[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 27 21:12:46 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
646b10c8 by security tracker role at 2024-09-27T20:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,243 +1,393 @@
-CVE-2024-46868 [firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()]
+CVE-2024-9301 (A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b144 ...)
+ TODO: check
+CVE-2024-9284 (A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has ...)
+ TODO: check
+CVE-2024-9283 (A vulnerability classified as problematic has been found in RelaxedJS ...)
+ TODO: check
+CVE-2024-9282 (A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classifi ...)
+ TODO: check
+CVE-2024-9281 (A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified ...)
+ TODO: check
+CVE-2024-9280 (A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1e ...)
+ TODO: check
+CVE-2024-9279 (A vulnerability, which was classified as problematic, was found in fun ...)
+ TODO: check
+CVE-2024-9278 (A vulnerability, which was classified as critical, has been found in H ...)
+ TODO: check
+CVE-2024-9277 (A vulnerability classified as problematic was found in Langflow up to ...)
+ TODO: check
+CVE-2024-9276 (A vulnerability classified as problematic has been found in TMsoft MyA ...)
+ TODO: check
+CVE-2024-9275 (A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has ...)
+ TODO: check
+CVE-2024-9273
+ REJECTED
+CVE-2024-9268
+ REJECTED
+CVE-2024-9202 (In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector ...)
+ TODO: check
+CVE-2024-9171
+ REJECTED
+CVE-2024-9160 (In versions of the PEADM Forge Module prior to 3.24.0 a security misco ...)
+ TODO: check
+CVE-2024-9136 (Access permission verification vulnerability in the App Multiplier mod ...)
+ TODO: check
+CVE-2024-8644 (Cleartext Storage of Sensitive Information in a Cookie vulnerability i ...)
+ TODO: check
+CVE-2024-8643 (Session Fixation vulnerability in Oceanic Software ValeApp allows Brut ...)
+ TODO: check
+CVE-2024-8630 (Alisonic Sibylla devices are vulnerable to SQL injection attacks, whic ...)
+ TODO: check
+CVE-2024-8609 (Insertion of Sensitive Information into Log File vulnerability in Ocea ...)
+ TODO: check
+CVE-2024-8608 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-8607 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-8310 (OPW Fuel Management Systems SiteSentinel could allow an attacker to b ...)
+ TODO: check
+CVE-2024-7149 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
+ TODO: check
+CVE-2024-6983 (mudler/localai version 2.17.1 is vulnerable to remote code execution. ...)
+ TODO: check
+CVE-2024-6981 (OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an atta ...)
+ TODO: check
+CVE-2024-6931 (The The Events Calendar plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-6654 (Products for macOS enables auser logged on to the system to perform a ...)
+ TODO: check
+CVE-2024-6436 (An input validation vulnerability exists in the Rockwell Automation Se ...)
+ TODO: check
+CVE-2024-47294 (Access permission verification vulnerability in the input method frame ...)
+ TODO: check
+CVE-2024-47293 (Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Succe ...)
+ TODO: check
+CVE-2024-47292 (Path traversal vulnerability in the Bluetooth module Impact: Successfu ...)
+ TODO: check
+CVE-2024-47291 (Permission vulnerability in the ActivityManagerService (AMS) module Im ...)
+ TODO: check
+CVE-2024-47290 (Input validation vulnerability in the USB service module Impact: Succe ...)
+ TODO: check
+CVE-2024-47184 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
+CVE-2024-47182 (Dozzle is a realtime log viewer for docker containers. Before version ...)
+ TODO: check
+CVE-2024-47077 (authentik is an open-source identity provider. Prior to versions 2024. ...)
+ TODO: check
+CVE-2024-47070 (authentik is an open-source identity provider. A vulnerability that ex ...)
+ TODO: check
+CVE-2024-46472 (CodeAstro Membership Management System 1.0 is vulnerable to SQL Inject ...)
+ TODO: check
+CVE-2024-46471 (The Directory Listing in /uploads/ Folder in CodeAstro Membership Mana ...)
+ TODO: check
+CVE-2024-46470 (Cross Site Scripting vulnerability in CodeAstro Membership Management ...)
+ TODO: check
+CVE-2024-46441 (An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers ...)
+ TODO: check
+CVE-2024-46367 (A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM ...)
+ TODO: check
+CVE-2024-46366 (A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin ...)
+ TODO: check
+CVE-2024-46333 (An authenticated cross-site scripting (XSS) vulnerability in Piwigo v1 ...)
+ TODO: check
+CVE-2024-46331 (ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerab ...)
+ TODO: check
+CVE-2024-46257 (A Command injection vulnerability in requestLetsEncryptSslWithDnsChall ...)
