[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 18 21:29:24 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d996a384 by security tracker role at 2024-09-18T20:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,333 @@
+CVE-2024-8969 (OMFLOW from The SYSCOM Group has a vulnerability involving the exposur ...)
+ TODO: check
+CVE-2024-8957 (PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an ...)
+ TODO: check
+CVE-2024-8892 (Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could a ...)
+ TODO: check
+CVE-2024-8891 (An attacker with no knowledge of the current users in the web applicat ...)
+ TODO: check
+CVE-2024-8890 (An attacker with access to the network where the CIRCUTOR Q-SMT is loc ...)
+ TODO: check
+CVE-2024-8889 (Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could a ...)
+ TODO: check
+CVE-2024-8888 (An attacker with access to the network where CIRCUTOR Q-SMT is located ...)
+ TODO: check
+CVE-2024-8887 (CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a d ...)
+ TODO: check
+CVE-2024-8287 (Anbox Management Service, in versions 1.17.0 through 1.23.0, does not ...)
+ TODO: check
+CVE-2024-6878 (Files or Directories Accessible to External Parties vulnerability in E ...)
+ TODO: check
+CVE-2024-6877 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-6641 (The WP Hardening \u2013 Fix Your WordPress Security plugin for WordPre ...)
+ TODO: check
+CVE-2024-6406 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-5960 (Plaintext Storage of a Password vulnerability in Eliz Software Panel a ...)
+ TODO: check
+CVE-2024-5959 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-5958 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-5682 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2024-47001 (Hidden functionality issue in multiple digital video recorders provide ...)
+ TODO: check
+CVE-2024-46990 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2024-46989 (spicedb is an Open Source, Google Zanzibar-inspired permissions databa ...)
+ TODO: check
+CVE-2024-46987 (Camaleon CMS is a dynamic and advanced content management system based ...)
+ TODO: check
+CVE-2024-46986 (Camaleon CMS is a dynamic and advanced content management system based ...)
+ TODO: check
+CVE-2024-46982 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2024-46979 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2024-46978 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2024-46959 (runofast Indoor Security Camera for Baby Monitor has a default passwor ...)
+ TODO: check
+CVE-2024-46598 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46597 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46596 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46595 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46594 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46593 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46592 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46591 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46590 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46589 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46588 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46586 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46585 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46584 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46583 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46582 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46581 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46580 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46571 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46568 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46567 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46566 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46565 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46564 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46561 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46560 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46559 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46558 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46557 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46556 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46555 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46554 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46553 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46552 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46551 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46550 (Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2024-46086 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery ...)
+ TODO: check
+CVE-2024-45858 (An arbitrary code execution vulnerability exists in versions 0.2.9 up ...)
+ TODO: check
+CVE-2024-45813 (find-my-way is a fast, open source HTTP router, internally using a Rad ...)
+ TODO: check
+CVE-2024-45679 (Heap-based buffer overflow vulnerability in Assimp versions prior to 5 ...)
+ TODO: check
+CVE-2024-45601 (Mesop is a Python-based UI framework designed for rapid web apps devel ...)
+ TODO: check
+CVE-2024-45523 (An issue was discovered in Bravura Security Fabric versions 12.3.x bef ...)
+ TODO: check
+CVE-2024-45452 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-45451 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-45366 (Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vul ...)
+ TODO: check
+CVE-2024-45298 (Wiki.js is an open source wiki app built on Node.js. A disabled user c ...)
+ TODO: check
+CVE-2024-44589 (Stack overflow vulnerability in the Login function in the HNAP service ...)
+ TODO: check
+CVE-2024-44542 (SQL Injection vulnerability in todesk v.1.1 allows a remote attacker t ...)
+ TODO: check
+CVE-2024-44064 (Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button ...)
+ TODO: check
+CVE-2024-44051 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44050 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44049 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44047 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44009 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44008 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44007 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44005 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44004 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-44003 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44002 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44001 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43999 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43995 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43994 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43993 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43992 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43991 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43988 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43987 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43985 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43983 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43978 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-43977 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43976 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-43975 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43972 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43971 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43970 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43969 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-43938 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43778 (OS command injection vulnerability in multiple digital video recorders ...)
+ TODO: check
+CVE-2024-43188 (IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 ...)
+ TODO: check
+CVE-2024-43025 (An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and ear ...)
+ TODO: check
+CVE-2024-43024 (Multiple stored cross-site scripting (XSS) vulnerabilities in RWS Mult ...)
