Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65cca1f1 by security tracker role at 2024-12-02T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,89 +1,345 @@
-CVE-2024-53124 [net: fix data-races around sk->sk_forward_alloc]
+CVE-2024-8785 (In WhatsUp Gold versions released before 2024.0.1, aremote
unauthentic ...)
+ TODO: check
+CVE-2024-5890 (ServiceNow has addressed an HTML injection vulnerability that
was iden ...)
+ TODO: check
+CVE-2024-53992 (unzip-bot is a Telegram bot to extract various types of
archives. User ...)
+ TODO: check
+CVE-2024-53990 (The AsyncHttpClient (AHC) library allows Java applications to
easily e ...)
+ TODO: check
+CVE-2024-53984 (Nanopb is a small code-size Protocol Buffers implementation.
When the ...)
+ TODO: check
+CVE-2024-53981 (python-multipart is a streaming multipart parser for Python.
When pars ...)
+ TODO: check
+CVE-2024-53900 (Mongoose before 8.8.3 can improperly use $where in match.)
+ TODO: check
+CVE-2024-53862 (Argo Workflows is an open source container-native workflow
engine for ...)
+ TODO: check
+CVE-2024-53793 (Cross-Site Request Forgery (CSRF) vulnerability in eDoc
Intelligence L ...)
+ TODO: check
+CVE-2024-53792 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-53789 (Cross-Site Request Forgery (CSRF) vulnerability in Ritesh
Sanap Advanc ...)
+ TODO: check
+CVE-2024-53784 (Missing Authorization vulnerability in E-goi Smart Marketing
SMS and N ...)
+ TODO: check
+CVE-2024-53782 (Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount
Photo Vi ...)
+ TODO: check
+CVE-2024-53781 (Cross-Site Request Forgery (CSRF) vulnerability in Home
Junction Spati ...)
+ TODO: check
+CVE-2024-53780 (Cross-Site Request Forgery (CSRF) vulnerability in Rajeev
Chauhan Load ...)
+ TODO: check
+CVE-2024-53779 (Cross-Site Request Forgery (CSRF) vulnerability in Max Engel
Yahoo! We ...)
+ TODO: check
+CVE-2024-53777 (Cross-Site Request Forgery (CSRF) vulnerability in Alberto
Reineri Sim ...)
+ TODO: check
+CVE-2024-53776 (Cross-Site Request Forgery (CSRF) vulnerability in Raphael
Heide Donat ...)
+ TODO: check
+CVE-2024-53775 (Cross-Site Request Forgery (CSRF) vulnerability in
TannerRitchie Web A ...)
+ TODO: check
+CVE-2024-53770 (Cross-Site Request Forgery (CSRF) vulnerability in Peter
MacIntyre Rin ...)
+ TODO: check
+CVE-2024-53769 (Cross-Site Request Forgery (CSRF) vulnerability in Ludovic
RIAUDEL Cus ...)
+ TODO: check
+CVE-2024-53765 (Cross-Site Request Forgery (CSRF) vulnerability in Think201
Mins To Re ...)
+ TODO: check
+CVE-2024-53762 (Cross-Site Request Forgery (CSRF) vulnerability in Faster
Themes FastB ...)
+ TODO: check
+CVE-2024-53761 (Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP
Revisions ...)
+ TODO: check
+CVE-2024-53759 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53755 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea
Pernici Thir ...)
+ TODO: check
+CVE-2024-53754 (Cross-Site Request Forgery (CSRF) vulnerability in Arrow
Design Out Of ...)
+ TODO: check
+CVE-2024-53753 (Cross-Site Request Forgery (CSRF) vulnerability in CultBooking
CultBoo ...)
+ TODO: check
+CVE-2024-53751 (Cross-Site Request Forgery (CSRF) vulnerability in Abdul
Hakeem Build ...)
+ TODO: check
+CVE-2024-53741 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53740 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53730 (Cross-Site Request Forgery (CSRF) vulnerability in Aaron Hodge
Silver ...)
+ TODO: check
+CVE-2024-53729 (Cross-Site Request Forgery (CSRF) vulnerability in Plumeria
Web Design ...)
+ TODO: check
+CVE-2024-53728 (Cross-Site Request Forgery (CSRF) vulnerability in
SEO-K\xfcche Intern ...)
