[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 22 09:12:44 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1876ffd6 by security tracker role at 2024-05-22T08:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,192 +1,268 @@
-CVE-2021-47473 [scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()]
+CVE-2024-5190
+ REJECTED
+CVE-2024-5147 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPr ...)
+ TODO: check
+CVE-2024-5092 (The Elegant Addons for elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-5040 (There are multiple ways in LCDS LAquis SCADA for an attacker to acces ...)
+ TODO: check
+CVE-2024-4980 (The WPKoi Templates for Elementor plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-4971 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-4443 (The Business Directory Plugin \u2013 Easy Listing Directories for Word ...)
+ TODO: check
+CVE-2024-4157 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...)
+ TODO: check
+CVE-2024-3927 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+ TODO: check
+CVE-2024-3671 (The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-3666 (The Opal Estate Pro \u2013 Property Management and Submission plugin f ...)
+ TODO: check
+CVE-2024-3663 (The WP Scraper plugin for WordPress is vulnerable to unauthorized acce ...)
+ TODO: check
+CVE-2024-3611 (The Toolbar Extras for Elementor & More \u2013 WordPress Admin Bar Enh ...)
+ TODO: check
+CVE-2024-3519 (The Media Library Assistant plugin for WordPress is vulnerable to Refl ...)
+ TODO: check
+CVE-2024-3518 (The Media Library Assistant plugin for WordPress is vulnerable to SQL ...)
+ TODO: check
+CVE-2024-3198 (The WP Font Awesome Share Icons plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-3066 (The Elegant Addons for elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-35220 (@fastify/session is a session plugin for fastify. Requires the @fastif ...)
+ TODO: check
+CVE-2024-35162 (Path traversal vulnerability exists in Download Plugins and Themes fro ...)
+ TODO: check
+CVE-2024-32988 ('OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App ...)
+ TODO: check
+CVE-2024-31396 (Code injection vulnerability exists in a-blog cms Ver.3.1.x series ver ...)
+ TODO: check
+CVE-2024-31395 (Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x seri ...)
+ TODO: check
+CVE-2024-31394 (Directory traversal vulnerability exists in a-blog cms Ver.3.1.x serie ...)
+ TODO: check
+CVE-2024-31340 (TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prio ...)
+ TODO: check
+CVE-2024-30420 (Server-side request forgery (SSRF) vulnerability exists in a-blog cms ...)
+ TODO: check
+CVE-2024-30419 (Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x seri ...)
+ TODO: check
+CVE-2024-2953 (The LuckyWP Table of Contents plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2024-2163 (The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-2119 (The LuckyWP Table of Contents plugin for WordPress is vulnerable to Re ...)
+ TODO: check
+CVE-2024-2088 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-21683 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
+ TODO: check
+CVE-2024-1762 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-1446 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-0632 (The Automatic Translator with Google Translate plugin for WordPress is ...)
+ TODO: check
+CVE-2024-0453 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized modi ...)
+ TODO: check
+CVE-2024-0452 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized modi ...)
+ TODO: check
+CVE-2024-0451 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized acce ...)
