b5db (5.17-rc3)
-CVE-2022-48730 [dma-buf: heaps: Fix potential spectre v1 gadget]
+CVE-2022-48730 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/92c4cfaee6872038563c5b6f2e8e613f9d84d47d (5.17-rc3)
-CVE-2022-48729 [IB/hfi1: Fix panic with larger ipoib send_queue_size]
+CVE-2022-48729 (In the Linux kernel, the following vulnerability has been resolved:  I ...)
 	- linux 5.16.10-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/8c83d39cc730378bbac64d67a551897b203a606e (5.17-rc3)
-CVE-2022-48728 [IB/hfi1: Fix AIP early init panic]
+CVE-2022-48728 (In the Linux kernel, the following vulnerability has been resolved:  I ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/5f8f55b92edd621f056bdf09e572092849fabd83 (5.17-rc3)
-CVE-2022-48727 [KVM: arm64: Avoid consuming a stale esr value when SError occur]
+CVE-2022-48727 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 5.16.10-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/1c71dbc8a179d99dd9bb7e7fc1888db613cf85de (5.17-rc3)
-CVE-2022-48726 [RDMA/ucma: Protect mc during concurrent multicast leaves]
+CVE-2022-48726 (In the Linux kernel, the following vulnerability has been resolved:  R ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/36e8169ec973359f671f9ec7213547059cae972e (5.17-rc3)
-CVE-2022-48725 [RDMA/siw: Fix refcounting leak in siw_create_qp()]
+CVE-2022-48725 (In the Linux kernel, the following vulnerability has been resolved:  R ...)
 	- linux 5.16.10-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a75badebfdc0b3823054bedf112edb54d6357c75 (5.17-rc3)
-CVE-2022-48724 [iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()]
+CVE-2022-48724 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/99e675d473eb8cf2deac1376a0f840222fc1adcf (5.17-rc3)
-CVE-2022-48723 [spi: uniphier: fix reference count leak in uniphier_spi_probe()]
+CVE-2022-48723 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/37c2c83ca4f1ef4b6908181ac98e18360af89b42 (5.17-rc3)
-CVE-2022-48722 [net: ieee802154: ca8210: Stop leaking skb's]
+CVE-2022-48722 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/621b24b09eb61c63f262da0c9c5f0e93348897e5 (5.17-rc3)
-CVE-2022-48721 [net/smc: Forward wakeup to smc socket waitqueue after fallback]
+CVE-2022-48721 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.10-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/341adeec9adad0874f29a0a1af35638207352a39 (5.17-rc3)
-CVE-2022-48720 [net: macsec: Fix offload support for NETDEV_UNREGISTER event]
+CVE-2022-48720 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/9cef24c8b76c1f6effe499d2f131807c90f7ce9a (5.17-rc3)
-CVE-2022-48719 [net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work]
+CVE-2022-48719 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.10-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/4a81f6da9cb2d1ef911131a6fd8bd15cb61fc772 (5.17-rc3)
-CVE-2022-48718 [drm: mxsfb: Fix NULL pointer dereference]
+CVE-2022-48718 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 5.16.10-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/622c9a3a7868e1eeca39c55305ca3ebec4742b64 (5.17-rc3)
-CVE-2022-48717 [ASoC: max9759: fix underflow in speaker_gain_control_put()]
+CVE-2022-48717 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/4c907bcd9dcd233da6707059d777ab389dcbd964 (5.17-rc3)
-CVE-2022-48716 [ASoC: codecs: wcd938x: fix incorrect used of portid]
+CVE-2022-48716 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 5.16.10-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c5c1546a654f613e291a7c5d6f3660fc1eb6d0c7 (5.17-rc3)
-CVE-2022-48715 [scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe]
+CVE-2022-48715 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/936bd03405fc83ba039d42bc93ffd4b88418f1d3 (5.17-rc3)
-CVE-2022-48714 [bpf: Use VM_MAP instead of VM_ALLOC for ringbuf]
+CVE-2022-48714 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b293dcc473d22a62dc6d78de2b15e4f49515db56 (5.17-rc3)
-CVE-2022-48713 [perf/x86/intel/pt: Fix crash with stop filters in single-range mode]
+CVE-2022-48713 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/1d9093457b243061a9bba23543c38726e864a643 (5.17-rc3)
-CVE-2022-48712 [ext4: fix error handling in ext4_fc_record_modified_inode()]
+CVE-2022-48712 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/cdce59a1549190b66f8e3fe465c2b2f714b98a94 (5.17-rc3)