+ TODO: check
+CVE-2024-53727 (Cross-Site Request Forgery (CSRF) vulnerability in
LinkLaunder.com Lin ...)
+ TODO: check
+CVE-2024-53726 (Cross-Site Request Forgery (CSRF) vulnerability in Realty
Candy Realty ...)
+ TODO: check
+CVE-2024-53725 (Cross-Site Request Forgery (CSRF) vulnerability in
Script-Recipes Post ...)
+ TODO: check
+CVE-2024-53724 (Cross-Site Request Forgery (CSRF) vulnerability in Ronny L.
Bull IceSt ...)
+ TODO: check
+CVE-2024-53723 (Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir
BALTACI ...)
+ TODO: check
+CVE-2024-53722 (Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic
Favicon ...)
+ TODO: check
+CVE-2024-53721 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53720 (Cross-Site Request Forgery (CSRF) vulnerability in ole1986 ,
MachineIT ...)
+ TODO: check
+CVE-2024-53719 (Cross-Site Request Forgery (CSRF) vulnerability in onigetoc
Zajax \u20 ...)
+ TODO: check
+CVE-2024-53718 (Cross-Site Request Forgery (CSRF) vulnerability in Eric
Teubert Multi ...)
+ TODO: check
+CVE-2024-53717 (Cross-Site Request Forgery (CSRF) vulnerability in Yonatan
Reinberg yP ...)
+ TODO: check
+CVE-2024-53716 (Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp
auto to ...)
+ TODO: check
+CVE-2024-53715 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas
Hoefter Simp ...)
+ TODO: check
+CVE-2024-53714 (Cross-Site Request Forgery (CSRF) vulnerability in Arrow
Design Contin ...)
+ TODO: check
+CVE-2024-53713 (Cross-Site Request Forgery (CSRF) vulnerability in Alain Diart
for les ...)
+ TODO: check
+CVE-2024-53712 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin
McCabe Kevin' ...)
+ TODO: check
+CVE-2024-53711 (Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc
BIANCA Ho ...)
+ TODO: check
+CVE-2024-53710 (Cross-Site Request Forgery (CSRF) vulnerability in ITERAS
ITERAS allow ...)
+ TODO: check
+CVE-2024-53709 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53708 (Missing Authorization vulnerability in AutoQuiz AI Quiz allows
Accessi ...)
+ TODO: check
+CVE-2024-53707 (Cross-Site Request Forgery (CSRF) vulnerability in Ahmet
\u0130mamo\u0 ...)
+ TODO: check
+CVE-2024-53617 (A Cross Site Scripting vulnerability in LibrePhotos before
commit 3223 ...)
+ TODO: check
+CVE-2024-53566 (An issue in the action_listcategories() function of Sangoma
Asterisk v ...)
+ TODO: check
+CVE-2024-53564 (An authenticated arbitrary file upload vulnerability in the
component ...)
+ TODO: check
+CVE-2024-53484 (Ever Traduora 0.20.0 and below is vulnerable to Privilege
Escalation d ...)
+ TODO: check
+CVE-2024-53459 (Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting
(XSS) vi ...)
+ TODO: check
+CVE-2024-53364 (A SQL injection vulnerability was found in PHPGURUKUL Vehicle
Parking ...)
+ TODO: check
+CVE-2024-53259 (quic-go is an implementation of the QUIC protocol in Go. An
off-path a ...)
+ TODO: check
+CVE-2024-52806 (SimpleSAMLphp SAML2 library is a PHP library for SAML2 related
functio ...)
+ TODO: check
+CVE-2024-52732 (Incorrect access control in wms-Warehouse management
system-zeqp v2.20 ...)
+ TODO: check
+CVE-2024-52724 (ZZCMS 2023 was discovered to contain a SQL injection
vulnerability in ...)
+ TODO: check
+CVE-2024-52503 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52502 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52494 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52493 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52492 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52491 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52489 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52487 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52486 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52484 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52483 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52482 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52479 (Cross-Site Request Forgery (CSRF) vulnerability in Ben
Marshall Jobify ...)
+ TODO: check
+CVE-2024-52478 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52477 (Cross-Site Request Forgery (CSRF) vulnerability in No-nonsense
Labs Do ...)
+ TODO: check
+CVE-2024-52476 (Unrestricted Upload of File with Dangerous Type vulnerability
in stefa ...)
