[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 22 21:12:28 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3dd5fc42 by security tracker role at 2024-05-22T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,138 @@
-CVE-2024-36010 [igb: Fix string truncation warnings in igb_set_fw_version]
+CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...)
+ TODO: check
+CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rated as ...)
+ TODO: check
+CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been declared ...)
+ TODO: check
+CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been ...)
+ TODO: check
+CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...)
+ TODO: check
+CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind Server-Sid ...)
+ TODO: check
+CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-4896 (The WPB Elementor Addons plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-4563 (The Progress MOVEit Automation configuration export function prior to ...)
+ TODO: check
+CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...)
+ TODO: check
+CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...)
+ TODO: check
+CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...)
+ TODO: check
+CVE-2024-4262 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...)
+ TODO: check
+CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to ...)
+ TODO: check
+CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+ TODO: check
+CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...)
+ TODO: check
+CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a cross-site scr ...)
+ TODO: check
+CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35559 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35558 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35557 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35556 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35555 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35554 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35553 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35552 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35551 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35550 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35475 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Op ...)
+ TODO: check
+CVE-2024-35409 (WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.)
+ TODO: check
+CVE-2024-35362 (Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/arti ...)
+ TODO: check
+CVE-2024-34448 (Ghost before 5.82.0 allows CSV Injection during a member CSV export.)
+ TODO: check
+CVE-2024-33228 (An issue in the component segwindrvx64.sys of Insyde Software Corp SEG ...)
+ TODO: check
+CVE-2024-33227 (An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 ...)
+ TODO: check
+CVE-2024-33226 (An issue in the component Access64.sys of Wistron Corporation TBT Forc ...)
+ TODO: check
+CVE-2024-33225 (An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp R ...)
+ TODO: check
+CVE-2024-33224 (An issue in the component rtkio64.sys of Realtek Semiconductor Corp Re ...)
+ TODO: check
+CVE-2024-33223 (An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU ...)
+ TODO: check
+CVE-2024-33222 (An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS AT ...)
+ TODO: check
+CVE-2024-33221 (An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS B ...)
+ TODO: check
+CVE-2024-33220 (An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite ...)
+ TODO: check
+CVE-2024-33219 (An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABE ...)
+ TODO: check
+CVE-2024-33218 (An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS US ...)
+ TODO: check
+CVE-2024-31904 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...)
+ TODO: check
+CVE-2024-31895 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...)
+ TODO: check
+CVE-2024-31894 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...)
+ TODO: check
+CVE-2024-31893 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...)
+ TODO: check
+CVE-2024-31617 (OpenLiteSpeed before 1.8.1 mishandles chunked encoding.)
+ TODO: check
+CVE-2024-2036 (The ApplyOnline \u2013 Application Form Builder and Manager plugin for ...)
+ TODO: check
+CVE-2024-29421 (xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via Cl ...)
+ TODO: check
+CVE-2024-27264 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local ...)
+ TODO: check
+CVE-2024-25738 (A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/Fix ...)
+ TODO: check
+CVE-2024-25737 (A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show ...)
+ TODO: check
+CVE-2024-21791 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...)
+ TODO: check
+CVE-2024-20363 (Multiple Cisco products are affected by a vulnerability in the Snort I ...)
+ TODO: check
+CVE-2024-20361 (A vulnerability in the Object Groups for Access Control Lists (ACLs) f ...)
+ TODO: check
+CVE-2024-20360 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ TODO: check
+CVE-2024-20355 (A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) ...)
+ TODO: check
+CVE-2024-20293 (A vulnerability in the activation of an access control list (ACL) on C ...)
+ TODO: check
+CVE-2024-20261 (A vulnerability in the file policy feature that is used to inspect enc ...)
+ TODO: check
+CVE-2023-51637 (Sante PACS Server PG Patient Query SQL Injection Remote Code Execution ...)
+ TODO: check
+CVE-2023-51636 (Avira Prime Link Following Local Privilege Escalation Vulnerability. T ...)
+ TODO: check
+CVE-2024-36010 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -10,118 +144,118 @@ CVE-2024-XXXX [Fix cross-site scripting (XSS) vulnerability in handling SVG anim
CVE-2024-XXXX [Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences]
- roundcube 1.6.7+dfsg-1 (bug #1071474)
NOTE: https://github.com/roundcube/roundcubemail/commit/9ca8aa6680c579132e0d1fa59447df8d524ec91c
-CVE-2021-47498 [dm rq: don't queue request to blk-mq during DM suspend]
+CVE-2021-47498 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.14.16-1
NOTE: https://git.kernel.org/linus/b4459b11e84092658fa195a2587aff3b9637f0e7 (5.15-rc6)
-CVE-2021-47497 [nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells]
+CVE-2021-47497 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 (5.15-rc6)
-CVE-2021-47496 [net/tls: Fix flipped sign in tls_err_abort() calls]
+CVE-2021-47496 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/da353fac65fede6b8b4cfe207f0d9408e3121105 (5.15)
-CVE-2021-47495 [usbnet: sanity check for maxpacket]
+CVE-2021-47495 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/397430b50a363d8b7bdda00522123f82df6adc5e (5.15-rc7)
-CVE-2021-47494 [cfg80211: fix management registrations locking]
+CVE-2021-47494 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/09b1d5dc6ce1c9151777f6c4e128a59457704c97 (5.15)
-CVE-2021-47493 [ocfs2: fix race between searching chunks and release journal_head from buffer_head]
+CVE-2021-47493 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/6f1b228529ae49b0f85ab89bcdb6c365df401558 (5.15)
-CVE-2021-47492 [mm, thp: bail out early in collapse_file for writeback page]
+CVE-2021-47492 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/74c42e1baacf206338b1dd6b6199ac964512b5bb (5.15)
-CVE-2021-47491 [mm: khugepaged: skip huge page collapse for special files]
+CVE-2021-47491 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a4aeaa06d45e90f9b279f0b09de84bd00006e733 (5.15)
-CVE-2021-47490 [drm/ttm: fix memleak in ttm_transfered_destroy]
+CVE-2021-47490 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/0db55f9a1bafbe3dac750ea669de9134922389b5 (5.15)
-CVE-2021-47489 [drm/amdgpu: Fix even more out of bound writes from debugfs]
+CVE-2021-47489 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.15.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3f4e54bd312d3dafb59daf2b97ffa08abebe60f5 (5.15)
-CVE-2021-47488 [cgroup: Fix memory leak caused by missing cgroup_bpf_offline]
+CVE-2021-47488 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/04f8ef5643bcd8bcde25dfdebef998aea480b2ba (5.15)
-CVE-2021-47487 [drm/amdgpu: fix out of bounds write]
+CVE-2021-47487 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/5afa7898ab7a0ec9c28556a91df714bf3c2f725e (5.15)
-CVE-2021-47486 [riscv, bpf: Fix potential NULL dereference]
+CVE-2021-47486 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/27de809a3d83a6199664479ebb19712533d6fd9b (5.15)
-CVE-2021-47485 [IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields]
+CVE-2021-47485 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/d39bf40e55e666b5905fdbd46a0dced030ce87be (5.15)
-CVE-2021-47484 [octeontx2-af: Fix possible null pointer dereference.]
