[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 13 09:12:22 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f3f2a0c4 by security tracker role at 2024-09-13T08:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,168 +1,222 @@
-CVE-2024-46712 [drm/vmwgfx: Disable coherent dumb buffers without 3d]
+CVE-2024-8762 (A vulnerability was found in code-projects Crud Operation System 1.0. ...)
+ TODO: check
+CVE-2024-8751 (A vulnerability in the MSC800 allows an unauthenticated attacker to mo ...)
+ TODO: check
+CVE-2024-8742 (The Essential Addons for Elementor \u2013 Best Elementor Addon, Templa ...)
+ TODO: check
+CVE-2024-8665 (The YITH Custom Login plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2024-8664 (The WP Test Email plugin for WordPress is vulnerable to Reflected Cros ...)
+ TODO: check
+CVE-2024-8663 (The WP Simple Booking Calendar plugin for WordPress is vulnerable to R ...)
+ TODO: check
+CVE-2024-8656 (The WPFactory Helper plugin for WordPress is vulnerable to Reflected C ...)
+ TODO: check
+CVE-2024-7961 (A path traversal vulnerability exists in the Rockwell Automation affec ...)
+ TODO: check
+CVE-2024-7960 (The Rockwell Automation affected product contains a vulnerability that ...)
+ TODO: check
+CVE-2024-7888 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...)
+ TODO: check
+CVE-2024-7864 (The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not ha ...)
+ TODO: check
+CVE-2024-7863 (The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not va ...)
+ TODO: check
+CVE-2024-7133 (The Floating Notification Bar, Sticky Menu on Scroll, Announcement Ban ...)
+ TODO: check
+CVE-2024-7129 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
+ TODO: check
+CVE-2024-6850 (The Carousel Slider WordPress plugin before 2.2.4 does not sanitise an ...)
+ TODO: check
+CVE-2024-6723 (The AI Engine WordPress plugin before 2.4.8 does not properly sanitise ...)
+ TODO: check
+CVE-2024-6617 (The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 do ...)
+ TODO: check
+CVE-2024-6493 (The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 do ...)
+ TODO: check
+CVE-2024-5628 (The Avada | Website Builder For WordPress & eCommerce plugin for WordP ...)
+ TODO: check
+CVE-2024-5567 (The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2024-43180 (IBM Concert 1.0 does not set the secure attribute on authorization tok ...)
+ TODO: check
+CVE-2024-41873 (Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-41872 (Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-41871 (Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-41870 (Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-39377 (Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-38816 (Applications serving static resources through the functional web frame ...)
+ TODO: check
+CVE-2024-46712 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e9fd436bb8fb9b9d31fdf07bbcdba6d30290c5e4 (6.11-rc6)
-CVE-2024-46711 [mptcp: pm: fix ID 0 endp usage after multiple re-creations]
+CVE-2024-46711 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)
-CVE-2024-46710 [drm/vmwgfx: Prevent unmapping active read buffers]
+CVE-2024-46710 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)
-CVE-2024-46709 [drm/vmwgfx: Fix prime with external buffers]
+CVE-2024-46709 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)
-CVE-2024-46708 [pinctrl: qcom: x1e80100: Fix special pin offsets]
+CVE-2024-46708 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)
-CVE-2024-46707 [KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3]
+CVE-2024-46707 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.10.7-1
NOTE: https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)
-CVE-2024-46706 [tty: serial: fsl_lpuart: mark last busy before uart_add_one_port]
+CVE-2024-46706 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.10.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)
-CVE-2024-46705 [drm/xe: reset mmio mappings with devm]
+CVE-2024-46705 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.7-1
NOTE: https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)
-CVE-2024-46704 [workqueue: Fix spruious data race in __flush_work()]
+CVE-2024-46704 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8bc35475ef1a23b0e224f3242eb11c76cab0ea88 (6.11-rc5)
-CVE-2024-46703 [Revert "serial: 8250_omap: Set the console genpd always on if no console suspend"]
+CVE-2024-46703 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.10.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)
-CVE-2024-46702 [thunderbolt: Mark XDomain as unplugged when router is removed]
+CVE-2024-46702 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.10.7-1
NOTE: https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)
-CVE-2024-46701 [libfs: fix infinite directory reads for offset dir]
+CVE-2024-46701 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.10.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)
-CVE-2024-46700 [drm/amdgpu/mes: fix mes ring buffer overflow]
+CVE-2024-46700 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/11752c013f562a1124088a35bd314aa0e9f0e88f (6.11-rc4)
-CVE-2024-46699 [drm/v3d: Disable preemption while updating GPU stats]