+ TODO: check
+CVE-2023-6487 (The LuckyWP Table of Contents plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2021-47473 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad (5.15-rc7)
-CVE-2021-47472 [net: mdiobus: Fix memory leak in __mdiobus_register]
+CVE-2021-47472 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/ab609f25d19858513919369ff3d9a63c02cd9e2e (5.15-rc4)
-CVE-2021-47471 [drm: mxsfb: Fix NULL pointer dereference crash on unload]
+CVE-2021-47471 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3cfc183052c3dbf8eae57b6c1685dab00ed3db4a (5.15-rc7)
-CVE-2021-47470 [mm, slub: fix potential use-after-free in slab_debugfs_fops]
+CVE-2021-47470 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.14.16-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/67823a544414def2a36c212abadb55b23bcda00c (5.15-rc7)
-CVE-2021-47469 [spi: Fix deadlock when adding SPI controllers on SPI buses]
+CVE-2021-47469 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.14.16-1
NOTE: https://git.kernel.org/linus/6098475d4cb48d821bdf453c61118c56e26294f0 (5.15-rc6)
-CVE-2021-47468 [isdn: mISDN: Fix sleeping function called from invalid context]
+CVE-2021-47468 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/6510e80a0b81b5d814e3aea6297ba42f5e76f73c (5.15-rc6)
-CVE-2021-47467 [kunit: fix reference count leak in kfree_at_end]
+CVE-2021-47467 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 5.14.16-1
NOTE: https://git.kernel.org/linus/f62314b1ced25c58b86e044fc951cd6a1ea234cf (5.15-rc6)
-CVE-2021-47466 [mm, slub: fix potential memoryleak in kmem_cache_open()]
+CVE-2021-47466 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/9037c57681d25e4dcc442d940d6dbe24dd31f461 (5.15-rc7)
-CVE-2021-47465 [KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()]
+CVE-2021-47465 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9b4416c5095c20e110c82ae602c254099b83b72f (5.15-rc6)
-CVE-2021-47464 [audit: fix possible null-pointer dereference in audit_filter_rules]
+CVE-2021-47464 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6e3ee990c90494561921c756481d0e2125d8b895 (5.15-rc7)
-CVE-2021-47463 [mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem()]
+CVE-2021-47463 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.14.16-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/79f9bc5843142b649575f887dccdf1c07ad75c20 (5.15-rc7)
-CVE-2021-47462 [Description:]
+CVE-2021-47462 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.14.16-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6d2aec9e123bb9c49cb5c7fc654f25f81e688e8c (5.15-rc7)
-CVE-2021-47461 [userfaultfd: fix a race between writeprotect and exit_mmap()]
+CVE-2021-47461 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cb185d5f1ebf900f4ae3bf84cee212e6dd035aca (5.15-rc7)
-CVE-2021-47460 [ocfs2: fix data corruption after conversion from inline format]
+CVE-2021-47460 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/5314454ea3ff6fc746eaf71b9a7ceebed52888fa (5.15-rc7)
-CVE-2021-47459 [can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv]
+CVE-2021-47459 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d9d52a3ebd284882f5562c88e55991add5d01586 (5.15-rc7)
-CVE-2021-47458 [ocfs2: mount fails with buffer overflow in strlen]
+CVE-2021-47458 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/b15fa9224e6e1239414525d8d556d824701849fc (5.15-rc7)
-CVE-2021-47457 [can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()]
+CVE-2021-47457 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9acf636215a6ce9362fe618e7da4913b8bfe84c8 (5.15-rc7)
-CVE-2021-47456 [can: peak_pci: peak_pci_remove(): fix UAF]
+CVE-2021-47456 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/949fe9b35570361bc6ee2652f89a0561b26eec98 (5.15-rc7)
-CVE-2021-47455 [ptp: Fix possible memory leak in ptp_clock_register()]
+CVE-2021-47455 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 5.14.16-1
NOTE: https://git.kernel.org/linus/4225fea1cb28370086e17e82c0f69bec2779dca0 (5.15-rc7)
-CVE-2021-47454 [powerpc/smp: do not decrement idle task preempt count in CPU offline]
+CVE-2021-47454 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/787252a10d9422f3058df9a4821f389e5326c440 (5.15-rc7)
-CVE-2021-47453 [ice: Avoid crash from unnecessary IDA free]
+CVE-2021-47453 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.14.16-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/73e30a62b19b9fbb4e6a3465c59da186630d5f2e (5.15-rc7)
-CVE-2021-47452 [netfilter: nf_tables: skip netdev events generated on netns removal]
+CVE-2021-47452 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.16-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/68a3765c659f809dcaac20030853a054646eb739 (5.15-rc7)
-CVE-2021-47451 [netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value]