+ TODO: check
+CVE-2024-52469 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52468 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52467 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52466 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52465 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52464 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52463 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52462 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52461 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52460 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52459 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52458 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52457 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52456 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52455 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52454 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52453 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-52452 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-51900 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-50381 (A vulnerability exists in Snap One OVRC cloud where an
attacker can im ...)
+ TODO: check
+CVE-2024-50380 (Snap One OVRC cloud uses the MAC address as an identifier to
provide i ...)
+ TODO: check
+CVE-2024-49763 (PlexRipper is a cross-platform media downloader for Plex.
PlexRipper\u ...)
+ TODO: check
+CVE-2024-46909 (In WhatsUp Gold versions released before 2024.0.1, aremote
unauthentic ...)
+ TODO: check
+CVE-2024-46908 (In WhatsUp Gold versions released before 2024.0.1, a SQL
Injection vul ...)
+ TODO: check
+CVE-2024-46907 (In WhatsUp Gold versions released before 2024.0.1, a SQL
Injection vul ...)
+ TODO: check
+CVE-2024-46906 (In WhatsUp Gold versions released before 2024.0.1, a SQL
Injection vul ...)
+ TODO: check
+CVE-2024-46905 (In WhatsUp Gold versions released before 2024.0.1, a SQL
Injection vul ...)
+ TODO: check
+CVE-2024-43053 (Memory corruption while invoking IOCTL calls from user space
to read W ...)
+ TODO: check
+CVE-2024-43052 (Memory corruption while processing API calls to NPU with
invalid input ...)
+ TODO: check
+CVE-2024-43050 (Memory corruption while invoking IOCTL calls from user space
to issue ...)
+ TODO: check
+CVE-2024-43049 (Memory corruption while invoking IOCTL calls from user space
to set ge ...)
+ TODO: check
+CVE-2024-43048 (Memory corruption when invalid input is passed to invoke GPU
Headroom ...)
+ TODO: check
+CVE-2024-39343 (An issue was discovered in Samsung Mobile Processor and
Wearable Proce ...)
+ TODO: check
+CVE-2024-38827 (The usage of String.toLowerCase()and String.toUpperCase()has
some Loca ...)
+ TODO: check
+CVE-2024-33063 (Transient DOS while parsing the ML IE when a beacon with
common info l ...)
+ TODO: check
+CVE-2024-33056 (Memory corruption when allocating and accessing an entry in an
SMEM pa ...)
+ TODO: check
+CVE-2024-33053 (Memory corruption when multiple threads try to unregister the
CVP buff ...)
+ TODO: check
+CVE-2024-33044 (Memory corruption while Configuring the SMR/S2CR register in
Bypass mo ...)
+ TODO: check
+CVE-2024-33040 (Memory corruption while invoking redundant release command to
release ...)
+ TODO: check
+CVE-2024-33039 (Memory corruption when PAL client calls PAL service APIs by
passing a ...)
+ TODO: check
+CVE-2024-33037 (Information disclosure as NPU firmware can send invalid IPC
message to ...)
+ TODO: check
+CVE-2024-33036 (Memory corruption while parsing sensor packets in camera
driver, user- ...)
+ TODO: check
+CVE-2024-31669 (rizin before Release v0.6.3 is vulnerable to Uncontrolled
Resource Con ...)
+ TODO: check
+CVE-2024-29645 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8
allows an at ...)
+ TODO: check
+CVE-2024-12015 (The 'Project Manager' WordPress Plugin is affected by an
authenticated ...)
+ TODO: check
+CVE-2024-10905 (IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2,
IdentityIQ 8.3 ...)
+ TODO: check
+CVE-2024-10490 (An \u201cAuthentication Bypass Using an Alternate Path or
Channel\u201 ...)
