[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 5 20:12:16 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d9974930 by security tracker role at 2024-11-05T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,225 +1,459 @@
-CVE-2024-50138 [bpf: Use raw_spinlock_t in ringbuf]
+CVE-2024-9878 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
+ TODO: check
+CVE-2024-9867 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+ TODO: check
+CVE-2024-9667 (The Seriously Simple Podcasting plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-9657 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+ TODO: check
+CVE-2024-9579 (A potential vulnerability was discovered in certain Poly video confere ...)
+ TODO: check
+CVE-2024-9443 (The Basticom Framework plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-9178 (The XT Floating Cart for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-7429 (The Zotpress plugin for WordPress is vulnerable to unauthorized modifi ...)
+ TODO: check
+CVE-2024-7059 (A high-severity vulnerability that can lead to arbitrary code executio ...)
+ TODO: check
+CVE-2024-52030 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2024-52029 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2024-52028 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2024-52026 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
+ TODO: check
+CVE-2024-52025 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
+ TODO: check
+CVE-2024-52024 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
+ TODO: check
+CVE-2024-52023 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
+ TODO: check
+CVE-2024-52022 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
+ TODO: check
+CVE-2024-52021 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-52020 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-52019 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-52018 (Netgear XR300 v1.0.3.78 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-52017 (Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2024-52016 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
+ TODO: check
+CVE-2024-52015 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
+ TODO: check
+CVE-2024-52014 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
+ TODO: check
+CVE-2024-52013 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
+ TODO: check
+CVE-2024-51753 (The AuthKit library for Remix provides convenient helpers for authenti ...)
+ TODO: check
+CVE-2024-51752 (The AuthKit library for Next.js provides convenient helpers for authen ...)
+ TODO: check
+CVE-2024-51746 (Gitsign is a keyless Sigstore to signing tool for Git commits with you ...)
+ TODO: check
+CVE-2024-51740 (Combodo iTop is a simple, web based IT Service Management tool. This v ...)
+ TODO: check
+CVE-2024-51739 (Combodo iTop is a simple, web based IT Service Management tool. Unauth ...)
+ TODO: check
+CVE-2024-51735 (Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scrip ...)
+ TODO: check
+CVE-2024-51530 (LaunchAnywhere vulnerability in the account module Impact: Successful ...)
+ TODO: check
+CVE-2024-51529 (Data verification vulnerability in the battery module Impact: Success ...)
+ TODO: check
+CVE-2024-51528 (Vulnerability of improper log printing in the Super Home Screen module ...)
+ TODO: check
+CVE-2024-51527 (Permission control vulnerability in the Gallery app Impact: Successful ...)
+ TODO: check
+CVE-2024-51526 (Permission control vulnerability in the hidebug module Impact: Success ...)
+ TODO: check
+CVE-2024-51525 (Permission control vulnerability in the clipboard module Impact: Succe ...)
+ TODO: check
+CVE-2024-51524 (Permission control vulnerability in the Wi-Fi module Impact: Successfu ...)
+ TODO: check
+CVE-2024-51523 (Information management vulnerability in the Gallery module Impact: Suc ...)
+ TODO: check
+CVE-2024-51522 (Vulnerability of improper device information processing in the device ...)
+ TODO: check
+CVE-2024-51521 (Input parameter verification vulnerability in the background service m ...)
+ TODO: check
+CVE-2024-51520 (Vulnerability of input parameters not being verified in the HDC module ...)
+ TODO: check
+CVE-2024-51519 (Vulnerability of input parameters not being verified in the HDC module ...)
+ TODO: check
+CVE-2024-51518 (Vulnerability of message types not being verified in the advanced mess ...)
+ TODO: check
+CVE-2024-51517 (Vulnerability of improper memory access in the phone service module Im ...)
+ TODO: check
+CVE-2024-51516 (Permission control vulnerability in the ability module Impact: Success ...)
+ TODO: check
+CVE-2024-51515 (Race condition vulnerability in the kernel network module Impact:Succe ...)
+ TODO: check
+CVE-2024-51514 (Vulnerability of pop-up windows belonging to no app in the VPN module ...)
+ TODO: check
+CVE-2024-51513 (Vulnerability of processes not being fully terminated in the VPN modul ...)
