[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 18 20:12:35 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ee66efae by security tracker role at 2024-03-18T20:12:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,97 +1,345 @@
-CVE-2024-26641 [ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()]
+CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version 4.31. ...)
+ TODO: check
+CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...)
+ TODO: check
+CVE-2024-2597 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...)
+ TODO: check
+CVE-2024-2596 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...)
+ TODO: check
+CVE-2024-2595 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...)
+ TODO: check
+CVE-2024-2594 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...)
+ TODO: check
+CVE-2024-2593 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...)
+ TODO: check
+CVE-2024-2592 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...)
+ TODO: check
+CVE-2024-2591 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...)
+ TODO: check
+CVE-2024-2590 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...)
+ TODO: check
+CVE-2024-2589 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...)
+ TODO: check
+CVE-2024-2588 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...)
+ TODO: check
+CVE-2024-2587 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...)
+ TODO: check
+CVE-2024-2586 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...)
+ TODO: check
+CVE-2024-2585 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...)
+ TODO: check
+CVE-2024-2584 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...)
+ TODO: check
+CVE-2024-2390 (As a part of Tenable\u2019s vulnerability disclosure program, a vulner ...)
+ TODO: check
+CVE-2024-2229 (CWE-502: Deserialization of Untrusted Data vulnerability exists that c ...)
+ TODO: check
+CVE-2024-2052 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...)
+ TODO: check
+CVE-2024-2051 (CWE-307: Improper Restriction of Excessive Authentication Attempts vul ...)
+ TODO: check
+CVE-2024-2050 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...)
+ TODO: check
+CVE-2024-28550 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the file ...)
+ TODO: check
+CVE-2024-28547 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the fire ...)
+ TODO: check
+CVE-2024-28537 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page ...)
+ TODO: check
+CVE-2024-28039 (Improper restriction of XML external entity references vulnerability e ...)
+ TODO: check
+CVE-2024-27937 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
+CVE-2024-27930 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
+CVE-2024-27914 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
+CVE-2024-27774 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...)
+ TODO: check
+CVE-2024-27773 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...)
+ TODO: check
+CVE-2024-27772 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...)
+ TODO: check
+CVE-2024-27771 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...)
+ TODO: check
+CVE-2024-27770 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CW ...)
+ TODO: check
+CVE-2024-27769 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CW ...)
+ TODO: check
+CVE-2024-27768 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE- ...)
+ TODO: check
+CVE-2024-27767 (CWE-287: Improper Authentication may allow Authentication Bypass)
+ TODO: check
+CVE-2024-27104 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
+CVE-2024-27098 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
+CVE-2024-27096 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
+CVE-2024-26125 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26124 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26120 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26119 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26118 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26107 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26106 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26105 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26104 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26103 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26102 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26101 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26096 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26094 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26080 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26073 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26069 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26067 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26065 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26064 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26063 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26062 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26061 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26059 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26056 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26052 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26051 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26050 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26045 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26044 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26043 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26042 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26041 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26040 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26038 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26035 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26034 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26033 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26032 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26031 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26030 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-26028 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-25657 (An open redirect in the Login/Logout functionality of web management i ...)
+ TODO: check
+CVE-2024-25656 (Improper input validation in AVSystem Unified Management Platform (UMP ...)
+ TODO: check
+CVE-2024-25655 (Insecure storage of LDAP passwords in the authentication functionality ...)
+ TODO: check
+CVE-2024-25654 (Insecure permissions for log files of AVSystem Unified Management Plat ...)
+ TODO: check
+CVE-2024-22257 (In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5. ...)
+ TODO: check
+CVE-2024-21662 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+ TODO: check
+CVE-2024-21661 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+ TODO: check
+CVE-2024-21652 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+ TODO: check
+CVE-2024-20768 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-20767 (ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2024-20764 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...)
+ TODO: check
+CVE-2024-20763 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...)
+ TODO: check
+CVE-2024-20762 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...)
+ TODO: check
+CVE-2024-20761 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...)
+ TODO: check
+CVE-2024-20760 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-20757 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-b ...)
+ TODO: check
+CVE-2024-20756 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-b ...)
+ TODO: check
+CVE-2024-20755 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-base ...)
+ TODO: check
+CVE-2024-20754 (Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrus ...)
+ TODO: check
+CVE-2024-20752 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After ...)