+ TODO: check
+CVE-2024-53124 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.11.10-1
NOTE:
https://git.kernel.org/linus/073d89808c065ac4c672c0a613a71b27a80691cb (6.12)
-CVE-2024-53123 [mptcp: error out earlier on disconnect]
+CVE-2024-53123 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/581302298524e9d77c4c44ff5156a6cd112227ae (6.12)
-CVE-2024-53122 [mptcp: cope racing subflow creation in mptcp_rcv_space_adjust]
+CVE-2024-53122 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE:
https://git.kernel.org/linus/ce7356ae35943cc6494cc692e62d51a734062b7d (6.12)
-CVE-2024-53121 [net/mlx5: fs, lock FTE when checking if active]
+CVE-2024-53121 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE:
https://git.kernel.org/linus/9ca314419930f9135727e39d77e66262d5f7bef6 (6.12)
-CVE-2024-53120 [net/mlx5e: CT: Fix null-ptr-deref in add rule err flow]
+CVE-2024-53120 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e99c6873229fe0482e7ceb7d5600e32d623ed9d9 (6.12)
-CVE-2024-53119 [virtio/vsock: Fix accept_queue memory leak]
+CVE-2024-53119 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE:
https://git.kernel.org/linus/d7b0ff5a866724c3ad21f2628c22a63336deec3f (6.12)
-CVE-2024-53118 [vsock: Fix sk_error_queue memory leak]
+CVE-2024-53118 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33 (6.12)
-CVE-2024-53117 [virtio/vsock: Improve MSG_ZEROCOPY error handling]
+CVE-2024-53117 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/60cf6206a1f513512f5d73fa4d3dbbcad2e7dcd6 (6.12)
-CVE-2024-53116 [drm/panthor: Fix handling of partial GPU mapping of BOs]
+CVE-2024-53116 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3387e043918e154ca08d83954966a8b087fe2835 (6.12)
-CVE-2024-53115 [drm/vmwgfx: avoid null_ptr_deref in
vmw_framebuffer_surface_create_handle]
+CVE-2024-53115 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/93d1f41a82de382845af460bf03bcb17dcbf08c5 (6.12)
-CVE-2024-53114 [x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client]
+CVE-2024-53114 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 6.11.10-1
NOTE:
https://git.kernel.org/linus/a5ca1dc46a6b610dd4627d8b633d6c84f9724ef0 (6.12)
-CVE-2024-53113 [mm: fix NULL pointer dereference in alloc_pages_bulk_noprof]
+CVE-2024-53113 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8ce41b0f9d77cca074df25afd39b86e2ee3aa68e (6.12)
-CVE-2024-53112 [ocfs2: uncache inode which has failed entering the group]
+CVE-2024-53112 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE:
https://git.kernel.org/linus/737f34137844d6572ab7d473c998c7f977ff30eb (6.12)
-CVE-2024-53111 [mm/mremap: fix address wraparound in move_page_tables()]
+CVE-2024-53111 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a4a282daf1a190f03790bf163458ea3c8d28d217 (6.12)
-CVE-2024-53110 [vp_vdpa: fix id_table array not null terminated error]
+CVE-2024-53110 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4e39ecadf1d2a08187139619f1f314b64ba7d947 (6.12)
-CVE-2024-53109 [nommu: pass NULL argument to vma_iter_prealloc()]
+CVE-2024-53109 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/247d720b2c5d22f7281437fd6054a138256986ba (6.12)
-CVE-2024-53108 [drm/amd/display: Adjust VSDB parser for replay feature]
+CVE-2024-53108 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.11.10-1
NOTE:
https://git.kernel.org/linus/16dd2825c23530f2259fc671960a3a65d2af69bd (6.12)
-CVE-2024-53107 [fs/proc/task_mmu: prevent integer overflow in
pagemap_scan_get_args()]
+CVE-2024-53107 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/669b0cb81e4e4e78cff77a5b367c7f70c0c6c05e (6.12)
-CVE-2024-53106 [ima: fix buffer overrun in ima_eventdigest_init_common]
+CVE-2024-53106 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/923168a0631bc42fffd55087b337b1b6c54dcff5 (6.12)
-CVE-2024-53105 [mm: page_alloc: move mlocked flag clearance into
free_pages_prepare()]
+CVE-2024-53105 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.11.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/66edc3a5894c74f8887c8af23b97593a0dd0df4d (6.12)
@@ -153,7 +409,8 @@ CVE-2024-12007 (A vulnerability, which was classified as
critical, was found in
TODO: check
CVE-2024-11856 (A security vulnerability in HPE IceWall products could be
exploited re ...)
TODO: check
-CVE-2024-52596
+CVE-2024-52596 (SimpleSAMLphp xml-common is a common classes for handling
XML-structur ...)
