[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 1 21:12:33 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7cb76107 by security tracker role at 2024-05-01T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,342 +1,476 @@
-CVE-2024-27392 [nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()]
+CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...)
+ TODO: check
+CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...)
+ TODO: check
+CVE-2024-33775 (An issue with the Autodiscover component in Nagios XI 2024R1.01 allows ...)
+ TODO: check
+CVE-2024-33518 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...)
+ TODO: check
+CVE-2024-33517 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...)
+ TODO: check
+CVE-2024-33516 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...)
+ TODO: check
+CVE-2024-33515 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...)
+ TODO: check
+CVE-2024-33514 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...)
+ TODO: check
+CVE-2024-33513 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...)
+ TODO: check
+CVE-2024-33512 (There is a buffer overflow vulnerability in the underlying Local User ...)
+ TODO: check
+CVE-2024-33511 (There is a buffer overflow vulnerability in the underlying Automatic R ...)
+ TODO: check
+CVE-2024-33442 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...)
+ TODO: check
+CVE-2024-33431 (An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a ...)
+ TODO: check
+CVE-2024-33430 (An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 a ...)
+ TODO: check
+CVE-2024-33429 (Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 ...)
+ TODO: check
+CVE-2024-33428 (Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 a ...)
+ TODO: check
+CVE-2024-33424 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...)
+ TODO: check
+CVE-2024-33423 (Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSim ...)
+ TODO: check
+CVE-2024-33393 (An issue in spidernet-io spiderpool v.0.9.3 and before allows a local ...)
+ TODO: check
+CVE-2024-33307 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...)
+ TODO: check
+CVE-2024-33306 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...)
+ TODO: check
+CVE-2024-33304 (SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scrip ...)
+ TODO: check
+CVE-2024-33300 (Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross ...)
+ TODO: check
+CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote ...)
+ TODO: check
+CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send ...)
+ TODO: check
+CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered connections such ...)
+ TODO: check
+CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation Platform ...)
+ TODO: check
+CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...)
+ TODO: check
+CVE-2024-32213 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...)
+ TODO: check
+CVE-2024-32212 (SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0. ...)
+ TODO: check
+CVE-2024-32211 (An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before a ...)
+ TODO: check
+CVE-2024-32210 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...)
+ TODO: check
+CVE-2024-31413 (Free of pointer not at start of buffer vulnerability exists in CX-One ...)
+ TODO: check
+CVE-2024-31412 (Out-of-bounds read vulnerability exists in CX-Programmer included in C ...)
+ TODO: check
+CVE-2024-30176 (In Logpoint before 7.4.0, an attacker can enumerate a valid list of us ...)
+ TODO: check
+CVE-2024-29011 (Use of hard-coded password in the GMS ECM endpoint leading to authenti ...)
+ TODO: check
+CVE-2024-29010 (The XML document processed in the GMS ECM URL endpoint is vulnerable t ...)
+ TODO: check
+CVE-2024-28893 (Certain HP software packages (SoftPaqs) are potentially vulnerable to ...)
+ TODO: check
+CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. ...)
+ TODO: check
+CVE-2024-28764 (IBM WebSphere Automation 1.7.0 could allow an attacker with privileged ...)
+ TODO: check
+CVE-2024-26504 (An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute ...)
+ TODO: check
+CVE-2024-26305 (There is a buffer overflow vulnerability in the underlying Utility dae ...)
+ TODO: check
+CVE-2024-26304 (There is a buffer overflow vulnerability in the underlying L2/L3 Manag ...)
+ TODO: check
+CVE-2024-25676 (An issue was discovered in ViewerJS 0.5.8. A script from the component ...)
+ TODO: check
+CVE-2024-25458 (An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board ident ...)
+ TODO: check
+CVE-2024-25355 (s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes ...)
+ TODO: check
+CVE-2024-25015 (IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a r ...)
+ TODO: check
+CVE-2024-24978 (Denial-of-service (DoS) vulnerability exists in TvRock 0.9t8a. Receivi ...)
+ TODO: check
+CVE-2024-24912 (A local privilege escalation vulnerability has been identified in Harm ...)
+ TODO: check
+CVE-2024-24403
+ REJECTED
+CVE-2024-24313 (An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote att ...)
+ TODO: check
+CVE-2024-24312 (SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 ...)
+ TODO: check
+CVE-2024-23597 (Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8 ...)
