[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 4 20:12:09 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
71bb9f02 by security tracker role at 2024-03-04T20:11:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,129 +1,215 @@
-CVE-2021-47108 [drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf]
+CVE-2024-2167
+ REJECTED
+CVE-2024-2048 (Vault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth me ...)
+ TODO: check
+CVE-2024-27889 (Multiple SQL Injection vulnerabilities exist in the reporting applicat ...)
+ TODO: check
+CVE-2024-27694 (FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CS ...)
+ TODO: check
+CVE-2024-27684 (A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, ...)
+ TODO: check
+CVE-2024-27680 (Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the " ...)
+ TODO: check
+CVE-2024-27668 (Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custo ...)
+ TODO: check
+CVE-2024-27199 (In JetBrains TeamCity before 2023.11.4 path traversal allowing to perf ...)
+ TODO: check
+CVE-2024-27198 (In JetBrains TeamCity before 2023.11.4 authentication bypass allowing ...)
+ TODO: check
+CVE-2024-24901 (Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient lo ...)
+ TODO: check
+CVE-2024-22463 (Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken ...)
+ TODO: check
+CVE-2024-22452 (Dell Display and Peripheral Manager for macOS prior to 1.3 contains an ...)
+ TODO: check
+CVE-2024-1788
+ REJECTED
+CVE-2024-0686
+ REJECTED
+CVE-2024-0156 (Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Ov ...)
+ TODO: check
+CVE-2024-0155 (Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After ...)
+ TODO: check
+CVE-2023-6241 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...)
+ TODO: check
+CVE-2023-6143 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...)
+ TODO: check
+CVE-2023-6068 (On affected 7130 Series FPGA platforms running MOS and recent versions ...)
+ TODO: check
+CVE-2023-5451 (Forcepoint NGFW Security Management Center Management Server has SMC ...)
+ TODO: check
+CVE-2023-43553 (Memory corruption while parsing beacon/probe response frame when AP se ...)
+ TODO: check
+CVE-2023-43552 (Memory corruption while processing MBSSID beacon containing several su ...)
+ TODO: check
+CVE-2023-43550 (Memory corruption while processing a QMI request for allocating memory ...)
+ TODO: check
+CVE-2023-43549 (Memory corruption while processing TPC target power table in FTM TPC.)
+ TODO: check
+CVE-2023-43548 (Memory corruption while parsing qcp clip with invalid chunk data size.)
+ TODO: check
+CVE-2023-43547 (Memory corruption while invoking IOCTLs calls in Automotive Multimedia ...)
+ TODO: check
+CVE-2023-43546 (Memory corruption while invoking HGSL IOCTL context create.)
+ TODO: check
+CVE-2023-43541 (Memory corruption while invoking the SubmitCommands call on Gfx engine ...)
+ TODO: check
+CVE-2023-43540 (Memory corruption while processing the IOCTL FM HCI WRITE request.)
+ TODO: check
+CVE-2023-43539 (Transient DOS while processing an improperly formatted 802.11az Fine T ...)
+ TODO: check
+CVE-2023-38362 (IBM CICS TX Advanced 10.1 could disclose sensitive information to a re ...)
+ TODO: check
+CVE-2023-38360 (IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This ...)
+ TODO: check
+CVE-2023-33105 (Transient DOS in WLAN Host and Firmware when large number of open auth ...)
+ TODO: check
+CVE-2023-33104 (Transient DOS while processing PDU Release command with a parameter PD ...)
+ TODO: check
+CVE-2023-33103 (Transient DOS while processing CAG info IE received from NW.)
+ TODO: check
+CVE-2023-33096 (Transient DOS while processing DL NAS Transport message, as specified ...)
+ TODO: check
+CVE-2023-33095 (Transient DOS while processing multiple payload container type with in ...)
+ TODO: check
+CVE-2023-33090 (Transient DOS while processing channel information for speaker protect ...)
