[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 25 20:12:32 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72c71dc6 by security tracker role at 2024-03-25T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,200 +1,264 @@
-CVE-2021-47180 [NFC: nci: fix memory leak in nci_allocate_device]
+CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote files to b ...)
+ TODO: check
+CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for e-mail a ...)
+ TODO: check
+CVE-2024-30203 (In Emacs before 29.3, Gnus treats inline MIME contents as trusted.)
+ TODO: check
+CVE-2024-30202 (In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turn ...)
+ TODO: check
+CVE-2024-2865 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring platform syst ...)
+ TODO: check
+CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker ...)
+ TODO: check
+CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...)
+ TODO: check
+CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...)
+ TODO: check
+CVE-2024-28850 (WP Crontrol controls the cron events on WordPress websites. WP Crontr ...)
+ TODO: check
+CVE-2024-28435 (The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file u ...)
+ TODO: check
+CVE-2024-28434 (The CRM platform Twenty is vulnerable to stored cross site scripting v ...)
+ TODO: check
+CVE-2024-28393 (SQL injection vulnerability in scalapay v.1.2.41 and before allows a r ...)
+ TODO: check
+CVE-2024-28387 (An issue in axonaut v.3.1.23 and before allows a remote attacker to ob ...)
+ TODO: check
+CVE-2024-28386 (An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remo ...)
+ TODO: check
+CVE-2024-28246 (KaTeX is a JavaScript library for TeX math rendering on the web. Code ...)
+ TODO: check
+CVE-2024-28245 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...)
+ TODO: check
+CVE-2024-28244 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...)
+ TODO: check
+CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...)
+ TODO: check
+CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...)
+ TODO: check
+CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
+ TODO: check
+CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
+ TODO: check
+CVE-2024-28106 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
+ TODO: check
+CVE-2024-28105 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
+ TODO: check
+CVE-2024-27300 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
+ TODO: check
+CVE-2024-27299 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
+ TODO: check
+CVE-2024-25964 (Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing ...)
+ TODO: check
+CVE-2024-25175 (An issue in Kickdler before v1.107.0 allows attackers to provide an XS ...)
+ TODO: check
+CVE-2024-25002 (Command Injection in the diagnostics interface of the Bosch Network Sy ...)
+ TODO: check
+CVE-2023-48296 (OroPlatform is a PHP Business Application Platform (BAP). Navigation ...)
+ TODO: check
+CVE-2023-45824 (OroPlatform is a PHP Business Application Platform (BAP). A logged in ...)
+ TODO: check
+CVE-2021-47180 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/e0652f8bb44d6294eeeac06d703185357f25d50b (5.13-rc4)
-CVE-2021-47179 [NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()]
+CVE-2021-47179 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/a421d218603ffa822a0b8045055c03eae394a7eb (5.13-rc4)
-CVE-2021-47178 [scsi: target: core: Avoid smp_processor_id() in preemptible code]
+CVE-2021-47178 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/70ca3c57ff914113f681e657634f7fbfa68e1ad1 (5.13-rc4)
-CVE-2021-47177 [iommu/vt-d: Fix sysfs leak in alloc_iommu()]
+CVE-2021-47177 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/0ee74d5a48635c848c20f152d0d488bf84641304 (5.13-rc4)
-CVE-2021-47176 [s390/dasd: add missing discipline function]
+CVE-2021-47176 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.178-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c0c8a8397fa8a74d04915f4d3d28cb4a5d401427 (5.13-rc4)
-CVE-2021-47175 [net/sched: fq_pie: fix OOB access in the traffic path]
+CVE-2021-47175 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e70f7a11876a1a788ceadf75e9e5f7af2c868680 (5.13-rc4)
-CVE-2021-47174 [netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version]
+CVE-2021-47174 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f0b3d338064e1fe7531f0d2977e35f3b334abfb4 (5.13-rc4)
-CVE-2021-47173 [misc/uss720: fix memory leak in uss720_probe]
+CVE-2021-47173 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/dcb4b8ad6a448532d8b681b5d1a7036210b622de (5.13-rc4)
-CVE-2021-47172 [iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers]
+CVE-2021-47172 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f2a772c51206b0c3f262e4f6a3812c89a650191b (5.13-rc4)
-CVE-2021-47171 [net: usb: fix memory leak in smsc75xx_bind]
+CVE-2021-47171 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/46a8b29c6306d8bbfd92b614ef65a47c900d8e70 (5.13-rc4)