+CVE-2021-47451 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/902c0b1887522a099aa4e1e6b4b476c2fe5dd13e (5.15-rc7)
-CVE-2021-47450 [KVM: arm64: Fix host stage-2 PGD refcount]
+CVE-2021-47450 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 5.15.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1d58a17ef54599506d44c45ac95be27273a4d2b1 (5.15)
-CVE-2021-47449 [ice: fix locking for Tx timestamp tracking flush]
+CVE-2021-47449 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.14.16-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4d4a223a86afe658cd878800f09458e8bb54415d (5.15-rc6)
-CVE-2021-47448 [mptcp: fix possible stall on recvmsg()]
+CVE-2021-47448 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.14.16-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/612f71d7328c14369924384ad2170aae2a6abd92 (5.15-rc6)
-CVE-2021-47447 [drm/msm/a3xx: fix error handling in a3xx_gpu_init()]
+CVE-2021-47447 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.16-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3eda901995371d390ef82d0b6462f4ea8efbcfdf (5.15-rc6)
-CVE-2021-47446 [drm/msm/a4xx: fix error handling in a4xx_gpu_init()]
+CVE-2021-47446 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.16-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/980d74e7d03ccf2eaa11d133416946bd880c7c08 (5.15-rc6)
-CVE-2021-47445 [drm/msm: Fix null pointer dereference on pointer edp]
+CVE-2021-47445 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/2133c4fc8e1348dcb752f267a143fe2254613b34 (5.15-rc6)
-CVE-2021-47444 [drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read]
+CVE-2021-47444 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/97794170b696856483f74b47bfb6049780d2d3a0 (5.15-rc6)
-CVE-2021-47443 [NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()]
+CVE-2021-47443 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/58e7dcc9ca29c14e44267a4d0ea61e3229124907 (5.15-rc6)
-CVE-2021-47442 [NFC: digital: fix possible memory leak in digital_in_send_sdd_req()]
+CVE-2021-47442 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/291c932fc3692e4d211a445ba8aa35663831bac7 (5.15-rc6)
-CVE-2021-47441 [mlxsw: thermal: Fix out-of-bounds memory accesses]
+CVE-2021-47441 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/332fdf951df8b870e3da86b122ae304e2aabe88c (5.15-rc6)
-CVE-2021-47440 [net: encx24j600: check error in devm_regmap_init_encx24j600]
+CVE-2021-47440 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/f03dca0c9e2297c84a018e306f8a9cd534ee4287 (5.15-rc6)
-CVE-2021-47439 [net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work]
+CVE-2021-47439 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ef1100ef20f29aec4e62abeccdb5bdbebba1e378 (5.15-rc6)
-CVE-2021-47438 [net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path]
+CVE-2021-47438 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/94b960b9deffc02fc0747afc01f72cc62ab099e3 (5.15-rc6)
-CVE-2021-47437 [iio: adis16475: fix deadlock on frequency set]
+CVE-2021-47437 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.14.16-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9da1b86865ab4376408c58cd9fec332c8bdb5c73 (5.15-rc6)
-CVE-2021-47436 [usb: musb: dsps: Fix the probe error path]
+CVE-2021-47436 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/c2115b2b16421d93d4993f3fe4c520e91d6fe801 (5.15-rc6)
-CVE-2021-47435 [dm: fix mempool NULL pointer race when completing IO]
+CVE-2021-47435 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
NOTE: https://git.kernel.org/linus/d208b89401e073de986dc891037c5a668f5d5d95 (5.15-rc6)
-CVE-2021-47434 [xhci: Fix command ring pointer corruption while aborting a command]
+CVE-2021-47434 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/ff0e50d3564f33b7f4b35cadeabd951d66cfc570 (5.15-rc6)
-CVE-2021-47433 [btrfs: fix abort logic in btrfs_replace_file_extents]
+CVE-2021-47433 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/4afb912f439c4bc4e6a4f3e7547f2e69e354108f (5.15-rc6)
@@ -260654,8 +260730,8 @@ CVE-2020-35167 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and De
NOT-FOR-US: Dell
CVE-2020-35166 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSA ...)
NOT-FOR-US: Dell
-CVE-2020-35165
- RESERVED
+CVE-2020-35165 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSA ...)
+ TODO: check
CVE-2020-35164 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSA ...)
NOT-FOR-US: Dell
CVE-2020-35163 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSA ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1876ffd60fa19ec0e057f4ddcda40c695961b93c
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1876ffd60fa19ec0e057f4ddcda40c695961b93c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/985e6c26/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list