[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 19 08:12:17 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d933b06 by security tracker role at 2024-11-19T08:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,145 +1,223 @@
-CVE-2024-50302 [HID: core: zero-initialize the report buffer]
+CVE-2024-8403 (Improper Validation of Specified Type of Input vulnerability in Mitsub ...)
+	TODO: check
+CVE-2024-52587 (StepSecurity's Harden-Runner provides network egress filtering and run ...)
+	TODO: check
+CVE-2024-52585 (Autolab is a course management service that enables auto-graded progra ...)
+	TODO: check
+CVE-2024-52584 (Autolab is a course management service that enables auto-graded progra ...)
+	TODO: check
+CVE-2024-52583 (The WesHacks GitHub repository provides the official Hackathon competi ...)
+	TODO: check
+CVE-2024-52506 (Graylog is a free and open log management platform. The reporting func ...)
+	TODO: check
+CVE-2024-52418 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52417 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52394 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52390 (: Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path ...)
+	TODO: check
+CVE-2024-52389 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52349 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52348 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52347 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52346 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52345 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52344 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52343 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52342 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52341 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52340 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52339 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-52304 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+	TODO: check
+CVE-2024-51940 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-51939 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-51053 (An arbitrary file upload vulnerability in the component /main/fileuplo ...)
+	TODO: check
+CVE-2024-51051 (AVSCMS v8.2.0 was discovered to contain weak default credentials for t ...)
+	TODO: check
+CVE-2024-50849 (Cross-Site Scripting (XSS) in the "Rules" functionality in WordServer  ...)
+	TODO: check
+CVE-2024-50848 (An XML External Entity (XXE) vulnerability in the Import object and Tr ...)
+	TODO: check
+CVE-2024-50804 (Insecure Permissions vulnerability in Micro-star International MSI Cen ...)
+	TODO: check
+CVE-2024-33231 (Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows  ...)
+	TODO: check
+CVE-2024-21539 (Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable ...)
+	TODO: check
+CVE-2024-21287 (Vulnerability in the Oracle Agile PLM Framework product of Oracle Supp ...)
+	TODO: check
+CVE-2024-11098 (The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2024-11069 (The WordPress GDPR plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2024-10486 (The Google for WooCommerce plugin for WordPress is vulnerable to Infor ...)
+	TODO: check
+CVE-2024-10388 (The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross- ...)
+	TODO: check
+CVE-2024-10268 (The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by So ...)
+	TODO: check
+CVE-2024-10103 (In the process of testing the MailPoet  WordPress plugin before 5.3.2, ...)
+	TODO: check
+CVE-2024-50302 (In the Linux kernel, the following vulnerability has been resolved:  H ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/177f25d1292c7e16e1199b39c85480f7f8815552 (6.12-rc7)
-CVE-2024-50301 [security/keys: fix slab-out-of-bounds in key_task_permission]
+CVE-2024-50301 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/4a74da044ec9ec8679e6beccc4306b936b62873f (6.12-rc7)
-CVE-2024-50300 [regulator: rtq2208: Fix uninitialized use of regulator_config]
+CVE-2024-50300 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux 6.11.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/2feb023110843acce790e9089e72e9a9503d9fa5 (6.12-rc7)
-CVE-2024-50299 [sctp: properly validate chunk size in sctp_sf_ootb()]
+CVE-2024-50299 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/0ead60804b64f5bd6999eec88e503c6a1a242d41 (6.12-rc7)
-CVE-2024-50298 [net: enetc: allocate vf_state during PF probes]
+CVE-2024-50298 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/e15c5506dd39885cd047f811a64240e2e8ab401b (6.12-rc7)
-CVE-2024-50297 [net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts]
+CVE-2024-50297 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.11.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/5ccdcdf186aec6b9111845fd37e1757e9b413e2f (6.12-rc7)
-CVE-2024-50296 [net: hns3: fix kernel crash when uninstalling driver]
+CVE-2024-50296 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/df3dff8ab6d79edc942464999d06fbaedf8cdd18 (6.12-rc7)
-CVE-2024-50295 [net: arc: fix the device for dma_map_single/dma_unmap_single]
+CVE-2024-50295 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/71803c1dfa29e0d13b99e48fda11107cc8caebc7 (6.12-rc7)
-CVE-2024-50294 [rxrpc: Fix missing locking causing hanging calls]
+CVE-2024-50294 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux 6.11.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/fc9de52de38f656399d2ce40f7349a6b5f86e787 (6.12-rc7)
-CVE-2024-50293 [net/smc: do not leave a dangling sk pointer in __smc_create()]
+CVE-2024-50293 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.11.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d293958a8595ba566fb90b99da4d6263e14fee15 (6.12-rc7)
-CVE-2024-50292 [ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove]
+CVE-2024-50292 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/9bb4af400c386374ab1047df44c508512c08c31f (6.12-rc7)
-CVE-2024-50291 [media: dvb-core: add missing buffer index check]
+CVE-2024-50291 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.11.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/fa88dc7db176c79b50adb132a56120a1d4d9d18b (6.12-rc7)
-CVE-2024-50290 [media: cx24116: prevent overflows on SNR calculus]
+CVE-2024-50290 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/576a307a7650bd544fbb24df801b9b7863b85e2f (6.12-rc7)