+ TODO: check
+CVE-2024-23480 (A fallback mechanism in code sign checking on macOS may allow arbitrar ...)
+ TODO: check
+CVE-2024-23457 (The anti-tampering functionality of the Zscaler Client Connector can b ...)
+ TODO: check
+CVE-2024-22830 (Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2 ...)
+ TODO: check
+CVE-2024-20378 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
+ TODO: check
+CVE-2024-20376 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
+ TODO: check
+CVE-2024-20357 (A vulnerability in the XML service of Cisco IP Phone firmware could al ...)
+ TODO: check
+CVE-2024-0334 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2023-7241 (Privilege Escalationin WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 ...)
+ TODO: check
+CVE-2023-49606 (A use-after-free vulnerability exists in the HTTP Connection Headers p ...)
+ TODO: check
+CVE-2023-47212 (A heap-based buffer overflow vulnerability exists in the comment funct ...)
+ TODO: check
+CVE-2023-47166 (A firmware update vulnerability exists in the luci2-io file-import fun ...)
+ TODO: check
+CVE-2023-46295 (An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated ...)
+ TODO: check
+CVE-2023-46294 (An issue was discovered in Teledyne FLIR M300 2.00-19. User account pa ...)
+ TODO: check
+CVE-2023-40533 (An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 w ...)
+ TODO: check
+CVE-2024-27392 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8d0d2447394b13fb22a069f0330f9c49b7fff9d3 (6.9-rc1)
-CVE-2024-27391 [wifi: wilc1000: do not realloc workqueue everytime an interface is added]
+CVE-2024-27391 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/328efda22af81130c2ad981c110518cb29ff2f1d (6.9-rc1)
-CVE-2024-27390 [ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()]
+CVE-2024-27390 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/17ef8efc00b34918b966388b2af0993811895a8c (6.9-rc1)
-CVE-2024-27389 [pstore: inode: Only d_invalidate() is needed]
+CVE-2024-27389 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a43e0fc5e9134a46515de2f2f8d4100b74e50de3 (6.9-rc1)
-CVE-2024-27388 [SUNRPC: fix some memleaks in gssx_dec_option_array]
+CVE-2024-27388 (In the Linux kernel, the following vulnerability has been resolved: S ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/3cfcfc102a5e57b021b786a755a38935e357797d (6.9-rc1)
-CVE-2024-27080 [btrfs: fix race when detecting delalloc ranges during fiemap]
+CVE-2024-27080 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/978b63f7464abcfd364a6c95f734282c50f3decf (6.9-rc1)
-CVE-2024-27079 [iommu/vt-d: Fix NULL domain on device release]
+CVE-2024-27079 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/81e921fd321614c2ad8ac333b041aae1da7a1c6d (6.9-rc1)
-CVE-2024-27078 [media: v4l2-tpg: fix some memleaks in tpg_alloc]
+CVE-2024-27078 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/8cf9c5051076e0eb958f4361d50d8b0c3ee6691c (6.9-rc1)
-CVE-2024-27077 [media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity]
+CVE-2024-27077 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/8f94b49a5b5d386c038e355bef6347298aabd211 (6.9-rc1)
-CVE-2024-27076 [media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak]
+CVE-2024-27076 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4797a3dd46f220e6d83daf54d70c5b33db6deb01 (6.9-rc1)
-CVE-2024-27075 [media: dvb-frontends: avoid stack overflow warnings with clang]
+CVE-2024-27075 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/7a4cf27d1f0538f779bf31b8c99eda394e277119 (6.9-rc1)
-CVE-2024-27074 [media: go7007: fix a memleak in go7007_load_encoder]
+CVE-2024-27074 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/b9b683844b01d171a72b9c0419a2d760d946ee12 (6.9-rc1)
-CVE-2024-27073 [media: ttpci: fix two memleaks in budget_av_attach]
+CVE-2024-27073 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/d0b07f712bf61e1a3cf23c87c663791c42e50837 (6.9-rc1)
-CVE-2024-27072 [media: usbtv: Remove useless locks in usbtv_video_free()]
+CVE-2024-27072 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/65e6a2773d655172143cc0b927cdc89549842895 (6.9-rc1)
-CVE-2024-27071 [backlight: hx8357: Fix potential NULL pointer dereference]
+CVE-2024-27071 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b1ba8bcb2d1ffce11b308ce166c9cc28d989e3b9 (6.9-rc1)
-CVE-2024-27070 [f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault]
+CVE-2024-27070 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/eb70d5a6c932d9d23f4bb3e7b83782c21ac4b064 (6.9-rc1)
-CVE-2024-27069 [ovl: relax WARN_ON in ovl_verify_area()]