-CVE-2021-47170 [USB: usbfs: Don't WARN about excessively large memory allocations]
+CVE-2021-47170 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de (5.13-rc4)
-CVE-2021-47169 [serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait']
+CVE-2021-47169 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/016002848c82eeb5d460489ce392d91fe18c475c (5.13-rc4)
-CVE-2021-47168 [NFS: fix an incorrect limit in filelayout_decode_layout()]
+CVE-2021-47168 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8 (5.13-rc4)
-CVE-2021-47167 [NFS: Fix an Oopsable condition in __nfs_pageio_add_request()]
+CVE-2021-47167 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
NOTE: https://git.kernel.org/linus/56517ab958b7c11030e626250c00b9b1a24b41eb (5.13-rc4)
-CVE-2021-47166 [NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()]
+CVE-2021-47166 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/0d0ea309357dea0d85a82815f02157eb7fcda39f (5.13-rc4)
-CVE-2021-47165 [drm/meson: fix shutdown crash when component not probed]
+CVE-2021-47165 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2 (5.13-rc4)
-CVE-2021-47164 [net/mlx5e: Fix null deref accessing lag dev]
+CVE-2021-47164 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/83026d83186bc48bb41ee4872f339b83f31dfc55 (5.13-rc4)
-CVE-2021-47163 [tipc: wait and exit until all work queues are done]
+CVE-2021-47163 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
NOTE: https://git.kernel.org/linus/04c26faa51d1e2fe71cf13c45791f5174c37f986 (5.13-rc4)
-CVE-2021-47162 [tipc: skb_linearize the head skb when reassembling msgs]
+CVE-2021-47162 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/b7df21cf1b79ab7026f545e7bf837bd5750ac026 (5.13-rc4)
-CVE-2021-47161 [spi: spi-fsl-dspi: Fix a resource leak in an error handling path]
+CVE-2021-47161 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/680ec0549a055eb464dce6ffb4bfb736ef87236e (5.13-rc4)
-CVE-2021-47160 [net: dsa: mt7530: fix VLAN traffic leaks]
+CVE-2021-47160 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/474a2ddaa192777522a7499784f1d60691cd831a (5.13-rc4)
-CVE-2021-47159 [net: dsa: fix a crash if ->get_sset_count() fails]
+CVE-2021-47159 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/a269333fa5c0c8e53c92b5a28a6076a28cde3e83 (5.13-rc4)
-CVE-2021-47158 [net: dsa: sja1105: add error handling in sja1105_setup()]
+CVE-2021-47158 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cec279a898a3b004411682f212215ccaea1cd0fb (5.13-rc4)
-CVE-2021-47153 [i2c: i801: Don't generate an interrupt on bus reset]
+CVE-2021-47153 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/e4d8716c3dcec47f1557024add24e1f3c09eb24b (5.13-rc4)
-CVE-2021-47152 [mptcp: fix data stream corruption]
+CVE-2021-47152 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/29249eac5225429b898f278230a6ca2baa1ae154 (5.13-rc4)
-CVE-2021-47151 [interconnect: qcom: bcm-voter: add a missing of_node_put()]
+CVE-2021-47151 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a00593737f8bac2c9e97b696e7ff84a4446653e8 (5.13-rc4)
-CVE-2021-47150 [net: fec: fix the potential memory leak in fec_enet_init()]
+CVE-2021-47150 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/619fee9eb13b5d29e4267cb394645608088c28a8 (5.13-rc4)
-CVE-2021-47149 [net: fujitsu: fix potential null-ptr-deref]
+CVE-2021-47149 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/52202be1cd996cde6e8969a128dc27ee45a7cb5e (5.13-rc3)
-CVE-2021-47148 [octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context()]
+CVE-2021-47148 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 5.14.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e5cc361e21648b75f935f9571d4003aaee480214 (5.13-rc4)
-CVE-2021-47147 [ptp: ocp: Fix a resource leak in an error handling path]
+CVE-2021-47147 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 5.14.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4 (5.13-rc4)
-CVE-2021-47146 [mld: fix panic in mld_newpack()]
+CVE-2021-47146 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/020ef930b826d21c5446fdc9db80fd72a791bc21 (5.13-rc4)
-CVE-2021-47145 [btrfs: do not BUG_ON in link_to_fixup_dir]
+CVE-2021-47145 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d (5.13-rc3)
-CVE-2021-47144 [drm/amd/amdgpu: fix refcount leak]
+CVE-2021-47144 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/fa7e6abc75f3d491bc561734312d065dc9dc2a77 (5.13-rc3)
-CVE-2021-47143 [net/smc: remove device from smcd_dev_list after failed device_add()]
+CVE-2021-47143 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
NOTE: https://git.kernel.org/linus/444d7be9532dcfda8e0385226c862fd7e986f607 (5.13-rc4)
-CVE-2021-47142 [drm/amdgpu: Fix a use-after-free]
+CVE-2021-47142 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/1e5c37385097c35911b0f8a0c67ffd10ee1af9a2 (5.13-rc3)
-CVE-2021-47141 [gve: Add NULL pointer checks when freeing irqs.]