-CVE-2024-50289 [media: av7110: fix a spectre vulnerability]
+CVE-2024-50289 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/458ea1c0be991573ec436aa0afa23baacfae101a (6.12-rc7)
-CVE-2024-50288 [media: vivid: fix buffer overwrite when using > 32 buffers]
+CVE-2024-50288 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.11.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/96d8569563916fe2f8fe17317e20e43f54f9ba4b (6.12-rc7)
-CVE-2024-50287 [media: v4l2-tpg: prevent the risk of a division by zero]
+CVE-2024-50287 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/e6a3ea83fbe15d4818d01804e904cbb0e64e543b (6.12-rc7)
-CVE-2024-50286 [ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create]
+CVE-2024-50286 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/0a77715db22611df50b178374c51e2ba0d58866e (6.12-rc7)
-CVE-2024-50285 [ksmbd: check outstanding simultaneous SMB operations]
+CVE-2024-50285 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/0a77d947f599b1f39065015bec99390d0c0022ee (6.12-rc7)
-CVE-2024-50284 [ksmbd: Fix the missing xa_store error check]
+CVE-2024-50284 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.11.9-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3abab905b14f4ba756d413f37f1fb02b708eee93 (6.12-rc7)
-CVE-2024-50283 [ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp]
+CVE-2024-50283 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/b8fc56fbca7482c1e5c0e3351c6ae78982e25ada (6.12-rc7)
-CVE-2024-50282 [drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()]
+CVE-2024-50282 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/4d75b9468021c73108b4439794d69e892b1d24e3 (6.12-rc7)
-CVE-2024-50281 [KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation]
+CVE-2024-50281 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 6.11.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/04de7589e0a95167d803ecadd115235ba2c14997 (6.12-rc7)
-CVE-2024-50280 [dm cache: fix flushing uninitialized delayed_work on cache_ctr error]
+CVE-2024-50280 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/135496c208ba26fd68cdef10b64ed7a91ac9a7ff (6.12-rc7)
-CVE-2024-50279 [dm cache: fix out-of-bounds access to the dirty bitset when resizing]
+CVE-2024-50279 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/792227719725497ce10a8039803bec13f89f8910 (6.12-rc7)
-CVE-2024-50278 [dm cache: fix potential out-of-bounds access on the first resume]
+CVE-2024-50278 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/c0ade5d98979585d4f5a93e4514c2e9a65afa08d (6.12-rc7)
-CVE-2024-50277 [dm: fix a crash if blk_alloc_disk fails]
+CVE-2024-50277 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/fed13a5478680614ba97fc87e71f16e2e197912e (6.12-rc7)
-CVE-2024-50276 [net: vertexcom: mse102x: Fix possible double free of TX skb]
+CVE-2024-50276 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.11.9-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/1f26339b2ed63d1e8e18a18674fb73a392f3660e (6.12-rc7)
-CVE-2024-50275 [arm64/sve: Discard stale CPU state when handling SVE traps]
+CVE-2024-50275 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 6.11.9-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/751ecf6afd6568adc98f2a6052315552c0483d18 (6.12-rc7)
-CVE-2024-50274 [idpf: avoid vport access in idpf_get_link_ksettings]
+CVE-2024-50274 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.11.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/81d2fb4c7c18a3b36ba3e00b9d5b753107472d75 (6.12-rc7)
-CVE-2024-50273 [btrfs: reinitialize delayed ref list after deleting it from the list]
+CVE-2024-50273 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/c9a75ec45f1111ef530ab186c2a7684d0a0c9245 (6.12-rc7)
-CVE-2024-50272 [filemap: Fix bounds checking in filemap_read()]
+CVE-2024-50272 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/ace149e0830c380ddfce7e466fe860ca502fe4ee (6.12-rc7)
-CVE-2024-50271 [signal: restore the override_rlimit logic]
+CVE-2024-50271 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.11.9-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/9e05e5c7ee8758141d2db7e8fea2cab34500c6ed (6.12-rc7)
-CVE-2024-50270 [mm/damon/core: avoid overflow in damon_feed_loop_next_input()]
+CVE-2024-50270 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.11.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/4401e9d10ab0281a520b9f8c220f30f60b5c248f (6.12-rc7)
-CVE-2024-50269 [usb: musb: sunxi: Fix accessing an released usb phy]
+CVE-2024-50269 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/498dbd9aea205db9da674994b74c7bf8e18448bd (6.12-rc7)
-CVE-2024-50268 [usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()]
+CVE-2024-50268 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/7dd08a0b4193087976db6b3ee7807de7e8316f96 (6.12-rc7)
-CVE-2024-50267 [USB: serial: io_edgeport: fix use after free in debug printk]
+CVE-2024-50267 (In the Linux kernel, the following vulnerability has been resolved:  U ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/37bb5628379295c1254c113a407cab03a0f4d0b4 (6.12-rc7)
-CVE-2024-50266 [clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs]
+CVE-2024-50266 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.11.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/f903663a8dcd6e1656e52856afbf706cc14cbe6d (6.12-rc7)
-CVE-2024-50265 [ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()]
+CVE-2024-50265 (In the Linux kernel, the following vulnerability has been resolved:  o ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/0b63c0e01fba40e3992bc627272ec7b618ccaef7 (6.12-rc7)
-CVE-2024-50264 [vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans]
+CVE-2024-50264 (In the Linux kernel, the following vulnerability has been resolved:  v ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f (6.12)
-CVE-2023-52921 [drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()]
+CVE-2023-52921 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.4.11-1
 	[bookworm] - linux 6.1.52-1
 	NOTE: https://git.kernel.org/linus/90e065677e0362a777b9db97ea21d43a39211399 (6.5-rc6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d933b06814e3342df9e4ddcf3fb9c9ce798ae32

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d933b06814e3342df9e4ddcf3fb9c9ce798ae32
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241119/0d5f96df/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list