+ {DSA-5822-1 DLA-3981-1}
- simplesamlphp <unfixed> (bug #1088904)
NOTE: https://github.com/simplesamlphp/simplesamlphp/releases/tag/v2.3.4
NOTE: Fixed by:
https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7
(v4.16.14)
@@ -1019,7 +1276,7 @@ CVE-2024-11692 (An attacker could cause a select dropdown
to be shown over anoth
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11692
-CVE-2024-11700 (Malicious websites may have been able to user intent
confirmation thro ...)
+CVE-2024-11700 (Malicious websites may have been able to perform user intent
confirmat ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11700
CVE-2024-11691 (Certain WebGL operations on Apple silicon M series devices
could have ...)
@@ -5313,6 +5570,7 @@ CVE-2024-21541 (All versions of the package dom-iterator
are vulnerable to Arbit
CVE-2024-21540
REJECTED
CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions
improperly valida ...)
+ {DLA-3980-1}
- python3.12 <not-affected> (Fixed with first upload to Debian unstable)
- python3.11 3.11.4-1
- python3.9 <removed>
@@ -11565,7 +11823,7 @@ CVE-2024-53899 (virtualenv before 20.26.6 allows
command injection through the a
NOTE: https://github.com/pypa/virtualenv/pull/2771
NOTE: Fixed by:
https://github.com/pypa/virtualenv/commit/86dddeda7c991f8529e1995bbff280fb7b761972
(20.26.6)
CVE-2024-9287 (A vulnerability has been found in the CPython `venv` module and
CLI wh ...)
- {DLA-3966-1}
+ {DLA-3980-1 DLA-3966-1}
- python3.13 <unfixed>
- python3.12 <unfixed>
- python3.11 <removed>
@@ -23766,6 +24024,7 @@ CVE-2024-34463 (BPL Personal Weighing Scale PWS-01BT
IND/09/18/599 devices send
CVE-2023-49233 (Insufficient access checks in Visual Planning Admin Center 8
before v. ...)
NOT-FOR-US: Visual Planning Admin Center
CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython.
Regul ...)
+ {DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
@@ -25568,7 +25827,7 @@ CVE-2024-38208 (Microsoft Edge for Android Spoofing
Vulnerability)
CVE-2023-7260 (Path Traversal vulnerability discovered in OpenText\u2122 CX-E
Voice, ...)
NOT-FOR-US: OpenText
CVE-2024-8088 (There is a HIGH severity vulnerability affecting the CPython
"zipfile" ...)
- {DSA-5759-1}
+ {DSA-5759-1 DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
@@ -26817,6 +27076,7 @@ CVE-2024-7924 (A vulnerability was found in ZZCMS 2023.
It has been declared as
CVE-2024-7922 (A vulnerability was found in D-Link DNS-120, DNR-202L,
DNS-315L, DNS-3 ...)
NOT-FOR-US: D-Link
CVE-2024-7592 (There is a LOW severity vulnerability affecting CPython,
specifically ...)
+ {DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.6-1
- python3.11 <removed>
@@ -31057,6 +31317,7 @@ CVE-2024-7357 (** UNSUPPORTED WHEN ASSIGNED ** A
vulnerability was found in D-Li
CVE-2024-7211 (The 1E Platform's component utilized the third-party Duende
Identity S ...)
NOT-FOR-US: 1E Platform
CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython.
The emai ...)
+ {DLA-3980-1}
- python3.13 3.13.0~rc2-1
- python3.12 3.12.5-1
- python3.11 <removed>
@@ -42640,7 +42901,7 @@ CVE-2024-6055 (Improper removal of sensitive
information in data source export f
CVE-2024-5741 (Stored XSS in inventory tree rendering in Checkmk before
2.3.0p7, 2.2. ...)
- check-mk <removed>
CVE-2024-4032 (The \u201cipaddress\u201d module contained incorrect
information about ...)
- {DSA-5759-1}
+ {DSA-5759-1 DLA-3980-1}
- python3.13 <not-affected> (Fixed before initial upload to Debian
unstable)
- python3.12 3.12.4-1
- python3.11 <removed>
@@ -42754,7 +43015,7 @@ CVE-2024-36527 (puppeteer-renderer v.3.2.0 and before
is vulnerable to Directory
CVE-2024-1469
REJECTED
CVE-2024-0397 (A defect was discovered in the Python \u201cssl\u201d module
where the ...)
