[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 16 08:12:15 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d52480e8 by security tracker role at 2024-03-16T08:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,97 +1,163 @@
-CVE-2021-47135 [mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report]
+CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...)
+	TODO: check
+CVE-2024-2308 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2024-2294 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...)
+	TODO: check
+CVE-2024-2042 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source library fo ...)
+	TODO: check
+CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...)
+	TODO: check
+CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...)
+	TODO: check
+CVE-2024-28639 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...)
+	TODO: check
+CVE-2024-28070 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
+	TODO: check
+CVE-2024-28069 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
+	TODO: check
+CVE-2024-27197 (Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows ...)
+	TODO: check
+CVE-2024-27195 (Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Waterm ...)
+	TODO: check
+CVE-2024-27194 (Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Font ...)
+	TODO: check
+CVE-2024-24845 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-24156 (Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github  ...)
+	TODO: check
+CVE-2024-23523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-23298 (A logic issue was addressed with improved state management.)
+	TODO: check
+CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is vulnerable t ...)
+	TODO: check
+CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring Frameworkto parse ...)
+	TODO: check
+CVE-2024-1733 (The Word Replacer Pro plugin for WordPress is vulnerable to unauthoriz ...)
+	TODO: check
+CVE-2024-1685 (The Social Media Share Buttons plugin for WordPress is vulnerable to P ...)
+	TODO: check
+CVE-2024-1239 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2023-6525 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2023-51521 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
+	TODO: check
+CVE-2023-51512 (Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table b ...)
+	TODO: check
+CVE-2023-51510 (Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export ...)
+	TODO: check
+CVE-2023-51491 (Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Sli ...)
+	TODO: check
+CVE-2023-51489 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Cr ...)
+	TODO: check
+CVE-2023-51487 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream ...)
+	TODO: check
+CVE-2023-51486 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce  ...)
+	TODO: check
+CVE-2023-51474 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClass ...)
+	TODO: check
+CVE-2023-51407 (Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Spl ...)
+	TODO: check
+CVE-2023-36483 (An authorization bypass was discovered in the Carrier MASmobile Classi ...)
+	TODO: check
+CVE-2021-47135 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d874e6c06952382897d35bf4094193cd44ae91bd (5.13-rc5)
-CVE-2021-47134 [efi/fdt: fix panic when no valid fdt found]
+CVE-2021-47134 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 5.10.46-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/668a84c1bfb2b3fd5a10847825a854d63fac7baa (5.13-rc5)
-CVE-2021-47133 [HID: amd_sfh: Fix memory leak in amd_sfh_work]
+CVE-2021-47133 (In the Linux kernel, the following vulnerability has been resolved:  H ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/5ad755fd2b326aa2bc8910b0eb351ee6aece21b1 (5.13-rc5)
-CVE-2021-47132 [mptcp: fix sk_forward_memory corruption on retransmission]
+CVE-2021-47132 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b5941f066b4ca331db225a976dae1d6ca8cf0ae3 (5.13-rc5)
-CVE-2021-47131 [net/tls: Fix use-after-free after the TLS device goes down and up]
+CVE-2021-47131 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.46-1
 	NOTE: https://git.kernel.org/linus/c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4 (5.13-rc5)
-CVE-2021-47130 [nvmet: fix freeing unallocated p2pmem]
+CVE-2021-47130 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.46-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/bcd9a0797d73eeff659582f23277e7ab6e5f18f3 (5.13-rc5)
-CVE-2021-47129 [netfilter: nft_ct: skip expectations for confirmed conntrack]
+CVE-2021-47129 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.46-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/1710eb913bdcda3917f44d383c32de6bdabfc836 (5.13-rc5)