+CVE-2024-46699 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9d824c7fce58f59982228aa85b0376b113cdfa35 (6.11-rc6)
-CVE-2024-46698 [video/aperture: optionally match the device in sysfb_disable()]
+CVE-2024-46698 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.10.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)
-CVE-2024-46697 [nfsd: ensure that nfsd4_fattr_args.context is zeroed out]
+CVE-2024-46697 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)
-CVE-2024-46696 [nfsd: fix potential UAF in nfsd4_cb_getattr_release]
+CVE-2024-46696 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1116e0e372eb16dd907ec571ce5d4af325c55c10 (6.11-rc6)
-CVE-2024-46695 [selinux,smack: don't bypass permissions check in inode_setsecctx hook]
+CVE-2024-46695 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)
-CVE-2024-46694 [drm/amd/display: avoid using null object of framebuffer]
+CVE-2024-46694 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)
-CVE-2024-46693 [soc: qcom: pmic_glink: Fix race during initialization]
+CVE-2024-46693 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)
-CVE-2024-46692 [firmware: qcom: scm: Mark get_wq_ctx() as atomic call]
+CVE-2024-46692 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)
-CVE-2024-46691 [usb: typec: ucsi: Move unregister out of atomic section]
+CVE-2024-46691 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)
-CVE-2024-46690 [nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease]
+CVE-2024-46690 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/40927f3d0972bf86357a32a5749be71a551241b6 (6.11-rc6)
-CVE-2024-46689 [soc: qcom: cmd-db: Map shared memory as WC, not WB]
+CVE-2024-46689 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)
-CVE-2024-46688 [erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails]
+CVE-2024-46688 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0005e01e1e875c5e27130c5e2ed0189749d1e08a (6.11-rc5)
-CVE-2024-46687 [btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()]
+CVE-2024-46687 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)
-CVE-2024-46686 [smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()]
+CVE-2024-46686 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)
-CVE-2024-46685 [pinctrl: single: fix potential NULL dereference in pcs_get_function()]
+CVE-2024-46685 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)
-CVE-2024-46684 [binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined]
+CVE-2024-46684 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c6a09e342f8e6d3cac7f7c5c14085236aca284b9 (6.11-rc6)
-CVE-2024-46683 [drm/xe: prevent UAF around preempt fence]
+CVE-2024-46683 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)
-CVE-2024-46682 [nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open]
+CVE-2024-46682 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a204501e1743d695ca2930ed25a2be9f8ced96d3 (6.11-rc6)
-CVE-2024-46681 [pktgen: use cpus_read_lock() in pg_net_init()]
+CVE-2024-46681 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)
-CVE-2024-46680 [Bluetooth: btnxpuart: Fix random crash seen while removing driver]
+CVE-2024-46680 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.10.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)
-CVE-2024-46679 [ethtool: check device is present when getting link settings]
+CVE-2024-46679 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)
-CVE-2024-46678 [bonding: change ipsec_lock from spin lock to mutex]
+CVE-2024-46678 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)
-CVE-2024-46677 [gtp: fix a potential NULL pointer dereference]
+CVE-2024-46677 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)
-CVE-2024-46676 [nfc: pn533: Add poll mod list filling check]
+CVE-2024-46676 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)
-CVE-2024-46675 [usb: dwc3: core: Prevent USB core invalid event buffer address access]
+CVE-2024-46675 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)
-CVE-2024-46674 [usb: dwc3: st: fix probed platform device ref count on probe error path]
+CVE-2024-46674 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/ddfcfeba891064b88bb844208b43bef2ef970f0c (6.11-rc6)
-CVE-2024-46673 [scsi: aacraid: Fix double-free on probe failure]
+CVE-2024-46673 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)
CVE-2024-8754 (An issue has been discovered in GitLab EE/CE affecting all versions fr ...)
@@ -654,7 +708,7 @@ CVE-2024-3899 (The Gallery Plugin for WordPress WordPress plugin before 1.8.15
NOT-FOR-US: WordPress plugin
CVE-2024-39808 (Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 ...)
NOT-FOR-US: Gallagher
-CVE-2024-31336 (Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severi ...)
+CVE-2024-31336 (In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a pos ...)
NOT-FOR-US: Android
CVE-2024-24972 (Buffer Copy without Checking Size of Input (CWE-120) in the Controller ...)
NOT-FOR-US: Gallagher
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3f2a0c499e0be39e51d392cd0a39a5e67cb9703
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3f2a0c499e0be39e51d392cd0a39a5e67cb9703
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240913/63a1d404/attachment.htm>
More information about the debian-security-tracker-commits
mailing list