+ TODO: check
+CVE-2024-20746 (Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out- ...)
+ TODO: check
+CVE-2024-20745 (Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap- ...)
+ TODO: check
+CVE-2024-1753 (A flaw was found in Buildah (and subsequently Podman Build) which allo ...)
+ TODO: check
+CVE-2024-1658 (The Grid Shortcodes WordPress plugin before 1.1.1 does not validate an ...)
+ TODO: check
+CVE-2024-1606 (Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.2 ...)
+ TODO: check
+CVE-2024-1605 (BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dyn ...)
+ TODO: check
+CVE-2024-1604 (Improper authorization in the report management and creation module of ...)
+ TODO: check
+CVE-2024-1333 (The Responsive Pricing Table WordPress plugin before 5.1.11 does not v ...)
+ TODO: check
+CVE-2024-1331 (The Team Members WordPress plugin before 5.3.2 does not validate and e ...)
+ TODO: check
+CVE-2024-1013 (An out-of-bounds stack write flaw was found in unixODBC on 64-bit arch ...)
+ TODO: check
+CVE-2024-0973 (The Widget for Social Page Feeds WordPress plugin before 6.4 does not ...)
+ TODO: check
+CVE-2024-0951 (The Advanced Social Feeds Widget & Shortcode WordPress plugin through ...)
+ TODO: check
+CVE-2024-0858 (The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF chec ...)
+ TODO: check
+CVE-2024-0820 (The Jobs for WordPress plugin before 2.7.4 does not sanitise and escap ...)
+ TODO: check
+CVE-2024-0780 (The Enjoy Social Feed plugin for WordPress website WordPress plugin th ...)
+ TODO: check
+CVE-2024-0779 (The Enjoy Social Feed plugin for WordPress website WordPress plugin th ...)
+ TODO: check
+CVE-2024-0719 (The Tabs Shortcode and Widget WordPress plugin through 1.17 does not v ...)
+ TODO: check
+CVE-2024-0711 (The Buttons Shortcode and Widget WordPress plugin through 1.16 does no ...)
+ TODO: check
+CVE-2024-0365 (The Fancy Product Designer WordPress plugin before 6.1.5 does not prop ...)
+ TODO: check
+CVE-2023-7236 (The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Inform ...)
+ TODO: check
+CVE-2023-7085 (The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does n ...)
+ TODO: check
+CVE-2023-6821 (The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 cont ...)
+ TODO: check
+CVE-2023-41334 (Astropy is a project for astronomy in Python that fosters interoperabi ...)
+ TODO: check
+CVE-2024-26641 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/8d975c15c0cd744000ca386247432d57b21f9df0 (6.8-rc3)
-CVE-2024-26640 [tcp: add sanity checks to rx zerocopy]
+CVE-2024-26640 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/577e4432f3ac810049cb7e6b71f4d96ec7c6e894 (6.8-rc3)
-CVE-2024-26639 [mm, kmsan: fix infinite recursion due to RCU critical section]
+CVE-2024-26639 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f6564fce256a3944aa1bc76cb3c40e792d97c1eb (6.8-rc3)
-CVE-2024-26638 [nbd: always initialize struct msghdr completely]
+CVE-2024-26638 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/78fbb92af27d0982634116c7a31065f24d092826 (6.8-rc1)
-CVE-2024-26637 [wifi: ath11k: rely on mac80211 debugfs handling for vif]
+CVE-2024-26637 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/556857aa1d0855aba02b1c63bc52b91ec63fc2cc (6.8-rc2)
-CVE-2024-26636 [llc: make llc_ui_sendmsg() more robust against bonding changes]
+CVE-2024-26636 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE: https://git.kernel.org/linus/dad555c816a50c6a6a8a86be1f9177673918c647 (6.8-rc2)
-CVE-2024-26635 [llc: Drop support for ETH_P_TR_802_2.]