+ TODO: check
+CVE-2024-51512 (Vulnerability of parameter type not being verified in the WantAgent mo ...)
+ TODO: check
+CVE-2024-51511 (Vulnerability of parameter type not being verified in the WantAgent mo ...)
+ TODO: check
+CVE-2024-51510 (Out-of-bounds access vulnerability in the logo module Impact: Successf ...)
+ TODO: check
+CVE-2024-51493 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
+ TODO: check
+CVE-2024-51382 (Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows ...)
+ TODO: check
+CVE-2024-51381 (Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that a ...)
+ TODO: check
+CVE-2024-51380 (Stored Cross-Site Scripting (XSS) vulnerability discovered in the Prop ...)
+ TODO: check
+CVE-2024-51379 (Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3 ...)
+ TODO: check
+CVE-2024-51362 (The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an inf ...)
+ TODO: check
+CVE-2024-51240 (An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for pr ...)
+ TODO: check
+CVE-2024-51132 (An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 ...)
+ TODO: check
+CVE-2024-51024 (D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-51023 (D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-51022 (Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2024-51021 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
+ TODO: check
+CVE-2024-51020 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2024-51019 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2024-51018 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2024-51017 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2024-51016 (Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2024-51015 (Netgear R7000P v1.3.3.154 was discovered to contain a command injectio ...)
+ TODO: check
+CVE-2024-51014 (Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2024-51013 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2024-51012 (Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow vi ...)
+ TODO: check
+CVE-2024-51011 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
+ TODO: check
+CVE-2024-51010 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
+ TODO: check
+CVE-2024-51009 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-51008 (Netgear XR300 v1.0.3.78 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-51007 (Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2024-51006 (Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow vi ...)
+ TODO: check
+CVE-2024-51005 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-51004 (Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to mult ...)
+ TODO: check
+CVE-2024-51003 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
+ TODO: check
+CVE-2024-51002 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
+ TODO: check
+CVE-2024-51001 (Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow vi ...)
+ TODO: check
+CVE-2024-51000 (Netgear R8500 v1.0.2.160 was discovered to contain multiple stack over ...)
+ TODO: check
+CVE-2024-50999 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-50998 (Netgear R8500 v1.0.2.160 was discovered to contain multiple stack over ...)
+ TODO: check
+CVE-2024-50997 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
+ TODO: check
+CVE-2024-50996 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
+ TODO: check
+CVE-2024-50995 (Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow vi ...)
+ TODO: check
+CVE-2024-50994 (Netgear R8500 v1.0.2.160 was discovered to contain multiple stack over ...)
+ TODO: check
+CVE-2024-50993 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-50335 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2024-50333 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2024-50332 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2024-49774 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2024-49773 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2024-49772 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2024-49522 (Substance3D - Painter versions 10.0.1 and earlier are affected by an o ...)
+ TODO: check
+CVE-2024-49377 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
+ TODO: check
+CVE-2024-48312 (WebLaudos v20.8 (118) was discovered to contain a cross-site scripting ...)
+ TODO: check
+CVE-2024-47255 (In 2N Access Commander versions 3.1.1.2 and prior, a local attacker ca ...)
+ TODO: check
+CVE-2024-47254 (In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Ve ...)
+ TODO: check
+CVE-2024-47253 (In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vu ...)
+ TODO: check
+CVE-2024-10845 (A vulnerability has been found in 1000 Projects Bookstore Management S ...)
+ TODO: check
+CVE-2024-10844 (A vulnerability, which was classified as critical, was found in 1000 P ...)
+ TODO: check
+CVE-2024-10842 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-10841 (A vulnerability classified as critical was found in romadebrian WEB-Se ...)
+ TODO: check
+CVE-2024-10840 (A vulnerability classified as problematic has been found in romadebria ...)
+ TODO: check
+CVE-2024-10711 (The WooCommerce Report plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2024-10687 (The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Cont ...)
+ TODO: check
+CVE-2024-10329 (The Ultimate Bootstrap Elements for Elementor plugin for WordPress is ...)
+ TODO: check
+CVE-2024-10319 (The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for Wo ...)
+ TODO: check
+CVE-2024-10263 (The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-10114 (The WooCommerce - Social Login plugin for WordPress is vulnerable to a ...)
+ TODO: check
+CVE-2024-0134 (NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a U ...)