+ TODO: check
+CVE-2024-42404 (SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allo ...)
+ TODO: check
+CVE-2024-41929 (Improper authentication vulnerability in multiple digital video record ...)
+ TODO: check
+CVE-2024-39590 (Multiple invalid pointer dereference vulnerabilities exist in the Open ...)
+ TODO: check
+CVE-2024-39589 (Multiple invalid pointer dereference vulnerabilities exist in the Open ...)
+ TODO: check
+CVE-2024-39339 (A vulnerability has been discovered in all versions of Smartplay headu ...)
+ TODO: check
+CVE-2024-39081 (An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a ...)
+ TODO: check
+CVE-2024-37985 (Windows Kernel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-36981 (An out-of-bounds read vulnerability exists in the OpenPLC Runtime Ethe ...)
+ TODO: check
+CVE-2024-36980 (An out-of-bounds read vulnerability exists in the OpenPLC Runtime Ethe ...)
+ TODO: check
+CVE-2024-35515 (Insecure deserialization in sqlitedict up to v2.1.0 allows attackers t ...)
+ TODO: check
+CVE-2024-34399 (**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mi ...)
+ TODO: check
+CVE-2024-34057 (Triangle Microworks TMW IEC 61850 Client source code libraries before ...)
+ TODO: check
+CVE-2024-34026 (A stack-based buffer overflow vulnerability exists in the OpenPLC Runt ...)
+ TODO: check
+CVE-2024-31198 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31197 (Improper Null Termination vulnerability in Open Networking Foundation ...)
+ TODO: check
+CVE-2024-31196 (Unchecked Return Value to NULL Pointer Dereference vulnerability in Op ...)
+ TODO: check
+CVE-2024-31195 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31194 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31193 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31192 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31191 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31190 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31189 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31188 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31187 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31186 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31185 (Unchecked Return Value to NULL Pointer Dereference vulnerability in Op ...)
+ TODO: check
+CVE-2024-31184 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31183 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31182 (Unchecked Return Value to NULL Pointer Dereference vulnerability in Op ...)
+ TODO: check
+CVE-2024-31181 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31180 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31179 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31178 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31177 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31176 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31175 (Unchecked Return Value to NULL Pointer Dereference vulnerability in Op ...)
+ TODO: check
+CVE-2024-31174 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31173 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31172 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31171 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31170 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31169 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31168 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31167 (Unchecked Return Value to NULL Pointer Dereference vulnerability in Op ...)
+ TODO: check
+CVE-2024-31166 (Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) l ...)
+ TODO: check
+CVE-2024-31165 (Unchecked Return Value to NULL Pointer Dereference vulnerability in Op ...)
+ TODO: check
+CVE-2024-31164 (Unchecked Return Value to NULL Pointer Dereference vulnerability in Op ...)
+ TODO: check
+CVE-2024-23916 (Unchecked Return Value to NULL Pointer Dereference vulnerability in Op ...)
+ TODO: check
+CVE-2024-23915 (Unchecked Return Value to NULL Pointer Dereference vulnerability in Op ...)
+ TODO: check
+CVE-2023-49203 (Technitium 11.5.3 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2023-47105 (exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode ...)
+ TODO: check
+CVE-2023-41612 (Victure PC420 1.1.39 was discovered to use a weak encryption key for t ...)
+ TODO: check
+CVE-2023-41611 (Victure PC420 1.1.39 was discovered to use a weak and partially hardco ...)
+ TODO: check
+CVE-2023-41610 (Victure PC420 1.1.39 was discovered to contain a hardcoded root passwo ...)