+CVE-2021-47484 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 5.15.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c2d4c543f74c90f883e8ec62a31973ae8807d354 (5.15)
-CVE-2021-47483 [regmap: Fix possible double-free in regcache_rbtree_exit()]
+CVE-2021-47483 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/55e6d8037805b3400096d621091dfbf713f97e83 (5.15)
-CVE-2021-47482 [net: batman-adv: fix error handling]
+CVE-2021-47482 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/6f68cd634856f8ca93bafd623ba5357e0f648c68 (5.15)
-CVE-2021-47481 [RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR]
+CVE-2021-47481 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 5.15.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5508546631a0f555d7088203dec2614e41b5106e (5.15)
-CVE-2021-47480 [scsi: core: Put LLD module refcnt after SCSI device is released]
+CVE-2021-47480 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/f2b85040acec9a928b4eb1b57a989324e8e38d3f (5.15-rc7)
-CVE-2021-47479 [staging: rtl8712: fix use-after-free in rtl8712_dl_fw]
+CVE-2021-47479 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/c052cc1a069c3e575619cf64ec427eb41176ca70 (5.16-rc1)
-CVE-2021-47478 [isofs: Fix out of bound access for corrupted isofs image]
+CVE-2021-47478 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/e96a1866b40570b5950cda8602c2819189c62a48 (5.16-rc1)
-CVE-2021-47477 [comedi: dt9812: fix DMA buffers on stack]
+CVE-2021-47477 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/536de747bc48262225889a533db6650731ab25d3 (5.16-rc1)
-CVE-2021-47476 [comedi: ni_usb6501: fix NULL-deref in command paths]
+CVE-2021-47476 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/907767da8f3a925b060c740e0b5c92ea7dbec440 (5.16-rc1)
-CVE-2021-47475 [comedi: vmk80xx: fix transfer-buffer overflows]
+CVE-2021-47475 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/a23461c47482fc232ffc9b819539d1f837adf2b1 (5.16-rc1)
-CVE-2021-47474 [comedi: vmk80xx: fix bulk-buffer overflow]
+CVE-2021-47474 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
@@ -398,19 +532,23 @@ CVE-2024-5148
[experimental] - gnome-remote-desktop 46.2-1
- gnome-remote-desktop <not-affected> (Vulnerable code only in 46 series)
NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
-CVE-2024-5160
+CVE-2024-5160 (Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 a ...)
+ {DSA-5696-1}
- chromium 125.0.6422.76-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5159
+CVE-2024-5159 (Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 ...)
+ {DSA-5696-1}
- chromium 125.0.6422.76-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5158
+CVE-2024-5158 (Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a ...)
+ {DSA-5696-1}
- chromium 125.0.6422.76-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5157
+CVE-2024-5157 (Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 a ...)
+ {DSA-5696-1}
- chromium 125.0.6422.76-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -5829,6 +5967,7 @@ CVE-2024-27837 (A downgrade issue was addressed with additional code-signing res
CVE-2024-27835 (This issue was addressed through improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2024-27834 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ {DSA-5695-1}
- webkit2gtk 2.44.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.2-1
@@ -5918,7 +6057,7 @@ CVE-2024-4813 (A vulnerability classified as critical has been found in Ruijie R
NOT-FOR-US: Ruijie RG-UAC
CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters it ca ...)
+CVE-2024-4068 (The NPM package `braces`, versions prior to 3.0.3, fails to limit the ...)
- node-braces <unfixed> (bug #1071632)
[bookworm] - node-braces <no-dsa> (Minor issue)
[bullseye] - node-braces <no-dsa> (Minor issue)
@@ -121899,8 +122038,8 @@ CVE-2023-20241 (Multiple vulnerabilities in Cisco Secure Client Software, former
NOT-FOR-US: Cisco
CVE-2023-20240 (Multiple vulnerabilities in Cisco Secure Client Software, formerly Any ...)
NOT-FOR-US: Cisco
-CVE-2023-20239
- RESERVED
+CVE-2023-20239 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ TODO: check
CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Cisco Br ...)
NOT-FOR-US: Cisco
CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dd5fc420455f6504620bdc16479e877728afc87
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dd5fc420455f6504620bdc16479e877728afc87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/0d8c1bb5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list