+ TODO: check
+CVE-2024-50138 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/8b62645b09f870d70c7910e7550289d444239a46 (6.12-rc4)
-CVE-2024-50137 [reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC]
+CVE-2024-50137 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2cf59663660799ce16f4dfbed97cdceac7a7fa11 (6.12-rc4)
-CVE-2024-50136 [net/mlx5: Unregister notifier on eswitch init failure]
+CVE-2024-50136 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1da9cfd6c41c2e6bbe624d0568644e1521c33e12 (6.12-rc4)
-CVE-2024-50135 [nvme-pci: fix race condition between reset and nvme_dev_disable()]
+CVE-2024-50135 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
NOTE: https://git.kernel.org/linus/26bc0a81f64ce00fc4342c38eeb2eddaad084dd2 (6.12-rc4)
-CVE-2024-50134 [drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA]
+CVE-2024-50134 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/d92b90f9a54d9300a6e883258e79f36dab53bfae (6.12-rc2)
-CVE-2024-50133 [LoongArch: Don't crash in stack_top() for tasks without vDSO]
+CVE-2024-50133 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/134475a9ab8487527238d270639a8cb74c10aab2 (6.12-rc5)
-CVE-2024-50132 [tracing/probes: Fix MAX_TRACE_ARGS limit handling]
+CVE-2024-50132 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/73f35080477e893aa6f4c8d388352b871b288fbc (6.12-rc5)
-CVE-2024-50131 [tracing: Consider the NULL character when validating the event length]
+CVE-2024-50131 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/0b6e2e22cb23105fcb171ab92f0f7516c69c8471 (6.12-rc5)
-CVE-2024-50130 [netfilter: bpf: must hold reference on net namespace]
+CVE-2024-50130 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1230fe7ad3974f7bf6c78901473e039b34d4fb1f (6.12-rc5)
-CVE-2024-50129 [net: pse-pd: Fix out of bound for loop]
+CVE-2024-50129 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f2767a41959e60763949c73ee180e40c686e807e (6.12-rc5)
-CVE-2024-50128 [net: wwan: fix global oob in wwan_rtnl_policy]
+CVE-2024-50128 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/47dd5447cab8ce30a847a0337d5341ae4c7476a7 (6.12-rc5)
-CVE-2024-50127 [net: sched: fix use-after-free in taprio_change()]
+CVE-2024-50127 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/f504465970aebb2467da548f7c1efbbf36d0f44b (6.12-rc5)
-CVE-2024-50126 [net: sched: use RCU read-side critical section in taprio_dump()]
+CVE-2024-50126 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b22db8b8befe90b61c98626ca1a2fbb0505e9fe3 (6.12-rc5)
-CVE-2024-50125 [Bluetooth: SCO: Fix UAF on sco_sock_timeout]
+CVE-2024-50125 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/1bf4470a3939c678fb822073e9ea77a0560bc6bb (6.12-rc5)
-CVE-2024-50124 [Bluetooth: ISO: Fix UAF on iso_sock_timeout]
+CVE-2024-50124 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/246b435ad668596aa0e2bbb9d491b6413861211a (6.12-rc5)
-CVE-2024-50123 [bpf: Add the missing BPF_LINK_TYPE invocation for sockmap]
+CVE-2024-50123 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c2f803052bc7a7feb2e03befccc8e49b6ff1f5f5 (6.12-rc5)
-CVE-2024-50122 [PCI: Hold rescan lock while adding devices during host probe]
+CVE-2024-50122 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1d59d474e1cb7d4fdf87dfaf96f44647f13ea590 (6.12-rc5)
-CVE-2024-50121 [nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net]
+CVE-2024-50121 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
NOTE: https://git.kernel.org/linus/d5ff2fb2e7167e9483846e34148e60c0c016a1f6 (6.12-rc5)
-CVE-2024-50120 [smb: client: Handle kstrdup failures for passwords]
+CVE-2024-50120 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9a5dd61151399ad5a5d69aad28ab164734c1e3bc (6.12-rc5)
-CVE-2024-50119 [cifs: fix warning when destroy 'cifs_io_request_pool']
+CVE-2024-50119 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2ce1007f42b8a6a0814386cb056feb28dc6d6091 (6.12-rc5)
-CVE-2024-50118 [btrfs: reject ro->rw reconfiguration if there are hard ro requirements]
+CVE-2024-50118 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3c36a72c1d27de6618c1c480c793d9924640f5bb (6.12-rc5)
-CVE-2024-50117 [drm/amd: Guard against bad data for ATIF ACPI method]
+CVE-2024-50117 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/bf58f03931fdcf7b3c45cb76ac13244477a60f44 (6.12-rc5)
-CVE-2024-50116 [nilfs2: fix kernel bug due to missing clearing of buffer delay flag]
+CVE-2024-50116 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/6ed469df0bfbef3e4b44fca954a781919db9f7ab (6.12-rc5)
-CVE-2024-50115 [KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory]