+CVE-2024-27069 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/77a28aa476873048024ad56daf8f4f17d58ee48e (6.9-rc1)
-CVE-2024-27068 [thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path]
+CVE-2024-27068 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ca93bf607a44c1f009283dac4af7df0d9ae5e357 (6.9-rc1)
-CVE-2024-27067 [xen/evtchn: avoid WARN() when unbinding an event channel]
+CVE-2024-27067 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/51c23bd691c0f1fb95b29731c356c6fd69925d17 (6.9-rc1)
-CVE-2024-27066 [virtio: packed: fix unmap leak for indirect desc table]
+CVE-2024-27066 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd (6.9-rc1)
-CVE-2024-27065 [netfilter: nf_tables: do not compare internal table flags on updates]
+CVE-2024-27065 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139 (6.9-rc1)
-CVE-2024-27064 [netfilter: nf_tables: Fix a memory leak in nf_tables_updchain]
+CVE-2024-27064 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7eaf837a4eb5f74561e2486972e7f5184b613f6e (6.9-rc1)
-CVE-2024-27063 [leds: trigger: netdev: Fix kernel panic on interface rename trig notify]
+CVE-2024-27063 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/415798bc07dd1c1ae3a656aa026580816e0b9fe8 (6.9-rc1)
-CVE-2024-27062 [nouveau: lock the client object tree.]
+CVE-2024-27062 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.12-1
NOTE: https://git.kernel.org/linus/b7cc4ff787a572edf2c55caeffaa88cd801eb135 (6.8)
-CVE-2024-27061 [crypto: sun8i-ce - Fix use after free in unprepare]
+CVE-2024-27061 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/183420038444547c149a0fc5f58e792c2752860c (6.8)
-CVE-2024-27060 [thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()]
+CVE-2024-27060 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa (6.8)
-CVE-2024-27059 [USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command]
+CVE-2024-27059 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/014bcf41d946b36a8f0b8e9b5d9529efbb822f49 (6.8)
-CVE-2024-27058 [tmpfs: fix race on handling dquot rbtree]
+CVE-2024-27058 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0a69b6b3a026543bc215ccc866d0aea5579e6ce2 (6.9-rc2)
-CVE-2024-27057 [ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend]
+CVE-2024-27057 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.7.12-1
NOTE: https://git.kernel.org/linus/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2 (6.8-rc5)
-CVE-2024-27056 [wifi: iwlwifi: mvm: ensure offloading TID queue exists]
+CVE-2024-27056 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.7.12-1
NOTE: https://git.kernel.org/linus/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f (6.8-rc7)
-CVE-2024-27055 [workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()]
+CVE-2024-27055 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/15930da42f8981dc42c19038042947b475b19f47 (6.9-rc1)
-CVE-2024-27054 [s390/dasd: fix double module refcount decrement]
+CVE-2024-27054 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/c3116e62ddeff79cae342147753ce596f01fcf06 (6.9-rc1)
-CVE-2024-27053 [wifi: wilc1000: fix RCU usage in connect path]
+CVE-2024-27053 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/205c50306acf58a335eb19fa84e40140f4fe814f (6.9-rc1)
-CVE-2024-27052 [wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work]
+CVE-2024-27052 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1213acb478a7181cd73eeaf00db430f1e45b1361 (6.9-rc1)
-CVE-2024-27051 [cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value]
+CVE-2024-27051 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/f661017e6d326ee187db24194cabb013d81bc2a6 (6.9-rc1)
-CVE-2024-27050 [libbpf: Use OPTS_SET() macro in bpf_xdp_query()]
+CVE-2024-27050 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/92a871ab9fa59a74d013bc04f321026a057618e7 (6.9-rc1)
-CVE-2024-27049 [wifi: mt76: mt7925e: fix use-after-free in free_irq()]
+CVE-2024-27049 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a5a5f4413d91f395cb2d89829d376d7393ad48b9 (6.9-rc1)
-CVE-2024-27048 [wifi: brcm80211: handle pmk_op allocation failure]
+CVE-2024-27048 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b4152222e04cb8afeeca239c90e3fcaf4c553b42 (6.9-rc1)
-CVE-2024-27047 [net: phy: fix phy_get_internal_delay accessing an empty array]
+CVE-2024-27047 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4469c0c5b14a0919f5965c7ceac96b523eb57b79 (6.9-rc1)
-CVE-2024-27046 [nfp: flower: handle acti_netdevs allocation failure]
+CVE-2024-27046 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/84e95149bd341705f0eca6a7fcb955c548805002 (6.9-rc1)
