Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5467c830 by security tracker role at 2024-04-05T20:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,135 @@
-CVE-2024-27437 [vfio/pci: Disable auto-enable of exclusive INTx IRQ]
+CVE-2024-3354 (A vulnerability was found in SourceCodester Aplaya Beach Resort
Online ...)
+ TODO: check
+CVE-2024-3353 (A vulnerability was found in SourceCodester Aplaya Beach Resort
Online ...)
+ TODO: check
+CVE-2024-3352 (A vulnerability has been found in SourceCodester Aplaya Beach
Resort O ...)
+ TODO: check
+CVE-2024-3351 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-3350 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-3349 (A vulnerability classified as critical was found in
SourceCodester Apl ...)
+ TODO: check
+CVE-2024-3348 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-3347 (A vulnerability was found in SourceCodester Airline Ticket
Reservation ...)
+ TODO: check
+CVE-2024-3346 (A vulnerability was found in Byzro Smart S80 up to 20240328. It
has be ...)
+ TODO: check
+CVE-2024-31852 (LLVM before 18.1.3 generates code in which the LR register can
be over ...)
+ TODO: check
+CVE-2024-31851 (A path traversal vulnerability exists in the Java version of
CData Syn ...)
+ TODO: check
+CVE-2024-31850 (A path traversal vulnerability exists in the Java version of
CData Arc ...)
+ TODO: check
+CVE-2024-31849 (A path traversal vulnerability exists in the Java version of
CData Con ...)
+ TODO: check
+CVE-2024-31848 (A path traversal vulnerability exists in the Java version of
CData API ...)
+ TODO: check
+CVE-2024-31220 (Sunshine is a self-hosted game stream host for Moonlight.
Starting in ...)
+ TODO: check
+CVE-2024-31218 (Webhood is a self-hosted URL scanner used analyzing phishing
and malic ...)
+ TODO: check
+CVE-2024-31213 (InstantCMS is a free and open source content management
system. An ope ...)
+ TODO: check
+CVE-2024-2499 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-2447 (Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3,
9.4.x bef ...)
+ TODO: check
+CVE-2024-2380 (Stored XSS in graph rendering in Checkmk <2.3.0b4.)
+ TODO: check
+CVE-2024-2312 (GRUB2 does not call the module fini functions on exit, leading
to Debi ...)
+ TODO: check
+CVE-2024-29783 (In tmu_get_tr_thresholds, there is a possible out of bounds
read due t ...)
+ TODO: check
+CVE-2024-29782 (In tmu_get_tr_num_thresholds of tmu.c, there is a possible out
of boun ...)
+ TODO: check
+CVE-2024-29757 (there is a possible permission bypass due to Debug certs being
allowli ...)
+ TODO: check
+CVE-2024-29756 (In afe_callback of q6afe.c, there is a possible out of bounds
write du ...)
+ TODO: check
+CVE-2024-29755 (In tmu_get_pi of tmu.c, there is a possible out of bounds read
due to ...)
+ TODO: check
+CVE-2024-29754 (In TMU_IPC_GET_TABLE, there is a possible out of bounds read
due to a ...)
+ TODO: check
+CVE-2024-29753 (In tmu_set_control_temp_step of tmu.c, there is a possible out
of boun ...)
+ TODO: check
+CVE-2024-29752 (In tmu_set_tr_num_thresholds of tmu.c, there is a possible out
of boun ...)
+ TODO: check
+CVE-2024-29751 (In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a
possible OOB R ...)
+ TODO: check
+CVE-2024-29750 (In km_exp_did_inner of kmv.c, there is a possible out of
bounds read d ...)
+ TODO: check
+CVE-2024-29749 (In tmu_set_tr_thresholds of tmu.c, there is a possible out of
bounds w ...)
+ TODO: check
+CVE-2024-29748 (there is a possible way to bypass due to a logic error in the
code. T ...)
+ TODO: check
+CVE-2024-29747 (In _dvfs_get_lv of dvfs.c, there is a possible out of bounds
read due ...)
+ TODO: check
+CVE-2024-29746 (In lpm_req_handler of lpm.c, there is a possible out of bounds
write d ...)
+ TODO: check
+CVE-2024-29745 (there is a possible Information Disclosure due to
uninitialized data. ...)
+ TODO: check
+CVE-2024-29744 (In tmu_get_gov_time_windows, there is a possible out of bounds
read du ...)
+ TODO: check
+CVE-2024-29743 (In tmu_set_temp_lut of tmu.c, there is a possible out of
bounds write ...)
+ TODO: check
+CVE-2024-29742 (In apply_minlock_constraint of dvfs.c, there is a possible out
of boun ...)
+ TODO: check
+CVE-2024-29741 (In pblS2mpuResume of s2mpu.c, there is a possible mitigation
bypass du ...)
+ TODO: check
+CVE-2024-29740 (In tmu_set_table of tmu.c, there is a possible out of bounds
write due ...)
+ TODO: check
+CVE-2024-29739 (In tmu_get_temp_lut of tmu.c, there is a possible out of
bounds read d ...)
+ TODO: check
+CVE-2024-29738 (In gov_init, there is a possible out of bounds read due to a
missing b ...)
+ TODO: check
+CVE-2024-29221 (Improper Access Control in Mattermost Server versions 9.5.x
before 9.5 ...)
+ TODO: check
+CVE-2024-28949 (Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before
9.4.4, 9.3 ...)