- {DSA-5759-1}
+ {DSA-5759-1 DLA-3980-1}
- python3.13 <not-affected> (Fixed before initial upload to Debian
unstable)
- python3.12 3.12.3-1
- python3.11 3.11.9-1
@@ -73990,7 +74251,7 @@ CVE-2024-1145 (User enumeration vulnerability in
Devklan's Alma Blog that affect
CVE-2024-1144 (Improper access control vulnerability in Devklan's Alma Blog
that affe ...)
NOT-FOR-US: Devklan's Alma Blog
CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting
versions ...)
- {DLA-3948-1 DLA-3772-1 DLA-3771-1}
+ {DLA-3980-1 DLA-3948-1 DLA-3772-1 DLA-3771-1}
- pypy3 7.3.16+dfsg-1
[bookworm] - pypy3 7.3.11+dfsg-2+deb12u2
- python3.12 3.12.2-1
@@ -74010,7 +74271,7 @@ CVE-2024-0450 (An issue was found in the CPython
`zipfile` module affecting vers
NOTE:
https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51
(v3.9.19)
NOTE:
https://mail.python.org/archives/list/security-annou...@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/
CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory`
class ...)
- {DLA-3948-1 DLA-3772-1}
+ {DLA-3980-1 DLA-3948-1 DLA-3772-1}
- python3.12 3.12.1-1
- python3.11 3.11.8-1 (bug #1070135)
[bookworm] - python3.11 3.11.2-6+deb12u2
@@ -113959,7 +114220,7 @@ CVE-2023-32078 (Netmaker makes networks with
WireGuard. An Insecure Direct Objec
CVE-2023-32077 (Netmaker makes networks with WireGuard. Prior to versions
0.17.1 and 0 ...)
NOT-FOR-US: Netmaker
CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before
3.9.18, ...)
- {DLA-3948-1 DLA-3614-1 DLA-3575-1}
+ {DLA-3980-1 DLA-3948-1 DLA-3614-1 DLA-3575-1}
- python3.12 3.12.0~rc1-2
- python3.11 3.11.5-1
[bookworm] - python3.11 3.11.2-6+deb12u2
@@ -140785,7 +141046,7 @@ CVE-2023-27045
CVE-2023-27044
RESERVED
CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses
e-mail ad ...)
- {DLA-3966-1}
+ {DLA-3980-1 DLA-3966-1}
- python3.12 3.12.6-1 (bug #1059299)
- python3.11 <removed> (bug #1059298)
[bookworm] - python3.11 <postponed> (Minor issue, wait until upstream
has decided whether to backport to older branches)
@@ -148989,7 +149250,7 @@ CVE-2023-24331 (Command Injection vulnerability in
D-Link Dir 816 with firmware
CVE-2023-24330 (Command Injection vulnerability in D-Link Dir 882 with
firmware versio ...)
NOT-FOR-US: D-Link
CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4
allows ...)
- {DLA-3948-1 DLA-3575-1}
+ {DLA-3980-1 DLA-3948-1 DLA-3575-1}
- python3.11 3.11.4-1
[bookworm] - python3.11 3.11.2-6+deb12u2
- python3.9 <removed>
@@ -166712,7 +166973,7 @@ CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4
and 4.17.x before 4.17.1, t
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/403
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/merge_requests/85
CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An
unnecessary quadra ...)
- {DLA-3966-1 DLA-3477-1 DLA-3432-1}
+ {DLA-3980-1 DLA-3966-1 DLA-3477-1 DLA-3432-1}
- python3.11 3.11.1-1
- python3.10 3.10.9-1
- python3.9 <removed>
@@ -175531,6 +175792,7 @@ CVE-2022-3505 (A vulnerability was found in
SourceCodester Sanitization Manageme
CVE-2022-3504 (A vulnerability was found in SourceCodester Sanitization
Management Sy ...)
NOT-FOR-US: SourceCodester
CVE-2022-42919 (Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux
allows lo ...)
+ {DLA-3980-1}
- python3.11 3.11.0-2
- python3.10 3.10.8-2
- python3.9 <removed>
@@ -214088,7 +214350,7 @@ CVE-2022-1334 (The WP YouTube Live WordPress plugin
before 1.8.3 does not valida
CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to
properly chec ...)
NOT-FOR-US: Mattermost Playbooks plugin
CVE-2015-20107 (In Python (aka CPython) up to 3.10.8, the mailcap module does
not add ...)