+ TODO: check
CVE-2024-XXXX [get_groups does not always returns the group of the action]
- tryton-server 6.0.52-1
NOTE: https://discuss.tryton.org/t/security-release-for-issues-13505-and-13506/7846
@@ -6,334 +336,334 @@ CVE-2024-XXXX [Access to records of report are not checked]
- tryton-server 6.0.52-1
NOTE: https://discuss.tryton.org/t/security-release-for-issues-13505-and-13506/7846
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/13505
-CVE-2024-46801 [libfs: fix get_stashed_dentry()]
+CVE-2024-46801 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4e32c25b58b945f976435bbe51f39b32d714052e (6.11-rc7)
-CVE-2024-46800 [sch/netem: fix use after free in netem_dequeue]
+CVE-2024-46800 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)
-CVE-2024-46799 [net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX]
+CVE-2024-46799 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0a50c35277f96481a5a6ed5faf347f282040c57d (6.11-rc7)
-CVE-2024-46798 [ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object]
+CVE-2024-46798 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)
-CVE-2024-46797 [powerpc/qspinlock: Fix deadlock in MCS queue]
+CVE-2024-46797 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)
-CVE-2024-46796 [smb: client: fix double put of @cfile in smb2_set_path_size()]
+CVE-2024-46796 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f9c169b51b6ce20394594ef674d6b10efba31220 (6.11-rc7)
-CVE-2024-46795 [ksmbd: unset the binding mark of a reused connection]
+CVE-2024-46795 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)
-CVE-2024-46794 [x86/tdx: Fix data leak in mmio_read()]
+CVE-2024-46794 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)
-CVE-2024-46793 [ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder]
+CVE-2024-46793 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)
-CVE-2024-46792 [riscv: misaligned: Restrict user access to kernel memory]
+CVE-2024-46792 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)
-CVE-2024-46791 [can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open]
+CVE-2024-46791 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)
-CVE-2024-46790 [codetag: debug: mark codetags for poisoned page as empty]
+CVE-2024-46790 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5e9784e997620af7c1399029282f5d6964b41942 (6.11-rc7)
-CVE-2024-46789 [mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook]
+CVE-2024-46789 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ab7ca09520e9c41c219a4427fe0dae24024bfe7f (6.11-rc7)
-CVE-2024-46788 [tracing/osnoise: Use a cpumask to know what threads are kthreads]
+CVE-2024-46788 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)
-CVE-2024-46787 [userfaultfd: fix checks for huge PMDs]
+CVE-2024-46787 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)
-CVE-2024-46786 [fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF]
+CVE-2024-46786 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)
-CVE-2024-46785 [eventfs: Use list_del_rcu() for SRCU protected list variable]
+CVE-2024-46785 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)
-CVE-2024-46784 [net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup]
+CVE-2024-46784 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)
-CVE-2024-46783 [tcp_bpf: fix return value of tcp_bpf_sendmsg()]
+CVE-2024-46783 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)
-CVE-2024-46782 [ila: call nf_unregister_net_hooks() sooner]
+CVE-2024-46782 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)
-CVE-2024-46781 [nilfs2: fix missing cleanup on rollforward recovery error]
+CVE-2024-46781 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)
-CVE-2024-46780 [nilfs2: protect references to superblock parameters exposed in sysfs]
+CVE-2024-46780 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)
-CVE-2024-46779 [drm/imagination: Free pvr_vm_gpuva after unlink]
+CVE-2024-46779 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)
-CVE-2024-46778 [drm/amd/display: Check UnboundedRequestEnabled's value]
+CVE-2024-46778 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)
-CVE-2024-46777 [udf: Avoid excessive partition lengths]
+CVE-2024-46777 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)
-CVE-2024-46776 [drm/amd/display: Run DC_LOG_DC after checking link->link_enc]
+CVE-2024-46776 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)
-CVE-2024-46775 [drm/amd/display: Validate function returns]
+CVE-2024-46775 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)
-CVE-2024-46774 [powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()]
+CVE-2024-46774 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)
-CVE-2024-46773 [drm/amd/display: Check denominator pbn_div before used]
+CVE-2024-46773 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)
-CVE-2024-46772 [drm/amd/display: Check denominator crb_pipes before used]
+CVE-2024-46772 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)
-CVE-2024-46771 [can: bcm: Remove proc entry when dev is unregistered.]
+CVE-2024-46771 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)
-CVE-2024-46770 [ice: Add netif_device_attach/detach into PF reset flow]
+CVE-2024-46770 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)
-CVE-2024-46769 [spi: intel: Add check devm_kasprintf() returned value]
+CVE-2024-46769 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2920294686ec23211637998f3ec386dfd3d784a6 (6.11-rc7)
-CVE-2024-46768 [hwmon: (hp-wmi-sensors) Check if WMI event data exists]
+CVE-2024-46768 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)
-CVE-2024-46767 [net: phy: Fix missing of_node_put() for leds]
+CVE-2024-46767 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)
-CVE-2024-46766 [ice: move netif_queue_set_napi to rtnl-protected sections]
+CVE-2024-46766 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)
-CVE-2024-46765 [ice: protect XDP configuration with a mutex]
+CVE-2024-46765 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)
-CVE-2024-46764 [bpf: add check for invalid name in btf_name_valid_section()]
+CVE-2024-46764 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bb6705c3f93bed2af03d43691743d4c43e3c8e6f (6.11-rc7)
-CVE-2024-46763 [fou: Fix null-ptr-deref in GRO.]