-CVE-2024-27045 [drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()']
+CVE-2024-27045 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4b09715f1504f1b6e8dff0e9643630610bc05141 (6.9-rc1)
-CVE-2024-27044 [drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()']
+CVE-2024-27044 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9ccfe80d022df7c595f1925afb31de2232900656 (6.9-rc1)
-CVE-2024-27043 [media: edia: dvbdev: fix a use-after-free]
+CVE-2024-27043 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5 (6.9-rc1)
-CVE-2024-27042 [drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()']
+CVE-2024-27042 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cdb637d339572398821204a1142d8d615668f1e9 (6.9-rc1)
-CVE-2024-27041 [drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()]
+CVE-2024-27041 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2a3cfb9a24a28da9cc13d2c525a76548865e182c (6.9-rc1)
-CVE-2024-27040 [drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()']
+CVE-2024-27040 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b (6.9-rc1)
-CVE-2024-27039 [clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()]
+CVE-2024-27039 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/64c6a38136b74a2f18c42199830975edd9fbc379 (6.9-rc1)
-CVE-2024-27038 [clk: Fix clk_core_get NULL dereference]
+CVE-2024-27038 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e97fe4901e0f59a0bfd524578fe3768f8ca42428 (6.9-rc1)
-CVE-2024-27037 [clk: zynq: Prevent null pointer dereference caused by kmalloc failure]
+CVE-2024-27037 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/7938e9ce39d6779d2f85d822cc930f73420e54a6 (6.9-rc1)
-CVE-2024-27036 [cifs: Fix writeback data corruption]
+CVE-2024-27036 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f3dc1bdb6b0b0693562c7c54a6c28bafa608ba3c (6.9-rc1)
-CVE-2024-27035 [f2fs: compress: fix to guarantee persisting compressed blocks by CP]
+CVE-2024-27035 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8a430dd49e9cb021372b0ad91e60aeef9c6ced00 (6.9-rc1)
-CVE-2024-27034 [f2fs: compress: fix to cover normal cluster write with cp_rwsem]
+CVE-2024-27034 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fd244524c2cf07b5f4c3fe8abd6a99225c76544b (6.9-rc1)
-CVE-2024-27033 [f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic]
+CVE-2024-27033 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b896e302f79678451a94769ddd9e52e954c64fbb (6.9-rc1)
-CVE-2024-27032 [f2fs: fix to avoid potential panic during recovery]
+CVE-2024-27032 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/21ec68234826b1b54ab980a8df6e33c74cfbee58 (6.9-rc1)
-CVE-2024-27031 [NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt]
+CVE-2024-27031 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fd5860ab6341506004219b080aea40213b299d2e (6.9-rc1)
-CVE-2024-27030 [octeontx2-af: Use separate handlers for interrupts]
+CVE-2024-27030 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/50e60de381c342008c0956fd762e1c26408f372c (6.9-rc1)
-CVE-2024-27029 [drm/amdgpu: fix mmhub client id out-of-bounds access]
+CVE-2024-27029 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6540ff6482c1a5a6890ae44b23d0852ba1986d9e (6.9-rc1)
-CVE-2024-27028 [spi: spi-mt65xx: Fix NULL pointer access in interrupt handler]
+CVE-2024-27028 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/a20ad45008a7c82f1184dc6dee280096009ece55 (6.9-rc1)
-CVE-2024-27027 [dpll: fix dpll_xa_ref_*_del() for multiple registrations]
+CVE-2024-27027 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b446631f355ece73b13c311dd712c47381a23172 (6.9-rc1)
-CVE-2024-27026 [vmxnet3: Fix missing reserved tailroom]
+CVE-2024-27026 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e127ce7699c1e05279ee5ee61f00893e7bfa9671 (6.9-rc1)
-CVE-2024-27025 [nbd: null check for nla_nest_start]
+CVE-2024-27025 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)
-CVE-2024-27024 [net/rds: fix WARNING in rds_conn_connect_if_down]
+CVE-2024-27024 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.82-1
NOTE: https://git.kernel.org/linus/c055fc00c07be1f0df7375ab0036cebd1106ed38 (6.8)
-CVE-2024-27023 [md: Fix missing release of 'active_io' for flush]
+CVE-2024-27023 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.7.7-1
[bookworm] - linux 6.1.82-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/855678ed8534518e2b428bcbcec695de9ba248e8 (6.8-rc6)
-CVE-2023-52653 [SUNRPC: fix a memleak in gss_import_v2_context]
+CVE-2023-52653 (In the Linux kernel, the following vulnerability has been resolved: S ...)