+ TODO: check
+CVE-2023-33086 (Transient DOS while processing multiple IKEV2 Informational Request to ...)
+ TODO: check
+CVE-2023-33084 (Transient DOS while processing IE fragments from server during DTLS ha ...)
+ TODO: check
+CVE-2023-33078 (Information Disclosure while processing IOCTL request in FastRPC.)
+ TODO: check
+CVE-2023-33066 (Memory corruption in Audio while processing RT proxy port register dri ...)
+ TODO: check
+CVE-2023-32331 (IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow ...)
+ TODO: check
+CVE-2021-47108 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3b8e19a0aa3933a785be9f1541afd8d398c4ec69 (5.16-rc7)
-CVE-2021-47107 [NFSD: Fix READDIR buffer overflow]
+CVE-2021-47107 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/53b1119a6e5028b125f431a0116ba73510d82a72 (5.16-rc7)
-CVE-2021-47106 [netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()]
+CVE-2021-47106 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0f7d9b31ce7abdbb29bf018131ac920c9f698518 (5.16-rc7)
-CVE-2021-47105 [ice: xsk: return xsk buffers back to pool when cleaning the ring]
+CVE-2021-47105 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05 (5.16-rc7)
-CVE-2021-47104 [IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()]
+CVE-2021-47104 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/bee90911e0138c76ee67458ac0d58b38a3190f65 (5.16-rc7)
-CVE-2021-47103 [inet: fully convert sk->sk_rx_dst to RCU rules]
+CVE-2021-47103 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.158-1
[buster] - linux 4.19.269-1
NOTE: https://git.kernel.org/linus/8f905c0e7354ef261360fb7535ea079b1082c105 (5.16-rc7)
-CVE-2021-47102 [net: marvell: prestera: fix incorrect structure access]
+CVE-2021-47102 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2efc2256febf214e7b2bdaa21fe6c3c3146acdcb (5.16-rc7)
-CVE-2021-47101 [asix: fix uninit-value in asix_mdio_read()]
+CVE-2021-47101 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 5.15.15-1
NOTE: https://git.kernel.org/linus/8035b1a2a37a29d8c717ef84fca8fe7278bc9f03 (5.16-rc7)
-CVE-2021-47100 [ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module]
+CVE-2021-47100 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/ffb76a86f8096a8206be03b14adda6092e18e275 (5.16-rc7)
-CVE-2021-47099 [veth: ensure skb entering GRO are not cloned.]
+CVE-2021-47099 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9695b7de5b4760ed22132aca919570c0190cb0ce (5.16-rc7)
-CVE-2021-47098 [hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations]
+CVE-2021-47098 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/55840b9eae5367b5d5b29619dc2fb7e4596dba46 (5.16-rc7)
-CVE-2021-47097 [Input: elantech - fix stack out of bound access in elantech_change_report_id()]
+CVE-2021-47097 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1d72d9f960ccf1052a0630a68c3d358791dbdaaa (5.16-rc7)
-CVE-2021-47096 [ALSA: rawmidi - fix the uninitalized user_pversion]
+CVE-2021-47096 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/39a8fc4971a00d22536aeb7d446ee4a97810611b (5.16-rc7)
-CVE-2021-47095 [ipmi: ssif: initialize ssif_info->client early]
+CVE-2021-47095 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/34f35f8f14bc406efc06ee4ff73202c6fd245d15 (5.16-rc7)
-CVE-2021-47094 [KVM: x86/mmu: Don't advance iterator after restart due to yielding]
+CVE-2021-47094 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3a0f64de479cae75effb630a2e0a237ca0d0623c (5.16-rc7)
-CVE-2021-47093 [platform/x86: intel_pmc_core: fix memleak on registration failure]
+CVE-2021-47093 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/26a8b09437804fabfb1db080d676b96c0de68e7c (5.16-rc7)
-CVE-2021-47092 [KVM: VMX: Always clear vmx->fail on emulation_required]
+CVE-2021-47092 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a80dfc025924024d2c61a4c1b8ef62b2fce76a04 (5.16-rc7)