+ TODO: check
+CVE-2024-46256 (A Command injection vulnerability in requestLetsEncryptSsl in NginxPro ...)
+ TODO: check
+CVE-2024-46097 (TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestP ...)
+ TODO: check
+CVE-2024-45863 (A null-dereference vulnerability involving parsing requests specifying ...)
+ TODO: check
+CVE-2024-45773 (A use-after-free vulnerability involving upgradeToRocket requests can ...)
+ TODO: check
+CVE-2024-45745 (TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated ...)
+ TODO: check
+CVE-2024-45744 (TopQuadrant TopBraid EDG stores external credentials insecurely. An au ...)
+ TODO: check
+CVE-2024-44912 (NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read ...)
+ TODO: check
+CVE-2024-44911 (NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read ...)
+ TODO: check
+CVE-2024-44910 (NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read ...)
+ TODO: check
+CVE-2024-41930 (Cross-site scripting vulnerability exists in MF Teacher Performance Ma ...)
+ TODO: check
+CVE-2024-40512 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
+ TODO: check
+CVE-2024-40511 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
+ TODO: check
+CVE-2024-40510 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
+ TODO: check
+CVE-2024-40509 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
+ TODO: check
+CVE-2024-3373 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-39364 (Advantech ADAM-5630 has built-in commands that can be executed withou ...)
+ TODO: check
+CVE-2024-39275 (Cookies of authenticated Advantech ADAM-5630 users remain as active va ...)
+ TODO: check
+CVE-2024-38861 (Improper Certificate Validation in Checkmk Exchange plugin MikroTik al ...)
+ TODO: check
+CVE-2024-38308 (Advantech ADAM 5550's web application includes a "logs" page where all ...)
+ TODO: check
+CVE-2024-37187 (Advantech ADAM-5550 share user credentials with a low level of encrypt ...)
+ TODO: check
+CVE-2024-34542 (Advantech ADAM-5630 shares user credentials plain text between the dev ...)
+ TODO: check
+CVE-2024-33369 (Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1. ...)
+ TODO: check
+CVE-2024-33368 (An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attac ...)
+ TODO: check
+CVE-2024-28948 (Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulne ...)
+ TODO: check
+CVE-2024-25412 (A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows at ...)
+ TODO: check
+CVE-2024-25411 (A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows at ...)
+ TODO: check
+CVE-2024-22170 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2024-46868 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)
-CVE-2024-46867 [drm/xe/client: fix deadlock in show_meminfo()]
+CVE-2024-46867 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)
-CVE-2024-46866 [drm/xe/client: add missing bo locking in show_meminfo()]
+CVE-2024-46866 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)
-CVE-2024-46865 [fou: fix initialization of grc]
+CVE-2024-46865 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/4c8002277167125078e6b9b90137bdf443ebaa08 (6.11)
-CVE-2024-46864 [x86/hyperv: fix kexec crash due to VP assist page corruption]
+CVE-2024-46864 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)
-CVE-2024-46863 [ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item]
+CVE-2024-46863 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c4246f1fe9f24f8dcd97887ed67d8fcfd91f4796 (6.11)
-CVE-2024-46862 [ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item]
+CVE-2024-46862 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bf6d7a44a144aa9c476dee83c23faf3151181bab (6.11)
-CVE-2024-46861 [usbnet: ipheth: do not stop RX on failing RX callback]
+CVE-2024-46861 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)
-CVE-2024-46860 [wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change]
+CVE-2024-46860 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)
-CVE-2024-46859 [platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses]
+CVE-2024-46859 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)
-CVE-2024-46858 [mptcp: pm: Fix uaf in __timer_delete_sync]
+CVE-2024-46858 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)
-CVE-2024-46857 [net/mlx5: Fix bridge mode operations when there are no VFs]
+CVE-2024-46857 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)
-CVE-2024-46856 [net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices]
+CVE-2024-46856 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3f62ea572b3e8e3f10c39a9cb4f04ca9ae5f2952 (6.11)
-CVE-2024-46855 [netfilter: nft_socket: fix sk refcount leaks]
+CVE-2024-46855 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)
-CVE-2024-46854 [net: dpaa: Pad packets to ETH_ZLEN]
+CVE-2024-46854 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)
-CVE-2024-46853 [spi: nxp-fspi: fix the KASAN report out-of-bounds bug]
+CVE-2024-46853 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)
-CVE-2024-46852 [dma-buf: heaps: Fix off-by-one in CMA heap fault handler]
+CVE-2024-46852 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)
-CVE-2024-46851 [drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()]
+CVE-2024-46851 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)
-CVE-2024-46850 [drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()]
+CVE-2024-46850 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)
-CVE-2024-46849 [ASoC: meson: axg-card: fix 'use-after-free']
+CVE-2024-46849 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)
-CVE-2024-46848 [perf/x86/intel: Limit the period on Haswell]
+CVE-2024-46848 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)
-CVE-2024-46847 [mm: vmalloc: ensure vmap_block is initialised before adding to queue]
+CVE-2024-46847 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3e3de7947c751509027d26b679ecd243bc9db255 (6.11-rc7)
-CVE-2024-46846 [spi: rockchip: Resolve unbalanced runtime PM / system PM handling]
+CVE-2024-46846 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)
-CVE-2024-46845 [tracing/timerlat: Only clear timer if a kthread exists]
+CVE-2024-46845 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)
-CVE-2024-46844 [um: line: always fill *error_out in setup_one_line()]
+CVE-2024-46844 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)
-CVE-2024-46843 [scsi: ufs: core: Remove SCSI host only if added]
+CVE-2024-46843 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)