+CVE-2024-46763 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)
-CVE-2024-46762 [xen: privcmd: Fix possible access to a freed kirqfd instance]
+CVE-2024-46762 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)
-CVE-2024-46761 [pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv]
+CVE-2024-46761 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)
-CVE-2024-46760 [wifi: rtw88: usb: schedule rx work after everything is set up]
+CVE-2024-46760 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)
-CVE-2024-46759 [hwmon: (adc128d818) Fix underflows seen when writing limit attributes]
+CVE-2024-46759 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)
-CVE-2024-46758 [hwmon: (lm95234) Fix underflows seen when writing limit attributes]
+CVE-2024-46758 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)
-CVE-2024-46757 [hwmon: (nct6775-core) Fix underflows seen when writing limit attributes]
+CVE-2024-46757 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)
-CVE-2024-46756 [hwmon: (w83627ehf) Fix underflows seen when writing limit attributes]
+CVE-2024-46756 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)
-CVE-2024-46755 [wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()]
+CVE-2024-46755 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)
-CVE-2024-46754 [bpf: Remove tst_run from lwt_seg6local_prog_ops.]
+CVE-2024-46754 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)
-CVE-2024-46753 [btrfs: handle errors from btrfs_dec_ref() properly]
+CVE-2024-46753 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)
-CVE-2024-46752 [btrfs: replace BUG_ON() with error handling at update_ref_for_cow()]
+CVE-2024-46752 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)
-CVE-2024-46751 [btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()]
+CVE-2024-46751 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)
-CVE-2024-46750 [PCI: Add missing bridge lock to pci_bus_lock()]
+CVE-2024-46750 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)
-CVE-2024-46749 [Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()]
+CVE-2024-46749 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)
-CVE-2024-46748 [cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT]
+CVE-2024-46748 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)
-CVE-2024-46747 [HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup]
+CVE-2024-46747 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)
-CVE-2024-46746 [HID: amd_sfh: free driver_data after destroying hid device]
+CVE-2024-46746 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)
-CVE-2024-46745 [Input: uinput - reject requests with unreasonable number of slots]
+CVE-2024-46745 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)
-CVE-2024-46744 [Squashfs: sanity check symbolic link size]
+CVE-2024-46744 (In the Linux kernel, the following vulnerability has been resolved: S ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)
-CVE-2024-46743 [of/irq: Prevent device address out-of-bounds read in interrupt map walk]
+CVE-2024-46743 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)
-CVE-2024-46742 [smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()]
+CVE-2024-46742 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)
-CVE-2024-46741 [misc: fastrpc: Fix double free of 'buf' in error path]
+CVE-2024-46741 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)
-CVE-2024-46740 [binder: fix UAF caused by offsets overwrite]
+CVE-2024-46740 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)
-CVE-2024-46739 [uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind]
+CVE-2024-46739 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)
-CVE-2024-46738 [VMCI: Fix use-after-free when removing resource in vmci_resource_remove()]
+CVE-2024-46738 (In the Linux kernel, the following vulnerability has been resolved: V ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)
-CVE-2024-46737 [nvmet-tcp: fix kernel crash if commands allocation fails]
+CVE-2024-46737 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)
-CVE-2024-46736 [smb: client: fix double put of @cfile in smb2_rename_path()]
+CVE-2024-46736 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3523a3df03c6f04f7ea9c2e7050102657e331a4f (6.11-rc7)
-CVE-2024-46735 [ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()]
+CVE-2024-46735 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)
-CVE-2024-46734 [btrfs: fix race between direct IO write and fsync when using same fd]
+CVE-2024-46734 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cd9253c23aedd61eb5ff11f37a36247cd46faf86 (6.11-rc7)
-CVE-2024-46733 [btrfs: fix qgroup reserve leaks in cow_file_range]
+CVE-2024-46733 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)
-CVE-2024-46732 [drm/amd/display: Assign linear_pitch_alignment even for VM]
+CVE-2024-46732 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)
