Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35bc06b6 by security tracker role at 2024-04-13T08:11:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-32028 (OpenTelemetry dotnet is a dotnet telemetry framework. In
affected vers ...)
+ TODO: check
+CVE-2024-32019 (Netdata is an open source observability tool. In affected
versions the ...)
+ TODO: check
+CVE-2024-32005 (NiceGUI is an easy-to-use, Python-based UI framework. A local
file inc ...)
+ TODO: check
+CVE-2024-32003 (wn-dusk-plugin (Dusk plugin) is a plugin which integrates
Laravel Dusk ...)
+ TODO: check
+CVE-2024-31462 (stable-diffusion-webui is a web interface for Stable
Diffusion, implem ...)
+ TODO: check
+CVE-2024-2583 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress
plugin b ...)
+ TODO: check
+CVE-2024-29023 (Xibo is an Open Source Digital Signage platform with a web
content man ...)
+ TODO: check
+CVE-2024-29022 (Xibo is an Open Source Digital Signage platform with a web
content man ...)
+ TODO: check
+CVE-2024-28869 (Traefik is an HTTP reverse proxy and load balancer. In
affected versio ...)
+ TODO: check
+CVE-2024-1957 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
+ TODO: check
CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting
version 1.1. ...)
NOT-FOR-US: OpenGnsys
CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting
version 1.1. ...)
@@ -916,9 +938,11 @@ CVE-2021-47181 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/14651496a3de6807a17c310f63c894ea0c5d858e (5.16-rc1)
CVE-2024-26816 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/aaa8736370db1a78f0e8434344a484f9fd20be3b (6.9-rc1)
CVE-2024-26815 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-5658-1}
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1824,6 +1848,7 @@ CVE-2023-41677 (A insufficiently protected credentials in
Fortinet FortiProxy 7.
CVE-2022-4965 (The Invitation Code Content Restriction Plugin from
CreativeMinds plug ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2201 [Native Branch History Injection]
+ {DSA-5658-1}
- linux <unfixed>
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -2093,6 +2118,7 @@ CVE-2014-125111 (A vulnerability was found in
namithjawahar Wp-Insert up to 2.0.
CVE-2011-10006 (A vulnerability was found in GamerZ WP-PostRatings up to 1.64.
It has ...)
NOT-FOR-US: WordPress plugin
CVE-2024-26811 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3)
CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can
cause un ...)
@@ -2556,19 +2582,24 @@ CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2
before 2023.48.0 allows XSS v
CVE-2023-48426 (u-boot bug that allows for u-boot shell and interrupt over
UART)
NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in
Debian)
CVE-2024-27437 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fe9a7082684eb059b925c535682e68c34d487d43 (6.9-rc1)
CVE-2024-26814 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
+ {DSA-5658-1}
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7447d911af699a15f8d050dfcb7c680a86f87012 (6.9-rc1)
CVE-2024-26813 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/675daf435e9f8e5a5eab140a9864dfad6668b375 (6.9-rc1)
CVE-2024-26812 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/18c198c96a815c962adc2b9b77909eec0be7df4d (6.9-rc1)
CVE-2024-26810 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/810cd4bb53456d0503cc4e7934e063835152c1b7 (6.9-rc1)
CVE-2024-24746 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
@@ -2773,6 +2804,7 @@ CVE-2023-36644 (Incorrect Access Control in ITB-GmbH
TradePro v9.5, allows remot
CVE-2023-36643 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows
remote atta ...)
NOT-FOR-US: ITB-GmbH TradePro
CVE-2024-26809 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-5658-1}
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee (6.9-rc1)
@@ -2815,6 +2847,7 @@ CVE-2024-26801 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux 6.1.82-1
NOTE:
https://git.kernel.org/linus/2449007d3f73b2842c9734f45f0aadb522daf592 (6.8-rc7)
CVE-2024-26800 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ {DSA-5658-1}
- linux 6.7.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -3716,6 +3749,7 @@ CVE-2023-52637 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/efe7cf828039aedb297c1f9920b638fffee6aabc (6.8-rc5)
CVE-2024-31083 (A use-after-free vulnerability was found in the
ProcRenderAddGlyphs() ...)
+ {DSA-5657-1}
- xorg-server 2:21.1.11-3
- xwayland <unfixed>
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be
running as root)
@@ -3730,12 +3764,14 @@ CVE-2024-31082 (A heap-based buffer over-read
vulnerability was found in the X.o
NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
NOTE: Affects the XQuartz (X11 server and client libraries for macOS)
component
CVE-2024-31081 (A heap-based buffer over-read vulnerability was found in the
X.org ser ...)
+ {DSA-5657-1}
- xorg-server 2:21.1.11-3
- xwayland <unfixed>
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee
NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
CVE-2024-31080 (A heap-based buffer over-read vulnerability was found in the
X.org ser ...)
+ {DSA-5657-1}
- xorg-server 2:21.1.11-3
- xwayland <unfixed>
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be
running as root)
@@ -4439,6 +4475,7 @@ CVE-2024-26655 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8 (6.9-rc2)
CVE-2024-26654 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/051e0840ffa8ab25554d6b14b62c9ab9e4901457 (6.9-rc2)
CVE-2024-26653 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
@@ -7226,10 +7263,12 @@ CVE-2023-49837 (Uncontrolled Resource Consumption
vulnerability in David Artiss
CVE-2023-47715 (IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could
allow an ...)
NOT-FOR-US: IBM
CVE-2024-26643 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-5658-1}
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/552705a3650bbf46a22b1adedc1b04181490fc36 (6.8)
CVE-2024-26642 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/16603605b667b70da974bea8216c93e7db043bf1 (6.8)
CVE-2023-52620 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
@@ -15173,10 +15212,12 @@ CVE-2023-6477 (An issue has been discovered in GitLab
EE affecting all versions
CVE-2024-1451 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <not-affected> (Only affects 16.9)
CVE-2024-26585 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ {DSA-5658-1}
- linux 6.7.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb (6.8-rc5)
CVE-2024-26584 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-5658-1}
- linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/8590541473188741055d27b955db0777569438e3 (6.8-rc5)
CVE-2024-26583 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
@@ -18913,9 +18954,11 @@ CVE-2024-24859 (A race condition was found in the
Linux kernel's net/bluetooth i
- linux <unfixed>
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8153
CVE-2024-24858 (A race condition was found in the Linux kernel's net/bluetooth
in {con ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8154
CVE-2024-24857 (A race condition was found in the Linux kernel's net/bluetooth
device ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8155
CVE-2024-24855 (A race condition was found in the Linux kernel's scsi device
driver in ...)
@@ -35807,6 +35850,7 @@ CVE-2023-47234 (An issue was discovered in FRRouting
FRR through 9.0.1. A crash
- frr 9.1-0.1 (bug #1055852)
NOTE:
https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf
CVE-2023-47233 (The brcm80211 component in the Linux kernel through 6.5.10 has
a brcmf ...)
+ {DSA-5658-1}
- linux <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1216702
CVE-2023-45189 (A vulnerability in IBM Robotic Process Automation and IBM
Robotic Proc ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35bc06b65b4e036fabdca415dfb9fe5a596c79d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35bc06b65b4e036fabdca415dfb9fe5a596c79d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