-CVE-2021-47091 [mac80211: fix locking in ieee80211_start_ap error path]
+CVE-2021-47091 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/87a270625a89fc841f1a7e21aae6176543d8385c (5.16-rc7)
-CVE-2021-47090 [mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()]
+CVE-2021-47090 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2a57d83c78f889bf3f54eede908d0643c40d5418 (5.16-rc7)
-CVE-2021-47089 [kfence: fix memory leak when cat kfence objects]
+CVE-2021-47089 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0129ab1f268b6cf88825eae819b9b84aa0a85634 (5.16-rc7)
-CVE-2021-47088 [mm/damon/dbgfs: protect targets destructions with kdamond_lock]
+CVE-2021-47088 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/34796417964b8d0aef45a99cf6c2d20cebe33733 (5.16-rc7)
-CVE-2021-47087 [tee: optee: Fix incorrect page free bug]
+CVE-2021-47087 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/18549bf4b21c739a9def39f27dcac53e27286ab5 (5.16-rc7)
-CVE-2021-47086 [phonet/pep: refuse to enable an unbound pipe]
+CVE-2021-47086 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/75a2f31520095600f650597c0ac41f48b5ba0068 (5.16-rc7)
-CVE-2021-47085 [hamradio: improve the incomplete fix to avoid NPD]
+CVE-2021-47085 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/b2f37aead1b82a770c48b5d583f35ec22aabb61e (5.16-rc7)
-CVE-2021-47084 [hamradio: defer ax25 kfree after unregister_netdev]
+CVE-2021-47084 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/3e0588c291d6ce225f2b891753ca41d45ba42469 (5.16-rc1)
-CVE-2021-47083 [pinctrl: mediatek: fix global-out-of-bounds issue]
+CVE-2021-47083 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
NOTE: https://git.kernel.org/linus/2d5446da5acecf9c67db1c9d55ae2c3e5de01f8d (5.16-rc7)
-CVE-2021-47082 [tun: avoid double free in tun_free_netdev]
+CVE-2021-47082 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.136-1
[buster] - linux 4.19.282-1
@@ -57523,16 +57609,16 @@ CVE-2023-28584 (Transient DOS in WLAN Host when a mobile station receives invali
NOT-FOR-US: Qualcomm
CVE-2023-28583 (Memory corruption when IPv6 prefix timer object`s lifetime expires whi ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28582
- RESERVED
+CVE-2023-28582 (Memory corruption in Data Modem while verifying hello-verify message d ...)
+ TODO: check
CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK Keys in ...)
NOT-FOR-US: Qualcomm
CVE-2023-28580 (Memory corruption in WLAN Host while setting the PMK length in PMK len ...)
NOT-FOR-US: Qualcomm
CVE-2023-28579 (Memory Corruption in WLAN Host while deserializing the input PMK bytes ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28578
- RESERVED
+CVE-2023-28578 (Memory corruption in Core Services while executing the command for rem ...)
+ TODO: check
CVE-2023-28577 (In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no ch ...)
NOT-FOR-US: Qualcomm
CVE-2023-28576 (The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may ...)
@@ -94249,8 +94335,8 @@ CVE-2022-43892 (IBM Security Verify Privilege On-Premises 11.5 does not validate
NOT-FOR-US: IBM
CVE-2022-43891 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...)
NOT-FOR-US: IBM
-CVE-2022-43890
- RESERVED
+CVE-2022-43890 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...)
+ TODO: check
CVE-2022-43889 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...)
NOT-FOR-US: IBM
CVE-2022-43888
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71bb9f02ef1dfa96fe093cdad6b940ece9991818
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71bb9f02ef1dfa96fe093cdad6b940ece9991818
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240304/f22e3340/attachment.htm>
More information about the debian-security-tracker-commits
mailing list