+CVE-2024-26635 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE: https://git.kernel.org/linus/e3f9bed9bee261e3347131764e42aeedf1ffea61 (6.8-rc2)
-CVE-2024-26634 [net: fix removing a namespace with conflicting altnames]
+CVE-2024-26634 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d09486a04f5da0a812c26217213b89a3b1acf836 (6.8-rc2)
-CVE-2024-26633 [ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()]
+CVE-2024-26633 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
NOTE: https://git.kernel.org/linus/d375b98e0248980681e5e56b712026174d617198 (6.8-rc1)
-CVE-2024-26632 [block: Fix iterating over an empty bio with bio_for_each_folio_all]
+CVE-2024-26632 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7bed6f3d08b7af27b7015da8dc3acf2b9c1f21d7 (6.8-rc1)
-CVE-2024-26631 [ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work]
+CVE-2024-26631 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2e7ef287f07c74985f1bf2858bedc62bd9ebf155 (6.8-rc1)
-CVE-2023-52619 [pstore/ram: Fix crash when setting number of cpus to an odd number]
+CVE-2023-52619 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/d49270a04623ce3c0afddbf3e984cb245aa48e9c (6.8-rc1)
-CVE-2023-52618 [block/rnbd-srv: Check for unlikely string overflow]
+CVE-2023-52618 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41 (6.8-rc1)
-CVE-2023-52617 [PCI: switchtec: Fix stdev_release() crash after surprise hot remove]
+CVE-2023-52617 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/df25461119d987b8c81d232cfe4411e91dcabe66 (6.8-rc1)
-CVE-2023-52616 [crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init]
+CVE-2023-52616 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.6.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ba3c5574203034781ac4231acf117da917efcd2a (6.8-rc1)
-CVE-2023-52615 [hwrng: core - Fix page fault dead lock on mmap-ed hwrng]
+CVE-2023-52615 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE: https://git.kernel.org/linus/78aafb3884f6bc6636efcc1760c891c8500b9922 (6.8-rc1)
-CVE-2023-52614 [PM / devfreq: Fix buffer overflow in trans_stat_show]
+CVE-2023-52614 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE: https://git.kernel.org/linus/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4 (6.8-rc1)
-CVE-2023-52613 [drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment]
+CVE-2023-52613 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/15ef92e9c41124ee9d88b01208364f3fe1f45f84 (6.8-rc1)
-CVE-2023-52612 [crypto: scomp - fix req->dst buffer overflow]
+CVE-2023-52612 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
NOTE: https://git.kernel.org/linus/744e1885922a9943458954cfea917b31064b4131 (6.8-rc1)
-CVE-2023-52611 [wifi: rtw88: sdio: Honor the host max_req_size in the RX path]
+CVE-2023-52611 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/00384f565a91c08c4bedae167f749b093d10e3fe (6.8-rc1)
-CVE-2023-52610 [net/sched: act_ct: fix skb leak and crash on ooo frags]
+CVE-2023-52610 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3f14b377d01d8357eba032b4cabc8c1149b458b6 (6.8-rc1)
-CVE-2023-52609 [binder: fix race between mmput() and do_exit()]
+CVE-2023-52609 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
@@ -680,7 +928,7 @@ CVE-2023-50677 (An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote
NOT-FOR-US: NETGEAR
CVE-2023-42286 (There is a PHP file inclusion vulnerability in the template configurat ...)
NOT-FOR-US: eyoucms
-CVE-2024-28054
+CVE-2024-28054 (Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its ...)
- amavisd-new 1:2.13.0-5
[bookworm] - amavisd-new <no-dsa> (Minor issue; will be fixed via point release)
[bullseye] - amavisd-new <no-dsa> (Minor issue; will be fixed via point release)
@@ -1865,7 +2113,7 @@ CVE-2024-1696 (In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a us
NOT-FOR-US: Santesoft Sante FFT Imaging
CVE-2024-1487 (The Photos and Files Contest Gallery WordPress plugin before 21.3.1 do ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-2496 [NULL pointer dereference in udevConnectListAllInterfaces()]
+CVE-2024-2496 (A NULL pointer dereference flaw was found in the udevConnectListAllInt ...)
- libvirt 9.8.0-1
[bookworm] - libvirt <no-dsa> (Minor issue)
[bullseye] - libvirt <no-dsa> (Minor issue)
@@ -2705,7 +2953,8 @@ CVE-2023-52606 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.7.7-1
[buster] - linux <ignored> (powerpc not supported in LTS)
NOTE: https://git.kernel.org/linus/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59 (6.8-rc1)
-CVE-2023-52605 (In the Linux kernel, the following vulnerability has been resolved: A ...)