-CVE-2024-46842 [scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info]
+CVE-2024-46842 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)
-CVE-2024-46841 [btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()]
+CVE-2024-46841 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)
-CVE-2024-46840 [btrfs: clean up our handling of refs == 0 in snapshot delete]
+CVE-2024-46840 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)
-CVE-2024-46839 [workqueue: Improve scalability of workqueue watchdog touch]
+CVE-2024-46839 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/98f887f820c993e05a12e8aa816c80b8661d4c87 (6.11-rc1)
-CVE-2024-46838 [userfaultfd: don't BUG_ON() if khugepaged yanks our page table]
+CVE-2024-46838 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)
-CVE-2024-46837 [drm/panthor: Restrict high priorities on group_create]
+CVE-2024-46837 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5f7762042f8a5377bd8a32844db353c0311a7369 (6.11-rc7)
-CVE-2024-46836 [usb: gadget: aspeed_udc: validate endpoint index for ast udc]
+CVE-2024-46836 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)
-CVE-2024-46835 [drm/amdgpu: Fix smatch static checker warning]
+CVE-2024-46835 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)
-CVE-2024-46834 [ethtool: fail closed if we can't get max channel used in indirection tables]
+CVE-2024-46834 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)
-CVE-2024-46833 [net: hns3: void array out of bound when loop tnl_num]
+CVE-2024-46833 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)
-CVE-2024-46832 [MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed]
+CVE-2024-46832 (In the Linux kernel, the following vulnerability has been resolved: M ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)
-CVE-2024-46831 [net: microchip: vcap: Fix use-after-free error in kunit test]
+CVE-2024-46831 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)
-CVE-2024-46830 [KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS]
+CVE-2024-46830 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)
-CVE-2024-46829 [rtmutex: Drop rt_mutex::wait_lock before scheduling]
+CVE-2024-46829 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)
-CVE-2024-46828 [sched: sch_cake: fix bulk flow accounting logic for host fairness]
+CVE-2024-46828 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)
-CVE-2024-46827 [wifi: ath12k: fix firmware crash due to invalid peer nss]
+CVE-2024-46827 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)
-CVE-2024-46826 [ELF: fix kernel.randomize_va_space double read]
+CVE-2024-46826 (In the Linux kernel, the following vulnerability has been resolved: E ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)
-CVE-2024-46825 [wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check]
+CVE-2024-46825 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)
-CVE-2024-46824 [iommufd: Require drivers to supply the cache_invalidate_user ops]
+CVE-2024-46824 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.10.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)
-CVE-2024-46823 [kunit/overflow: Fix UB in overflow_allocation_test]
+CVE-2024-46823 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)
-CVE-2024-46822 [arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry]
+CVE-2024-46822 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)
-CVE-2024-46821 [drm/amd/pm: Fix negative array index read]
+CVE-2024-46821 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)
-CVE-2024-46820 [drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend]
+CVE-2024-46820 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)
-CVE-2024-46819 [drm/amdgpu: the warning dereferencing obj for nbio_v7_4]
+CVE-2024-46819 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)
-CVE-2024-46818 [drm/amd/display: Check gpio_id before used as array index]
+CVE-2024-46818 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)
-CVE-2024-46817 [drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6]
+CVE-2024-46817 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)
-CVE-2024-46816 [drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links]
+CVE-2024-46816 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)
-CVE-2024-46815 [drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]]
+CVE-2024-46815 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)
-CVE-2024-46814 [drm/amd/display: Check msg_id before processing transcation]
+CVE-2024-46814 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)
-CVE-2024-46813 [drm/amd/display: Check link_index before accessing dc->links[]]
+CVE-2024-46813 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)
-CVE-2024-46812 [drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration]
+CVE-2024-46812 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)
-CVE-2024-46811 [drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box]
+CVE-2024-46811 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)
-CVE-2024-46810 [drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ]
+CVE-2024-46810 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)
-CVE-2024-46809 [drm/amd/display: Check BIOS images before it is used]
+CVE-2024-46809 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)
-CVE-2024-46808 [drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range]
+CVE-2024-46808 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)
-CVE-2024-46807 [drm/amd/amdgpu: Check tbo resource pointer]
+CVE-2024-46807 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)
-CVE-2024-46806 [drm/amdgpu: Fix the warning division or modulo by zero]
+CVE-2024-46806 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)
-CVE-2024-46805 [drm/amdgpu: fix the waring dereferencing hive]
+CVE-2024-46805 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)
-CVE-2024-46804 [drm/amd/display: Add array index check for hdcp ddc access]
+CVE-2024-46804 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)
-CVE-2024-46803 [drm/amdkfd: Check debug trap enable before write dbg_ev_file]
+CVE-2024-46803 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)
-CVE-2024-46802 [drm/amd/display: added NULL check at start of dc_validate_stream]
+CVE-2024-46802 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)
CVE-2024-9130 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9049 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-9029 (A flaw was found in freeimage library. Processing a crafted image can ...)