+CVE-2024-50115 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/f559b2e9c5c5308850544ab59396b7d53cfc67bd (6.12-rc5)
-CVE-2024-50114 [KVM: arm64: Unregister redistributor for failed vCPU creation]
+CVE-2024-50114 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ae8f8b37610269009326f4318df161206c59843e (6.12-rc5)
-CVE-2024-50113 [firewire: core: fix invalid port index for parent device]
+CVE-2024-50113 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f6a6780e0b9bbcf311a727afed06fee533a5e957 (6.12-rc5)
-CVE-2024-50112 [x86/lam: Disable ADDRESS_MASKING in most cases]
+CVE-2024-50112 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.11.6-1
NOTE: https://git.kernel.org/linus/3267cb6d3a174ff83d6287dcd5b0047bbd912452 (6.12-rc5)
-CVE-2024-50111 [LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context]
+CVE-2024-50111 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux 6.11.6-1
NOTE: https://git.kernel.org/linus/69cc6fad5df4ce652d969be69acc60e269e5eea1 (6.12-rc5)
-CVE-2024-50110 [xfrm: fix one more kernel-infoleak in algo dumping]
+CVE-2024-50110 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6889cd2a93e1e3606b3f6e958aa0924e836de4d2 (6.12-rc5)
-CVE-2024-50109 [md/raid10: fix null ptr dereference in raid10_size()]
+CVE-2024-50109 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/825711e00117fc686ab89ac36a9a7b252dc349c6 (6.12-rc5)
-CVE-2024-50108 [drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too]
+CVE-2024-50108 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/ba1959f71117b27f3099ee789e0815360b4081dd (6.12-rc5)
-CVE-2024-50107 [platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses]
+CVE-2024-50107 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/48771da48072823956b271dddd568492c13d8170 (6.12-rc5)
-CVE-2024-50106 [nfsd: fix race between laundromat and free_stateid]
+CVE-2024-50106 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
NOTE: https://git.kernel.org/linus/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a (6.12-rc5)
-CVE-2024-50105 [ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc]
+CVE-2024-50105 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/db7e59e6a39a4d3d54ca8197c796557e6d480b0d (6.12-rc5)
-CVE-2024-50104 [ASoC: qcom: sdm845: add missing soundwire runtime stream alloc]
+CVE-2024-50104 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d0e806b0cc6260b59c65e606034a63145169c04c (6.12-rc5)
-CVE-2024-50103 [ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()]
+CVE-2024-50103 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/49da1463c9e3d2082276c3e0e2a8b65a88711cd2 (6.12-rc5)
-CVE-2024-50102 [x86: fix user address masking non-canonical speculation issue]
+CVE-2024-50102 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/86e6b1547b3d013bc392adf775b89318441403c2 (6.12-rc5)
-CVE-2024-50101 [iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices]
+CVE-2024-50101 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.11.5-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6e02a277f1db24fa039e23783c8921c7b0e5b1b3 (6.12-rc4)
-CVE-2024-50100 [USB: gadget: dummy-hcd: Fix "task hung" problem]
+CVE-2024-50100 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 6.11.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5189df7b8088268012882c220d6aca4e64981348 (6.12-rc4)
-CVE-2024-50099 [arm64: probes: Remove broken LDR (literal) uprobe support]
+CVE-2024-50099 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.11.5-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/acc450aa07099d071b18174c22a1119c57da8227 (6.12-rc4)
-CVE-2024-50098 [scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down]
+CVE-2024-50098 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.11.5-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/19a198b67767d952c8f3d0cf24eb3100522a8223 (6.12-rc4)
-CVE-2024-50097 [net: fec: don't save PTP state if PTP is unsupported]
+CVE-2024-50097 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6be063071a457767ee229db13f019c2ec03bfe44 (6.12-rc3)
-CVE-2024-50096 [nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error]
+CVE-2024-50096 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.4-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/835745a377a4519decd1a36d6b926e369b3033e2 (6.12-rc3)
-CVE-2024-50095 [RDMA/mad: Improve handling of timed out WRs of mad agent]
+CVE-2024-50095 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.11.4-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/2a777679b8ccd09a9a65ea0716ef10365179caac (6.12-rc1)
-CVE-2024-50094 [sfc: Don't invoke xdp_do_flush() from netpoll.]