+CVE-2023-52605
+ REJECTED
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/72d9b9747e78979510e9aafdd32eb99c7aa30dd1 (6.8-rc1)
CVE-2023-52604 (In the Linux kernel, the following vulnerability has been resolved: F ...)
@@ -3065,7 +3314,7 @@ CVE-2023-41829 (An improper export vulnerability was reported in the Motorola Ca
NOT-FOR-US: Motorola
CVE-2023-41827 (An improper export vulnerability was reported in the Motorola OTA upda ...)
NOT-FOR-US: Motorola
-CVE-2024-2002
+CVE-2024-2002 (A double-free vulnerability was found in libdwarf. In a multiply-corru ...)
- dwarfutils <unfixed> (bug #1065511)
[bookworm] - dwarfutils <no-dsa> (Minor issue)
[bullseye] - dwarfutils <no-dsa> (Minor issue)
@@ -9553,7 +9802,7 @@ CVE-2023-42282 (The ip package before 1.1.9 for Node.js might allow SSRF because
NOTE: https://github.com/indutny/node-ip/issues/136
NOTE: https://github.com/indutny/node-ip/issues/144
CVE-2024-0985 (Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in Postg ...)
- {DSA-5623-1 DSA-5622-1}
+ {DSA-5623-1 DSA-5622-1 DLA-3764-1}
- postgresql-16 16.2-1
- postgresql-15 <removed>
- postgresql-13 <removed>
@@ -14865,7 +15114,8 @@ CVE-2024-0412 (A vulnerability was found in DeShang DSShop up to 3.1.0. It has b
NOT-FOR-US: DeShang DSShop
CVE-2024-0411 (A vulnerability was found in DeShang DSMall up to 6.1.0. It has been c ...)
NOT-FOR-US: DeShang DSMall
-CVE-2024-0227 (Devise-Two-Factor does not throttle or otherwise restrict login attemp ...)
+CVE-2024-0227
+ REJECTED
NOT-FOR-US: Devise-Two-Factor
CVE-2023-7071 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...)
NOT-FOR-US: WordPress plugin
@@ -18201,6 +18451,7 @@ CVE-2023-49356 (A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows a
NOTE: https://github.com/linzc21/bug-reports/blob/main/reports/mp3gain/1.6.2/stack-buffer-overflow/CVE-2023-49356.md
NOTE: Likely the same and duplicate of CVE-2018-10777 and covered by the same fixes applied
CVE-2023-49088 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DLA-3765-1}
- cacti 1.2.26+ds1-1
NOTE: Caused by an incomplete fix for CVE-2023-39515
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x
@@ -18210,6 +18461,7 @@ CVE-2023-49088 (Cacti is an open source operational monitoring and fault managem
NOTE: https://github.com/Cacti/cacti/commit/59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b (release/1.2.26)
NOTE: https://github.com/Cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 (1.2.x)
CVE-2023-49085 (Cacti provides an operational monitoring and fault management framewor ...)
+ {DLA-3765-1}
- cacti 1.2.26+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855
NOTE: https://github.com/Cacti/cacti/commit/5f451bc680d7584525d18026836af2a1e31b2188 (release/1.2.26)
@@ -18328,10 +18580,12 @@ CVE-2023-49678
CVE-2023-49677 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
NOT-FOR-US: Job Portal
CVE-2023-49086 (Cacti is a robust performance and fault management framework and a fro ...)
+ {DLA-3765-1}
- cacti 1.2.26+ds1-1 (bug #1059254)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr
NOTE: https://github.com/Cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 (1.2.x)
CVE-2023-49084 (Cacti is a robust performance and fault management framework and a fro ...)
+ {DLA-3765-1}
- cacti 1.2.26+ds1-1 (bug #1059254)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
NOTE: https://github.com/Cacti/cacti/commit/5f451bc680d7584525d18026836af2a1e31b2188 (release/1.2.26)
@@ -36978,12 +37232,12 @@ CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain a SQL injection vul
CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation WebClient v. ...)
NOT-FOR-US: IceWarp
CVE-2023-39516 (Cacti is an open source operational monitoring and fault management fr ...)
- {DSA-5550-1}
+ {DSA-5550-1 DLA-3765-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-r8qq-88g3-hmgv
NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e (release/1.2.25)
CVE-2023-39515 (Cacti is an open source operational monitoring and fault management fr ...)