+CVE-2024-9029 (A flaw was found in the freeimage library. Processing a crafted image ...)
- freeimage <unfixed> (bug #1082848)
[bookworm] - freeimage <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/freeimage/bugs/351/
@@ -435,7 +585,7 @@ CVE-2024-41722 (In the goTenna Pro ATAK Plugin there is a vulnerability that mak
NOT-FOR-US: goTenna Pro
CVE-2024-41715 (The goTenna Pro ATAK Plugin has a payload length vulnerability that m ...)
NOT-FOR-US: goTenna Pro
-CVE-2024-41605 (An issue in Foxit Software Foxit PDF Reader v.2024.2.2.25170 allows a ...)
+CVE-2024-41605 (In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13 ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2024-39577 (Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, ...)
NOT-FOR-US: Dell
@@ -757,7 +907,7 @@ CVE-2024-40761 (Inadequate Encryption Strength vulnerability in Apache Answer.
NOT-FOR-US: Apache Answer
CVE-2024-3866 (The Ninja Forms Contact Form plugin for WordPress is vulnerable to Ref ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-38809
+CVE-2024-38809 (Applications that parse ETags from "If-Match" or "If-None-Match" reque ...)
- libspring-java <unfixed> (unimportant)
NOTE: https://spring.io/security/cve-2024-38809
NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
@@ -27460,7 +27610,7 @@ CVE-2024-4194 (The The Album and Image Gallery plus Lightbox plugin for WordPres
CVE-2024-4177 (A host whitelist parser issue in the proxy service implemented in the ...)
NOT-FOR-US: GravityZone Update Server
CVE-2024-3049 (A flaw was found in Booth, a cluster ticket manager. If a specially-cr ...)
- {DLA-3894-1}
+ {DSA-5777-1 DLA-3894-1}
- booth 1.1-2 (bug #1073249)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2272082
NOTE: https://github.com/ClusterLabs/booth/pull/142
@@ -29173,7 +29323,7 @@ CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Re
NOT-FOR-US: WordPress plugin
CVE-2024-36470 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007 allows a ...)
+CVE-2024-36427 (The file-serving function in TARGIT Decision Suite before 24.06.19002 ...)
NOT-FOR-US: TARGIT Decision Suite
CVE-2024-36378 (In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS a ...)
NOT-FOR-US: JetBrains TeamCity
@@ -50221,7 +50371,7 @@ CVE-2024-31309 (HTTP/2 CONTINUATIONDoS attack can cause Apache Traffic Server to
CVE-2024-30255 (Envoy is a cloud-native, open source edge and service proxy. The HTTP/ ...)
- envoyproxy <itp> (bug #987544)
CVE-2024-28182 (nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...)
- {DLA-3804-1}
+ {DLA-3898-1 DLA-3804-1}
- nghttp2 1.61.0-1 (bug #1068415)
NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
NOTE: https://www.kb.cert.org/vuls/id/421644
@@ -87045,7 +87195,7 @@ CVE-2023-38059 (The loading of external images is not blocked, even if configure
NOTE: Could possibly affect Znuny, we'll let their security team figure it out
CVE-2023-43668 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...)
NOT-FOR-US: Apache InLong
-CVE-2023-43667 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+CVE-2023-43667 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
NOT-FOR-US: Apache InLong
CVE-2023-43666 (Insufficient Verification of Data Authenticity vulnerability in Apache ...)
NOT-FOR-US: Apache InLong
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/646b10c8ca1330e45d3dc74d3d0f22c7ac8e05e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/646b10c8ca1330e45d3dc74d3d0f22c7ac8e05e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/985a1e41/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list