-CVE-2024-46731 [drm/amd/pm: fix the Out-of-bounds read warning]
+CVE-2024-46731 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)
-CVE-2024-46730 [drm/amd/display: Ensure array index tg_inst won't be -1]
+CVE-2024-46730 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)
-CVE-2024-46729 [drm/amd/display: Fix incorrect size calculation for loop]
+CVE-2024-46729 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)
-CVE-2024-46728 [drm/amd/display: Check index for aux_rd_interval before using]
+CVE-2024-46728 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)
-CVE-2024-46727 [drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update]
+CVE-2024-46727 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)
-CVE-2024-46726 [drm/amd/display: Ensure index calculation will not overflow]
+CVE-2024-46726 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)
-CVE-2024-46725 [drm/amdgpu: Fix out-of-bounds write warning]
+CVE-2024-46725 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)
-CVE-2024-46724 [drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number]
+CVE-2024-46724 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)
-CVE-2024-46723 [drm/amdgpu: fix ucode out-of-bounds read warning]
+CVE-2024-46723 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)
-CVE-2024-46722 [drm/amdgpu: fix mc_data out-of-bounds read warning]
+CVE-2024-46722 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)
-CVE-2024-46721 [apparmor: fix possible NULL pointer dereference]
+CVE-2024-46721 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)
-CVE-2024-46720 [drm/amdgpu: fix dereference after null check]
+CVE-2024-46720 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)
-CVE-2024-46719 [usb: typec: ucsi: Fix null pointer dereference in trace]
+CVE-2024-46719 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)
-CVE-2024-46718 [drm/xe: Don't overmap identity VRAM mapping]
+CVE-2024-46718 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)
-CVE-2024-46717 [net/mlx5e: SHAMPO, Fix incorrect page release]
+CVE-2024-46717 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)
-CVE-2024-46716 [dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor]
+CVE-2024-46716 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)
-CVE-2024-46715 [driver: iio: add missing checks on iio_info's callback access]
+CVE-2024-46715 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)
-CVE-2024-46714 [drm/amd/display: Skip wbscl_set_scaler_filter if filter is null]
+CVE-2024-46714 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)
-CVE-2024-46976
+CVE-2024-46976 (Backstage is an open framework for building developer portals. An atta ...)
NOT-FOR-US: Backstage
-CVE-2024-45816
+CVE-2024-45816 (Backstage is an open framework for building developer portals. When us ...)
NOT-FOR-US: Backstage
-CVE-2024-45815
+CVE-2024-45815 (Backstage is an open framework for building developer portals. A malic ...)
NOT-FOR-US: Backstage
-CVE-2024-8909
+CVE-2024-8909 (Inappropriate implementation in UI in Google Chrome on iOS prior to 12 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-8908
+CVE-2024-8908 (Inappropriate implementation in Autofill in Google Chrome prior to 129 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-8907
+CVE-2024-8907 (Insufficient data validation in Omnibox in Google Chrome on Android pr ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-8906
+CVE-2024-8906 (Incorrect security UI in Downloads in Google Chrome prior to 129.0.666 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-8905
+CVE-2024-8905 (Inappropriate implementation in V8 in Google Chrome prior to 129.0.666 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-8904
+CVE-2024-8904 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8956 (PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an ...)
@@ -2338,7 +2668,7 @@ CVE-2024-6795 (In Connex health portal released before8/30/2024, SQL injection v
CVE-2024-6572 (Improper host key checking in active check 'Check SFTP Service' and sp ...)
- check-mk <removed>
CVE-2024-45411 (Twig is a template language for PHP. Under some circumstances, the san ...)
- {DLA-3888-1}
+ {DSA-5771-1 DLA-3888-1}
[experimental] - php-twig 3.14.0-1
- php-twig 3.8.0-4 (bug #1081561)
- twig <removed>
@@ -4018,16 +4348,19 @@ CVE-2024-5024 (The Memberpress plugin for WordPress is vulnerable to Reflected C
CVE-2024-4401 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
NOT-FOR-US: WordPress plugin
CVE-2024-45492 (An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in ...)
+ {DSA-5770-1}
- expat 2.6.2-2 (bug #1080152)
NOTE: https://github.com/libexpat/libexpat/pull/892
NOTE: https://github.com/libexpat/libexpat/issues/889
NOTE: https://github.com/libexpat/libexpat/commit/29ef43a0bab633b41e71dd6d900fff5f6b3ad5e4 (R_2_6_3)
CVE-2024-45491 (An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse. ...)