- {DSA-5550-1}
+ {DSA-5550-1 DLA-3765-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e (release/1.2.25)
@@ -36997,6 +37251,7 @@ CVE-2023-39514 (Cacti is an open source operational monitoring and fault managem
NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e (release/1.2.25)
NOTE: Introduced by: https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2 (release/1.2.17)
CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DLA-3765-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f2j-2rw2
NOTE: Initial fix (partially reverted): https://github.com/Cacti/cacti/commit/976f44dd8dfb2410e0dba00de9c4bbca17ee8910 (release/1.2.25)
@@ -37027,19 +37282,19 @@ CVE-2023-39366 (Cacti is an open source operational monitoring and fault managem
NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009 (release/1.2.25)
NOTE: Introduced by: https://github.com/Cacti/cacti/commit/befc9005e99fdb44aa4b09b87fadced2f21539a6 (release/1.2.20)
CVE-2023-39365 (Cacti is an open source operational monitoring and fault management fr ...)
- {DSA-5550-1}
+ {DSA-5550-1 DLA-3765-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1499/
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1500/
NOTE: https://github.com/cacti/cacti/commit/f775c115e9d6e4b6a326eee682af8afebc43f20e (release/1.2.25)
CVE-2023-39364 (Cacti is an open source operational monitoring and fault management fr ...)
- {DSA-5550-1}
+ {DSA-5550-1 DLA-3765-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x
NOTE: https://github.com/Cacti/cacti/commit/05bf9dd89d056c7de9591396d92b25ddf140c0da (release/1.2.25)
CVE-2023-39362 (Cacti is an open source operational monitoring and fault management fr ...)
- {DSA-5550-1}
+ {DSA-5550-1 DLA-3765-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp
NOTE: https://github.com/cacti/cacti/commit/cb9ab92f2580fc6cb9b64ce129655fb15e35d056 (release/1.2.25)
@@ -37047,7 +37302,7 @@ CVE-2023-39362 (Cacti is an open source operational monitoring and fault managem
NOTE: snmp_escape_string broken and non-exploitable until https://github.com/Cacti/cacti/commit/c66d5815b8381eaa7ef679abc8d041f23105ef34 (release/1.2.23)
NOTE: Requires php-snmp be disabled.
CVE-2023-39361 (Cacti is an open source operational monitoring and fault management fr ...)
- {DSA-5550-1}
+ {DSA-5550-1 DLA-3765-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg
NOTE: https://github.com/cacti/cacti/commit/4246aee6310846d0e106bd05279e54fff3765822 (release/1.2.25)
@@ -37055,6 +37310,7 @@ CVE-2023-39361 (Cacti is an open source operational monitoring and fault managem
NOTE: but the patch still fixes multiple similar issues including one present in earlier versions.
NOTE: Additional hardening with CVE-2023-39365.
CVE-2023-39360 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DLA-3765-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4
NOTE: Initial fix: https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2 (release/1.2.25)
@@ -37077,7 +37333,7 @@ CVE-2023-39358 (Cacti is an open source operational monitoring and fault managem
NOTE: https://github.com/cacti/cacti/commit/58a2df17c94fda1cdae74613153524ad1a6aae82 (release/1.2.25)
NOTE: Introduced by: https://github.com/cacti/cacti/commit/26e2dbacf298265ce9e517f6f1f008ec46167b5d (release/1.2.20)
CVE-2023-39357 (Cacti is an open source operational monitoring and fault management fr ...)
- {DSA-5550-1}
+ {DSA-5550-1 DLA-3765-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg
NOTE: https://github.com/cacti/cacti/commit/21f6b5c9238b3e8c83f2c9295374d96eb104f21d (release/1.2.25)
@@ -43869,7 +44125,7 @@ CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, craftin
NOT-FOR-US: Creston
CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations Manager (VI ...)
NOT-FOR-US: Veritas InfoScale
-CVE-2023-7250
+CVE-2023-7250 (A flaw was found in iperf, a utility for testing network performance u ...)
- iperf3 3.15-1
NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2023-0002.txt.asc
NOTE: https://github.com/esnet/iperf/commit/5e3704dd850a5df2fb2b3eafd117963d017d07b4 (3.15)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee66efae4b6706180b7460a34a274e2a159eb829
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee66efae4b6706180b7460a34a274e2a159eb829
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240318/3aac71e6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list