-CVE-2022-48711 [tipc: improve size validations for received domain records]
+CVE-2022-48711 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux 5.16.10-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/9aa422ad326634b76309e8ff342c246800621216 (5.17-rc4)
-CVE-2021-47620 [Bluetooth: refactor malicious adv data check]
+CVE-2021-47620 (In the Linux kernel, the following vulnerability has been resolved:  B ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/899663be5e75dc0174dc8bda0b5e6826edf0b29a (5.17-rc1)
-CVE-2021-47619 [i40e: Fix queues reservation for XDP]
+CVE-2021-47619 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/92947844b8beee988c0ce17082b705c2f75f0742 (5.17-rc2)
-CVE-2021-47618 [ARM: 9170/1: fix panic when kasan and kprobe are enabled]
+CVE-2021-47618 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 5.16.7-1
 	NOTE: https://git.kernel.org/linus/8b59b0a53c840921b625378f137e88adfa87647e (5.17-rc2)
-CVE-2021-47617 [PCI: pciehp: Fix infinite loop in IRQ handler upon power fault]
+CVE-2021-47617 (In the Linux kernel, the following vulnerability has been resolved:  P ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.235-1
 	NOTE: https://git.kernel.org/linus/23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12 (5.17-rc1)
-CVE-2021-4439 [isdn: cpai: check ctr->cnr to avoid array index out of bound]
+CVE-2021-4439 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 5.14.16-1
 	[bullseye] - linux 5.10.84-1
 	[buster] - linux 4.19.232-1
@@ -23437,6 +23535,7 @@ CVE-2023-33806 (Insecure default configurations in Hikvision Interactive Tablet
 CVE-2023-3597 (A flaw was found in Keycloak, where it does not correctly validate its ...)
 	NOT-FOR-US: Keycloak
 CVE-2024-31497 (In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation  ...)
+	{DLA-3839-1}
 	- putty 0.81-1
 	[bookworm] - putty <no-dsa> (Minor issue)
 	[bullseye] - putty <no-dsa> (Minor issue)
@@ -24232,7 +24331,7 @@ CVE-2024-5585 (In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* be
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385
 	NOTE: https://github.com/php/php-src/commit/4b15f5d4ec750b31ec8911f5eb0915a45f96feca
 CVE-2024-5458 (In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before  ...)
-	{DLA-3833-1}
+	{DSA-5717-1 DLA-3833-1}
 	- php8.2 <unfixed> (bug #1072885)
 	- php7.4 <removed>
 	[bullseye] - php7.4 <no-dsa> (Minor issue)
@@ -26863,7 +26962,7 @@ CVE-2024-26808 (In the Linux kernel, the following vulnerability has been resolv
 	[bookworm] - linux 6.1.76-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/01acb2e8666a6529697141a6017edbf206921913 (6.8-rc2)
-CVE-2024-26807 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
+CVE-2024-26807 (In the Linux kernel, the following vulnerability has been resolved:  B ...)
 	- linux 6.7.9-1
 	NOTE: https://git.kernel.org/linus/32ce3bb57b6b402de2aec1012511e7ac4e7449dc (6.8-rc7)
 CVE-2024-26806 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
@@ -122019,8 +122118,8 @@ CVE-2022-45931 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL
 	NOT-FOR-US: OpenDaylight
 CVE-2022-45930 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...)
 	NOT-FOR-US: OpenDaylight
-CVE-2022-45929
-	RESERVED
+CVE-2022-45929 (Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x ...)
+	TODO: check
 CVE-2022-45928 (A remote OScript execution issue was discovered in OpenText Content Su ...)
 	NOT-FOR-US: OpenText
 CVE-2022-45927 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...)
@@ -138067,8 +138166,8 @@ CVE-2022-41325 (An integer overflow in the VNC module in VideoLAN VLC Media Play
 	- vlc 3.0.18-1
 	NOTE: https://www.videolan.org/security/sb-vlc3018.html
 	NOTE: https://code.videolan.org/videolan/vlc/-/issues/27335
-CVE-2022-41324
-	RESERVED
+CVE-2022-41324 (Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Inc ...)
+	TODO: check
 CVE-2022-41323 (In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, i ...)
 	{DSA-5254-1}
 	- python-django 3:3.2.16-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79387d27569d76cbb58b87176a73ab4cf9997fc4

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79387d27569d76cbb58b87176a73ab4cf9997fc4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240620/903f3036/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list