-CVE-2021-47128 [bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks]
+CVE-2021-47128 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 5.10.46-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/ff40e51043af63715ab413995ff46996ecf9583f (5.13-rc5)
-CVE-2021-47127 [ice: track AF_XDP ZC enabled queues in bitmap]
+CVE-2021-47127 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e102db780e1c14f10c70dafa7684af22a745b51d (5.13-rc5)
-CVE-2021-47126 [ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions]
+CVE-2021-47126 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 5.10.46-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/821bbf79fe46a8b1d18aa456e8ed0a3c208c3754 (5.13-rc5)
-CVE-2021-47125 [sch_htb: fix refcount leak in htb_parent_to_leaf_offload]
+CVE-2021-47125 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/944d671d5faa0d78980a3da5c0f04960ef1ad893 (5.13-rc5)
-CVE-2021-47124 [io_uring: fix link timeout refs]
+CVE-2021-47124 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a298232ee6b9a1d5d732aa497ff8be0d45b5bd82 (5.13-rc2)
-CVE-2021-47123 [io_uring: fix ltout double free on completion race]
+CVE-2021-47123 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/447c19f3b5074409c794b350b10306e1da1ef4ba (5.13-rc2)
-CVE-2021-47122 [net: caif: fix memory leak in caif_device_notify]
+CVE-2021-47122 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/b53558a950a89824938e9811eddfc8efcd94e1bb (5.13-rc5)
-CVE-2021-47121 [net: caif: fix memory leak in cfusbl_device_notify]
+CVE-2021-47121 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/7f5d86669fa4d485523ddb1d212e0a2d90bd62bb (5.13-rc5)
-CVE-2021-47120 [HID: magicmouse: fix NULL-deref on disconnect]
+CVE-2021-47120 (In the Linux kernel, the following vulnerability has been resolved:  H ...)
 	- linux 5.10.46-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497 (5.13-rc5)
-CVE-2021-47119 [ext4: fix memory leak in ext4_fill_super]
+CVE-2021-47119 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 5.10.46-1
 	NOTE: https://git.kernel.org/linus/afd09b617db3786b6ef3dc43e28fe728cfea84df (5.13-rc5)
-CVE-2021-47118 [pid: take a reference when initializing `cad_pid`]
+CVE-2021-47118 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f (5.13-rc5)
-CVE-2021-47117 [ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed]
+CVE-2021-47117 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/082cd4ec240b8734a82a89ffb890216ac98fec68 (5.13-rc5)
-CVE-2021-47116 [ext4: fix memory leak in ext4_mb_init_backend on error path.]
+CVE-2021-47116 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 5.10.46-1
 	NOTE: https://git.kernel.org/linus/a8867f4e3809050571c98de7a2d465aff5e4daf5 (5.13-rc5)
-CVE-2021-47115 [nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect]
+CVE-2021-47115 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba (5.13-rc5)
-CVE-2021-47114 [ocfs2: fix data corruption by fallocate]
+CVE-2021-47114 (In the Linux kernel, the following vulnerability has been resolved:  o ...)
 	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/6bba4471f0cc1296fe3c2089b9e52442d3074b2e (5.13-rc5)
-CVE-2021-47113 [btrfs: abort in rename_exchange if we fail to insert the second ref]
+CVE-2021-47113 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 5.10.46-1
 	NOTE: https://git.kernel.org/linus/dc09ef3562726cd520c8338c1640872a60187af5 (5.13-rc5)
-CVE-2021-47112 [x86/kvm: Teardown PV features on boot CPU as well]
+CVE-2021-47112 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
 	- linux 5.10.46-1
 	NOTE: https://git.kernel.org/linus/8b79feffeca28c5459458fe78676b081e87c93a4 (5.13-rc2)
-CVE-2021-47111 [xen-netback: take a reference to the RX task thread]
+CVE-2021-47111 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
 	- linux 5.10.46-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/107866a8eb0b664675a260f1ba0655010fac1e08 (5.13-rc6)
-CVE-2021-47110 [x86/kvm: Disable kvmclock on all CPUs on shutdown]
+CVE-2021-47110 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
 	- linux 5.10.46-1
 	NOTE: https://git.kernel.org/linus/c02027b5742b5aa804ef08a4a9db433295533046 (5.13-rc2)
-CVE-2021-47109 [neighbour: allow NUD_NOARP entries to be forced GCed]
+CVE-2021-47109 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.46-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f (5.13-rc7)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d52480e8cf8f326b605955977c6c8c7c004b032b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d52480e8cf8f326b605955977c6c8c7c004b032b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240316/c66961d0/attachment.htm>

More information about the debian-security-tracker-commits mailing list