+CVE-2021-47141 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5218e919c8d06279884aa0baf76778a6817d5b93 (5.13-rc4)
-CVE-2021-47140 [iommu/amd: Clear DMA ops when switching domain]
+CVE-2021-47140 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.14.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d6177a6556f853785867e2ec6d5b7f4906f0d809 (5.13-rc4)
-CVE-2021-47139 [net: hns3: put off calling register_netdev() until client initialize complete]
+CVE-2021-47139 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a289a7e5c1d49b7d47df9913c1cc81fb48fab613 (5.13-rc4)
-CVE-2021-47138 [cxgb4: avoid accessing registers when clearing filters]
+CVE-2021-47138 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/88c380df84fbd03f9b137c2b9d0a44b9f2f553b0 (5.13-rc4)
-CVE-2021-47137 [net: lantiq: fix memory corruption in RX ring]
+CVE-2021-47137 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20 (5.13-rc4)
-CVE-2021-47136 [net: zero-initialize tc skb extension on allocation]
+CVE-2021-47136 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -409,7 +473,7 @@ CVE-2024-2228 (This vulnerability allows an authenticated user to perform a Life
CVE-2024-2227 (This vulnerability allows access to arbitrary files in the application ...)
NOT-FOR-US: Sailpoint
CVE-2024-29944 (An attacker was able to inject an event handler into a privileged obje ...)
- {DSA-5645-1}
+ {DSA-5645-1 DLA-3775-1}
- firefox 124.0.1-1 (bug #1067523)
- firefox-esr 115.9.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29944
@@ -1393,7 +1457,7 @@ CVE-2024-27439 (An error in the evaluation of the fetch metadata headers could a
CVE-2024-24683 (Improper Input Validation vulnerability in Apache Hop Engine.This issu ...)
NOT-FOR-US: Apache Hop Engine
CVE-2024-2616 (To harden ICU against exploitation, the behavior for out-of-memory con ...)
- {DSA-5644-1 DSA-5643-1 DLA-3769-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2616
@@ -1402,7 +1466,7 @@ CVE-2024-2615 (Memory safety bugs present in Firefox 123. Some of these bugs sho
- firefox 124.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2615
CVE-2024-2614 (Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thun ...)
- {DSA-5644-1 DSA-5643-1 DLA-3769-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -1413,7 +1477,7 @@ CVE-2024-2613 (Data was not properly sanitized when decoding a QUIC ACK frame; t
- firefox 124.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2613
CVE-2024-2612 (If an attacker could find a way to trigger a particular code path in ` ...)
- {DSA-5644-1 DSA-5643-1 DLA-3769-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -1421,7 +1485,7 @@ CVE-2024-2612 (If an attacker could find a way to trigger a particular code path
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2612
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2612
CVE-2024-2611 (A missing delay on when pointer lock was used could have allowed a mal ...)
- {DSA-5644-1 DSA-5643-1 DLA-3769-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -1429,7 +1493,7 @@ CVE-2024-2611 (A missing delay on when pointer lock was used could have allowed
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2611
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2611
CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce values. T ...)
- {DSA-5644-1 DSA-5643-1 DLA-3769-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -1440,7 +1504,7 @@ CVE-2024-2609 (The permission prompt input delay could have expired while the wi
- firefox 124.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ...)
- {DSA-5644-1 DSA-5643-1 DLA-3769-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -1448,7 +1512,7 @@ CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2608
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2608
CVE-2024-2607 (Return registers were overwritten which could have allowed an attacker ...)
- {DSA-5644-1 DSA-5643-1 DLA-3769-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -1954,6 +2018,7 @@ CVE-2024-22475 (Cross-site request forgery vulnerability in multiple printers an
CVE-2024-21824 (Improper authentication vulnerability in exists in multiple printers a ...)
NOT-FOR-US: BROTHER
CVE-2023-52159 (A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x ...)