+ TODO: check
+CVE-2024-28065 (In Unify CP IP Phone firmware 1.10.4.3, files are not
encrypted and co ...)
+ TODO: check
+CVE-2024-27232 (In asn1_ec_pkey_parse of asn1_common.c, there is a possible
OOB read d ...)
+ TODO: check
+CVE-2024-27231 (In tmu_get_tr_stats of tmu.c, there is a possible out of
bounds read d ...)
+ TODO: check
+CVE-2024-22004 (Due to length check, an attacker with privilege access on a
Linux Nons ...)
+ TODO: check
+CVE-2024-21848 (Improper Access Control in Mattermost Server versions 8.1.x
before 8.1 ...)
+ TODO: check
+CVE-2024-0081 (NVIDIA NeMo framework for Ubuntu contains a vulnerability in
tools/asr ...)
+ TODO: check
+CVE-2024-0080 (NVIDIA nvTIFF Library for Windows and Linux contains a
vulnerability w ...)
+ TODO: check
+CVE-2024-0076 (NVIDIA CUDA toolkit for all platforms contains a vulnerability
in cuob ...)
+ TODO: check
+CVE-2024-0072 (NVIDIA CUDA toolkit for all platforms contains a vulnerability
in cuob ...)
+ TODO: check
+CVE-2023-6523 (Authorization Bypass Through User-Controlled Key vulnerability
in Extr ...)
+ TODO: check
+CVE-2023-6522 (Improper Privilege Management vulnerability in ExtremePacs
Extreme XDS ...)
+ TODO: check
+CVE-2023-5692 (WordPress Core is vulnerable to Sensitive Information Exposure
in vers ...)
+ TODO: check
+CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS
via the ...)
+ TODO: check
+CVE-2023-48426 (u-boot bug that allows for u-boot shell and interrupt over
UART)
+ TODO: check
+CVE-2024-27437 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fe9a7082684eb059b925c535682e68c34d487d43 (6.9-rc1)
-CVE-2024-26814 [vfio/fsl-mc: Block calling interrupt handler without trigger]
+CVE-2024-26814 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7447d911af699a15f8d050dfcb7c680a86f87012 (6.9-rc1)
-CVE-2024-26813 [vfio/platform: Create persistent IRQ handlers]
+CVE-2024-26813 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/675daf435e9f8e5a5eab140a9864dfad6668b375 (6.9-rc1)
-CVE-2024-26812 [vfio/pci: Create persistent INTx handler]
+CVE-2024-26812 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/18c198c96a815c962adc2b9b77909eec0be7df4d (6.9-rc1)
-CVE-2024-26810 [vfio/pci: Lock external INTx masking ops]
+CVE-2024-26810 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/810cd4bb53456d0503cc4e7934e063835152c1b7 (6.9-rc1)
CVE-2024-24746
@@ -377,7 +495,7 @@ CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit
are temporarily buff
NOTE: https://www.kb.cert.org/vuls/id/421644
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/4
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-27316
-CVE-2024-3296 (A timing-based side-channel exists in the rust-openssl package,
which ...)
+CVE-2024-3296 (A timing-based side-channel flaw exists in the rust-openssl
package, w ...)
- rust-openssl <unfixed> (bug #1068418)
NOTE: https://github.com/sfackler/rust-openssl/issues/2171
CVE-2024-31309
@@ -1067,7 +1185,7 @@ CVE-2023-52637 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.7.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/efe7cf828039aedb297c1f9920b638fffee6aabc (6.8-rc5)
-CVE-2024-31083 [User-after-free in ProcRenderAddGlyphs]
+CVE-2024-31083 (A use-after-free vulnerability was found in the
ProcRenderAddGlyphs() ...)
- xorg-server 2:21.1.11-3
- xwayland <unfixed>
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be
running as root)
@@ -27077,7 +27195,7 @@ CVE-2022-48616 (A Huawei data communication product has
a command injection vuln
NOT-FOR-US: Huawei
CVE-2022-48615 (An improper access control vulnerability exists in a Huawei
datacom pr ...)
NOT-FOR-US: Huawei
-CVE-2024-31211 [RCE vulnerability in WP_HTML_Token class]
+CVE-2024-31211 (WordPress is an open publishing platform for the Web.
Unserialization ...)
- wordpress 6.4.2+dfsg1-1
[bookworm] - wordpress <not-affected> (Vulnerable code not present)
[bullseye] - wordpress <not-affected> (Vulnerable code not present)
@@ -58943,8 +59061,8 @@ CVE-2023-31030 (NVIDIA DGX A100 BMC contains a
vulnerability in the host KVM dae
NOT-FOR-US: NVIDIA
CVE-2023-31029 (NVIDIA DGX A100 baseboard management controller (BMC) contains
a vulne ...)
NOT-FOR-US: NVIDIA
-CVE-2023-31028
- RESERVED
+CVE-2023-31028 (NVIDIA nvJPEG2000 Library for Windows and Linux contains a
vulnerabili ...)
+ TODO: check
CVE-2023-31027 (NVIDIA GPU Display Driver for Windows contains a vulnerability
that al ...)
NOT-FOR-US: NVIDIA
CVE-2023-31026 (NVIDIA vGPU software for Windows and Linux contains a
vulnerability in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5467c83017e246ff2f48d84d96a2716fa5727cdb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5467c83017e246ff2f48d84d96a2716fa5727cdb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