- linux 6.7.12-1
NOTE: https://git.kernel.org/linus/e67b652d8e8591d3b1e569dbcdfcee15993e91fa (6.9-rc1)
-CVE-2023-52652 [NTB: fix possible name leak in ntb_register_device()]
+CVE-2023-52652 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/aebfdfe39b9327a3077d0df8db3beb3160c9bdd0 (6.9-rc1)
-CVE-2023-52651 [wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()]
+CVE-2023-52651 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/ad25ee36f00172f7d53242dc77c69fff7ced0755 (6.9-rc1)
-CVE-2023-52650 [drm/tegra: dsi: Add missing check for of_find_device_by_node]
+CVE-2023-52650 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
NOTE: https://git.kernel.org/linus/afe6fcb9775882230cd29b529203eabd5d2a638d (6.9-rc1)
-CVE-2023-52649 [drm/vkms: Avoid reading beyond LUT array]
+CVE-2023-52649 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2fee84030d12d9fddfa874e4562d71761a129277 (6.9-rc1)
-CVE-2022-48669 [powerpc/pseries: Fix potential memleak in papr_get_attr()]
+CVE-2022-48669 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cda9c0d556283e2d4adaa9960b2dc19b16156bae (6.9-rc1)
-CVE-2024-4331
+CVE-2024-4331 (Use after free in Picture In Picture in Google Chrome prior to 124.0.6 ...)
- chromium 124.0.6367.118-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-4368
+CVE-2024-4368 (Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowe ...)
- chromium 124.0.6367.118-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -2016,17 +2150,17 @@ CVE-2024-26924 (In the Linux kernel, the following vulnerability has been resolv
CVE-2024-26923 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/47d8ac011fe1c9251070e1bd64cb10b48193ec51 (6.9-rc4)
-CVE-2024-4060
+CVE-2024-4060 (Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed ...)
{DSA-5675-1}
- chromium 124.0.6367.78-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-4059
+CVE-2024-4059 (Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 a ...)
{DSA-5675-1}
- chromium 124.0.6367.78-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-4058
+CVE-2024-4058 (Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowe ...)
{DSA-5675-1}
- chromium 124.0.6367.78-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -80509,8 +80643,8 @@ CVE-2023-26795
RESERVED
CVE-2023-26794
RESERVED
-CVE-2023-26793
- RESERVED
+CVE-2023-26793 (libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in re ...)
+ TODO: check
CVE-2023-26792
RESERVED
CVE-2023-26791
@@ -91803,14 +91937,14 @@ CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cr
NOT-FOR-US: Book Store Management System
CVE-2023-23023
RESERVED
-CVE-2023-23022
- RESERVED
-CVE-2023-23021
- RESERVED
+CVE-2023-23022 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 e ...)
+ TODO: check
+CVE-2023-23021 (Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 p ...)
+ TODO: check
CVE-2023-23020
RESERVED
-CVE-2023-23019
- RESERVED
+CVE-2023-23019 (Cross site scripting (XSS) vulnerability in file main.php in sourcecod ...)
+ TODO: check
CVE-2023-23018
RESERVED
CVE-2023-23017
@@ -127048,8 +127182,8 @@ CVE-2022-38388 (IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow
NOT-FOR-US: IBM
CVE-2022-38387 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allo ...)
NOT-FOR-US: IBM
-CVE-2022-38386
- RESERVED
+CVE-2022-38386 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...)
+ TODO: check
CVE-2022-38385 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allo ...)
NOT-FOR-US: IBM
CVE-2022-38384
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cb76107216a6945cfb815173fed0559c44cce11
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cb76107216a6945cfb815173fed0559c44cce11
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240501/056857df/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list