+CVE-2024-50094 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.11.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/55e802468e1d38dec8e25a2fdb6078d45b647e8c (6.12-rc3)
-CVE-2024-50093 [thermal: intel: int340x: processor: Fix warning during module unload]
+CVE-2024-50093 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.11.4-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/99ca0b57e49fb73624eede1c4396d9e3d10ccf14 (6.12-rc3)
-CVE-2024-50092 [net: netconsole: fix wrong warning]
+CVE-2024-50092 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d94785bb46b6167382b1de3290eccc91fa98df53 (6.12-rc3)
-CVE-2024-50091 [dm vdo: don't refer to dedupe_context after releasing it]
+CVE-2024-50091 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.4-1
NOTE: https://git.kernel.org/linus/0808ebf2f80b962e75741a41ced372a7116f1e26 (6.12-rc1)
-CVE-2024-50090 [drm/xe/oa: Fix overflow in oa batch buffer]
+CVE-2024-50090 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.4-1
NOTE: https://git.kernel.org/linus/6c10ba06bb1b48acce6d4d9c1e33beb9954f1788 (6.12-rc1)
-CVE-2024-50089 [unicode: Don't special case ignorable code points]
+CVE-2024-50089 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.11.4-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/5c26d2f1d3f5e4be3e196526bead29ecb139cf91 (6.12-rc3)
-CVE-2023-52920 [bpf: support non-r10 register spill/fill to/from stack in precision tracking]
+CVE-2023-52920 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.8.9-1
NOTE: https://git.kernel.org/linus/41f6f64e6999a837048b1bd13a2f8742964eca6b (6.8-rc1)
CVE-2024-9883 (The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape ...)
@@ -1827,7 +2061,7 @@ CVE-2019-25219 (Asio C++ Library before 1.13.0 lacks a fallback error code in th
CVE-2017-20195 (A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dd ...)
NOT-FOR-US: LUNAD3v
CVE-2024-10467 (Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thun ...)
- {DSA-5801-1 DLA-3944-1 DLA-3943-1}
+ {DSA-5803-1 DSA-5801-1 DLA-3944-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -1835,7 +2069,7 @@ CVE-2024-10467 (Memory safety bugs present in Firefox 131, Firefox ESR 128.3, an
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10467
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10467
CVE-2024-10466 (By sending a specially crafted push message, a remote server could hav ...)
- {DSA-5801-1 DLA-3944-1 DLA-3943-1}
+ {DSA-5803-1 DSA-5801-1 DLA-3944-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -1843,7 +2077,7 @@ CVE-2024-10466 (By sending a specially crafted push message, a remote server cou
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10466
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10466
CVE-2024-10465 (A clipboard "paste" button could persist across tabs which allowed a s ...)
- {DSA-5801-1 DLA-3944-1 DLA-3943-1}
+ {DSA-5803-1 DSA-5801-1 DLA-3944-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -1851,7 +2085,7 @@ CVE-2024-10465 (A clipboard "paste" button could persist across tabs which allow
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10465
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10465
CVE-2024-10464 (Repeated writes to history interface attributes could have been used t ...)
- {DSA-5801-1 DLA-3944-1 DLA-3943-1}
+ {DSA-5803-1 DSA-5801-1 DLA-3944-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -1862,7 +2096,7 @@ CVE-2024-10468 (Potential race conditions in IndexedDB could have caused memory
- firefox 132.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/#CVE-2024-10468
CVE-2024-10463 (Video frames could have been leaked between origins in some situations ...)