+ {DLA-3774-1}
- gross 1.0.2-4.1 (bug #1067115)
[bookworm] - gross <no-dsa> (Minor issue)
[bullseye] - gross <no-dsa> (Minor issue)
@@ -8709,6 +8774,7 @@ CVE-2024-1669 (Out of bounds memory access in Blink in Google Chrome prior to 12
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-1481 [specially crafted HTTP requests potentially lead to DoS or data exposure]
+ {DLA-3773-1}
- freeipa <unfixed> (bug #1065106)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262169
NOTE: https://pagure.io/freeipa/issue/9541
@@ -14582,7 +14648,7 @@ CVE-2024-0744 (In some circumstances, JIT compiled code could have dereferenced
- firefox 122.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0744
CVE-2024-0743 (An unchecked return value in TLS handshake code could have caused a po ...)
- {DSA-5644-1 DSA-5643-1 DLA-3769-1 DLA-3757-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1 DLA-3757-1}
- firefox 122.0-1
- firefox-esr 115.9.0esr-1
- nss 2:3.96.1-1
@@ -31334,7 +31400,7 @@ CVE-2023-39333
NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333
NOTE: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca
CVE-2023-5388 (NSS was susceptible to a timing side-channel attack when performing RS ...)
- {DSA-5644-1 DSA-5643-1 DLA-3769-1 DLA-3757-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1 DLA-3757-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- nss 2:3.98-1 (bug #1056284)
@@ -65951,8 +66017,8 @@ CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDe
NOT-FOR-US: TransbankDevelopers Transbank Webpay
CVE-2023-27609
RESERVED
-CVE-2023-27608
- RESERVED
+CVE-2023-27608 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...)
+ TODO: check
CVE-2023-27607 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP R ...)
@@ -73488,8 +73554,8 @@ CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ct
NOT-FOR-US: WordPress theme
CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25039
- RESERVED
+CVE-2023-25039 (Missing Authorization vulnerability in CodePeople Google Maps CP.This ...)
+ TODO: check
CVE-2023-25038 (Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25037
@@ -80907,8 +80973,8 @@ CVE-2023-22701
RESERVED
CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...)
NOT-FOR-US: PixelYourSite
-CVE-2023-22699
- RESERVED
+CVE-2023-22699 (Missing Authorization vulnerability in MainWP MainWP Wordfence Extensi ...)
+ TODO: check
CVE-2023-22698 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22697
@@ -91002,8 +91068,8 @@ CVE-2022-45853 (The privilege escalation vulnerability in the Zyxel GS1900-8 fir
NOT-FOR-US: Zyxel
CVE-2022-45852
RESERVED
-CVE-2022-45851
- RESERVED
+CVE-2022-45851 (Missing Authorization vulnerability in ShareThis ShareThis Dashboard f ...)
+ TODO: check
CVE-2022-45850
RESERVED
CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
@@ -92653,22 +92719,22 @@ CVE-2022-45358 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnera
NOT-FOR-US: WordPress plugin
CVE-2022-45357 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45356
- RESERVED
+CVE-2022-45356 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...)
+ TODO: check
CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45354 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45353 (Broken Access Control inBetheme theme <= 26.6.1 on WordPress.)
NOT-FOR-US: WordPress theme
-CVE-2022-45352
- RESERVED
-CVE-2022-45351
- RESERVED
+CVE-2022-45352 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...)
+ TODO: check
+CVE-2022-45351 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...)
+ TODO: check
CVE-2022-45350 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45349
- RESERVED
+CVE-2022-45349 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...)
+ TODO: check
CVE-2022-45348 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as databas ...)
@@ -95677,8 +95743,8 @@ CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44626
- RESERVED
+CVE-2022-44626 (Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly ...)
+ TODO: check
CVE-2022-44625 (Auth. (admin+) Stored Cross-Site Scripting') vulnerability in Zephilou ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44624 (In JetBrains TeamCity version before 2022.10, Password parameters coul ...)
@@ -106020,8 +106086,8 @@ CVE-2022-38141 (Missing Authorization vulnerability in Zorem Sales Report Email
NOT-FOR-US: WordPress plugin
CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plu ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38057
- RESERVED
+CVE-2022-38057 (Missing Authorization vulnerability in ThemeHunk Advance WordPress Sea ...)
+ TODO: check
CVE-2022-38055
RESERVED
CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Li ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72c71dc6819dd85cc8bbe66f09b9477e8b432efa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72c71dc6819dd85cc8bbe66f09b9477e8b432efa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240325/231e06b2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list