- {DLA-3477-1 DLA-3432-1}
+ {DLA-3980-1 DLA-3477-1 DLA-3432-1}
- python3.10 3.10.6-1
- python3.9 <removed>
- python3.7 <removed>
@@ -236894,7 +237156,7 @@ CVE-2021-4190 (Large loop in the Kafka dissector in
Wireshark 3.6.0 allows denia
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File
Transfer Pro ...)
- {DLA-3477-1 DLA-3432-1 DLA-2919-1}
+ {DLA-3980-1 DLA-3477-1 DLA-3432-1 DLA-2919-1}
- python3.10 <not-affected> (Fixed before initial upload to Debian
unstable)
- python3.9 3.9.7-1
- python3.7 <removed>
@@ -257571,7 +257833,7 @@ CVE-2021-3738 (In DCE/RPC it is possible to share the
handles (cookies for resou
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response
in the ...)
- {DLA-3966-1 DLA-3477-1 DLA-3432-1 DLA-2808-1}
+ {DLA-3980-1 DLA-3966-1 DLA-3477-1 DLA-3432-1 DLA-2808-1}
[experimental] - python3.9 3.9.6-1
- python3.9 3.9.7-1
- python3.7 <removed>
@@ -258782,7 +259044,7 @@ CVE-2021-39617
CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-204686438)
NOT-FOR-US: Android
CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An
attacker ...)
- {DLA-3477-1 DLA-3432-1 DLA-2808-1}
+ {DLA-3980-1 DLA-3477-1 DLA-3432-1 DLA-2808-1}
- python3.9 3.9.7-1
- python3.7 <removed>
- python3.5 <removed>
@@ -283990,6 +284252,7 @@ CVE-2021-29922 (library/std/src/net/parser.rs in Rust
before 1.53.0 does not pro
NOTE:
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md
NOTE:
https://github.com/rust-lang/rust/commit/974192cd98b3efca8e5cd293f641f561e7487b30
CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles
leading zero ...)
+ {DLA-3980-1}
[experimental] - python3.9 3.9.5-1
- python3.9 3.9.7-1 (bug #989195)
- python2.7 <not-affected> (Vulnerable code introduced later)
@@ -286620,7 +286883,7 @@ CVE-2021-28863
CVE-2021-28862
RESERVED
CVE-2021-28861 (Python 3.x through 3.10 has an open redirection vulnerability
in lib/h ...)
- {DLA-3966-1}
+ {DLA-3980-1 DLA-3966-1}
- python3.11 3.11.0~b4-1 (unimportant)
- python3.10 3.10.6-1 (unimportant)
- python3.9 <removed> (unimportant)
@@ -288563,7 +288826,7 @@ CVE-2021-28374 (The Debian courier-authlib package
before 0.71.1-2 for Courier A
NOTE: Re-introduction of #378571 while migrating from
debian/permissions to
NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2.
CVE-2021-3426 (There's a flaw in Python 3's pydoc. A local or adjacent
attacker who d ...)
- {DLA-3477-1 DLA-2619-1}
+ {DLA-3980-1 DLA-3477-1 DLA-2619-1}
[experimental] - python3.9 3.9.3-1
- python3.9 3.9.7-1
- python3.7 <removed>
@@ -363758,7 +364021,7 @@ CVE-2020-10736 (An authorization bypass vulnerability
was found in Ceph versions
NOTE:
https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868
(master)
NOTE:
https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2
(v15.2.2)
CVE-2020-10735 (A flaw was found in python. In algorithms with quadratic time
complexi ...)
- {DLA-3966-1 DLA-3477-1}
+ {DLA-3980-1 DLA-3966-1 DLA-3477-1}
- python3.11 3.11.0~rc2-1
- python3.10 3.10.7-1
- python3.9 <removed>
@@ -475658,10 +475921,10 @@ CVE-2018-9383
RESERVED
CVE-2018-9382
RESERVED
-CVE-2018-9381
- RESERVED
-CVE-2018-9380
- RESERVED
+CVE-2018-9381 (In gatts_process_read_by_type_req of gatt_sr.c, there is a
possibleinf ...)
+ TODO: check
+CVE-2018-9380 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of
bounds w ...)
+ TODO: check
CVE-2018-9379
RESERVED
CVE-2018-9378
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65cca1f126004201a975d1b5a932f7c172a43e5f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65cca1f126004201a975d1b5a932f7c172a43e5f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