- {DSA-5801-1 DLA-3944-1 DLA-3943-1}
+ {DSA-5803-1 DSA-5801-1 DLA-3944-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -1870,7 +2104,7 @@ CVE-2024-10463 (Video frames could have been leaked between origins in some situ
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10463
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10463
CVE-2024-10462 (Truncation of a long URL could have allowed origin spoofing in a permi ...)
- {DSA-5801-1 DLA-3944-1 DLA-3943-1}
+ {DSA-5803-1 DSA-5801-1 DLA-3944-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -1878,7 +2112,7 @@ CVE-2024-10462 (Truncation of a long URL could have allowed origin spoofing in a
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10462
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10462
CVE-2024-10461 (In multipart/x-mixed-replace responses, `Content-Disposition: attachme ...)
- {DSA-5801-1 DLA-3944-1 DLA-3943-1}
+ {DSA-5803-1 DSA-5801-1 DLA-3944-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -1886,7 +2120,7 @@ CVE-2024-10461 (In multipart/x-mixed-replace responses, `Content-Disposition: at
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10461
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10461
CVE-2024-10460 (The origin of an external protocol handler prompt could have been obsc ...)
- {DSA-5801-1 DLA-3944-1 DLA-3943-1}
+ {DSA-5803-1 DSA-5801-1 DLA-3944-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -1894,7 +2128,7 @@ CVE-2024-10460 (The origin of an external protocol handler prompt could have bee
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10460
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10460
CVE-2024-10459 (An attacker could have caused a use-after-free when accessibility was ...)
- {DSA-5801-1 DLA-3944-1 DLA-3943-1}
+ {DSA-5803-1 DSA-5801-1 DLA-3944-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -1902,7 +2136,7 @@ CVE-2024-10459 (An attacker could have caused a use-after-free when accessibilit
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10459
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10459
CVE-2024-10458 (A permission leak could have occurred from a trusted site to an untrus ...)
- {DSA-5801-1 DLA-3944-1 DLA-3943-1}
+ {DSA-5803-1 DSA-5801-1 DLA-3944-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -125587,32 +125821,32 @@ CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 C
NOT-FOR-US: Siemens
CVE-2023-29127
RESERVED
-CVE-2023-29126
- RESERVED
-CVE-2023-29125
- RESERVED
+CVE-2023-29126 (The Waybox Enel X web management application contains a PHP-type juggl ...)
+ TODO: check
+CVE-2023-29125 (A heap buffer overflow could be triggered by sending a specific packet ...)
+ TODO: check
CVE-2023-29124
RESERVED
CVE-2023-29123
RESERVED
-CVE-2023-29122
- RESERVED
-CVE-2023-29121
- RESERVED
-CVE-2023-29120
- RESERVED
-CVE-2023-29119
- RESERVED
-CVE-2023-29118
- RESERVED
-CVE-2023-29117
- RESERVED
-CVE-2023-29116
- RESERVED
-CVE-2023-29115
- RESERVED
-CVE-2023-29114
- RESERVED
+CVE-2023-29122 (Under certain conditions, access to service libraries is granted to ac ...)
+ TODO: check
+CVE-2023-29121 (Waybox Enel TCF Agent service could be used to get administrator\u2019 ...)
+ TODO: check
+CVE-2023-29120 (Waybox Enel X web management application could be used to execute arbi ...)
+ TODO: check
+CVE-2023-29119 (Waybox Enel X web management application could execute arbitrary reque ...)
+ TODO: check
+CVE-2023-29118 (Waybox Enel X web management application could execute arbitrary reque ...)
+ TODO: check
+CVE-2023-29117 (Waybox Enel X web management API authentication could be bypassed and ...)
+ TODO: check
+CVE-2023-29116 (Under certain conditions, through a request directed to the Waybox Ene ...)
+ TODO: check
+CVE-2023-29115 (In certain conditions a request directed to the Waybox Enel X Web mana ...)
+ TODO: check
+CVE-2023-29114 (System logs could be accessed through web management application due t ...)
+ TODO: check
CVE-2023-29113
RESERVED
CVE-2023-29112 (The SAP Application Interface (Message Monitoring) - versions 600, 700 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d99749307fc1b0aef96a7b264c6ef504a3a80ba7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d99749307fc1b0aef96a7b264c6ef504a3a80ba7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241105/c721f167/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list