+ {DSA-5770-1}
- expat 2.6.2-2 (bug #1080150)
NOTE: https://github.com/libexpat/libexpat/pull/891
NOTE: https://github.com/libexpat/libexpat/issues/888
NOTE: https://github.com/libexpat/libexpat/commit/b8a7dca4670973347892cfc452b24d9001dcd6f5 (R_2_6_3)
CVE-2024-45490 (An issue was discovered in libexpat before 2.6.3. xmlparse.c does not ...)
+ {DSA-5770-1}
- expat 2.6.2-2 (bug #1080149)
NOTE: https://github.com/libexpat/libexpat/pull/890
NOTE: https://github.com/libexpat/libexpat/issues/887
@@ -44171,6 +44504,7 @@ CVE-2024-21098 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Ente
CVE-2024-21097 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2024-21096 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ {DLA-3891-1}
- mysql-8.0 8.0.37-1 (bug #1069189)
- mariadb 1:10.11.8-1
[bookworm] - mariadb <no-dsa> (Minor issue)
@@ -115735,20 +116069,20 @@ CVE-2023-28459 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export
NOT-FOR-US: pretalx
CVE-2023-28458 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non ...)
NOT-FOR-US: pretalx
-CVE-2023-28457
- RESERVED
-CVE-2023-28456
- RESERVED
-CVE-2023-28455
- RESERVED
+CVE-2023-28457 (An issue was discovered in Technitium through 11.0.3. It enables attac ...)
+ TODO: check
+CVE-2023-28456 (An issue was discovered in Technitium through 11.0.2. It enables attac ...)
+ TODO: check
+CVE-2023-28455 (An issue was discovered in Technitium through 11.0.2. The forwarding m ...)
+ TODO: check
CVE-2023-28454
RESERVED
CVE-2023-28453
RESERVED
-CVE-2023-28452
- RESERVED
-CVE-2023-28451
- RESERVED
+CVE-2023-28452 (An issue was discovered in CoreDNS through 1.10.1. There is a vulnerab ...)
+ TODO: check
+CVE-2023-28451 (An issue was discovered in Technitium 11.0.2. There is a vulnerability ...)
+ TODO: check
CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default maximum ED ...)
- dnsmasq 2.90-1 (bug #1033165)
[bookworm] - dnsmasq <no-dsa> (Minor issue)
@@ -165176,8 +165510,8 @@ CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT pro
NOT-FOR-US: ZTE
CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of ...)
NOT-FOR-US: ZTE
-CVE-2022-39068
- RESERVED
+CVE-2022-39068 (There is a buffer overflow vulnerability in ZTE MF296R. Due to insuffi ...)
+ TODO: check
CVE-2022-39067 (There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of ...)
NOT-FOR-US: ZTE
CVE-2022-39066 (There is a SQL injection vulnerability in ZTE MF286R. Due to insuffici ...)
@@ -203490,14 +203824,14 @@ CVE-2022-25779 (Logging of Excessive Data vulnerability in audit log of Secomea
NOT-FOR-US: Secomea
CVE-2022-25778 (Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea G ...)
NOT-FOR-US: Secomea
-CVE-2022-25777
- RESERVED
-CVE-2022-25776
- RESERVED
-CVE-2022-25775
- RESERVED
-CVE-2022-25774
- RESERVED
+CVE-2022-25777 (Prior to the patched version, an authenticated user of Mautic could re ...)
+ TODO: check
+CVE-2022-25776 (Prior to the patched version, logged in users of Mautic are able to ac ...)
+ TODO: check
+CVE-2022-25775 (Prior to the patched version, logged in users of Mautic are vulnerable ...)
+ TODO: check
+CVE-2022-25774 (Prior to the patched version, logged in users of Mautic are vulnerable ...)
+ TODO: check
CVE-2022-25773
RESERVED
CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking compone ...)
@@ -203506,8 +203840,8 @@ CVE-2022-25771
RESERVED
CVE-2022-25770
RESERVED
-CVE-2022-25769
- RESERVED
+CVE-2022-25769 (ImpactThe default .htaccess file has some restrictions in the access t ...)
+ TODO: check
CVE-2022-25768
RESERVED
CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request validation o ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d996a384670a82b99f9104d66253e32bc9c62dc2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d996a384670a82b99f9104d66253e32bc9c62dc2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240918/1c54f6d5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list