Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 35bc06b6 by security tracker role at 2024-04-13T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,25 @@ +CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-32028 (OpenTelemetry dotnet is a dotnet telemetry framework. In affected vers ...) + TODO: check +CVE-2024-32019 (Netdata is an open source observability tool. In affected versions the ...) + TODO: check +CVE-2024-32005 (NiceGUI is an easy-to-use, Python-based UI framework. A local file inc ...) + TODO: check +CVE-2024-32003 (wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk ...) + TODO: check +CVE-2024-31462 (stable-diffusion-webui is a web interface for Stable Diffusion, implem ...) + TODO: check +CVE-2024-2583 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) + TODO: check +CVE-2024-29023 (Xibo is an Open Source Digital Signage platform with a web content man ...) + TODO: check +CVE-2024-29022 (Xibo is an Open Source Digital Signage platform with a web content man ...) + TODO: check +CVE-2024-28869 (Traefik is an HTTP reverse proxy and load balancer. In affected versio ...) + TODO: check +CVE-2024-1957 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) + TODO: check CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) NOT-FOR-US: OpenGnsys CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) @@ -916,9 +938,11 @@ CVE-2021-47181 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/14651496a3de6807a17c310f63c894ea0c5d858e (5.16-rc1) CVE-2024-26816 (In the Linux kernel, the following vulnerability has been resolved: x ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://git.kernel.org/linus/aaa8736370db1a78f0e8434344a484f9fd20be3b (6.9-rc1) CVE-2024-26815 (In the Linux kernel, the following vulnerability has been resolved: n ...) + {DSA-5658-1} - linux <unfixed> [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) @@ -1824,6 +1848,7 @@ CVE-2023-41677 (A insufficiently protected credentials in Fortinet FortiProxy 7. CVE-2022-4965 (The Invitation Code Content Restriction Plugin from CreativeMinds plug ...) NOT-FOR-US: WordPress plugin CVE-2024-2201 [Native Branch History Injection] + {DSA-5658-1} - linux <unfixed> - xen <unfixed> [bullseye] - xen <end-of-life> (EOLed in Bullseye) @@ -2093,6 +2118,7 @@ CVE-2014-125111 (A vulnerability was found in namithjawahar Wp-Insert up to 2.0. CVE-2011-10006 (A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has ...) NOT-FOR-US: WordPress plugin CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolved: k ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3) CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cause un ...) @@ -2556,19 +2582,24 @@ CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS v CVE-2023-48426 (u-boot bug that allows for u-boot shell and interrupt over UART) NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2024-27437 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://git.kernel.org/linus/fe9a7082684eb059b925c535682e68c34d487d43 (6.9-rc1) CVE-2024-26814 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux <unfixed> [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7447d911af699a15f8d050dfcb7c680a86f87012 (6.9-rc1) CVE-2024-26813 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://git.kernel.org/linus/675daf435e9f8e5a5eab140a9864dfad6668b375 (6.9-rc1) CVE-2024-26812 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://git.kernel.org/linus/18c198c96a815c962adc2b9b77909eec0be7df4d (6.9-rc1) CVE-2024-26810 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://git.kernel.org/linus/810cd4bb53456d0503cc4e7934e063835152c1b7 (6.9-rc1) CVE-2024-24746 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...) @@ -2773,6 +2804,7 @@ CVE-2023-36644 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remot CVE-2023-36643 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote atta ...) NOT-FOR-US: ITB-GmbH TradePro CVE-2024-26809 (In the Linux kernel, the following vulnerability has been resolved: n ...) + {DSA-5658-1} - linux <unfixed> [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee (6.9-rc1) @@ -2815,6 +2847,7 @@ CVE-2024-26801 (In the Linux kernel, the following vulnerability has been resolv [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/2449007d3f73b2842c9734f45f0aadb522daf592 (6.8-rc7) CVE-2024-26800 (In the Linux kernel, the following vulnerability has been resolved: t ...) + {DSA-5658-1} - linux 6.7.9-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) @@ -3716,6 +3749,7 @@ CVE-2023-52637 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/efe7cf828039aedb297c1f9920b638fffee6aabc (6.8-rc5) CVE-2024-31083 (A use-after-free vulnerability was found in the ProcRenderAddGlyphs() ...) + {DSA-5657-1} - xorg-server 2:21.1.11-3 - xwayland <unfixed> [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root) @@ -3730,12 +3764,14 @@ CVE-2024-31082 (A heap-based buffer over-read vulnerability was found in the X.o NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html NOTE: Affects the XQuartz (X11 server and client libraries for macOS) component CVE-2024-31081 (A heap-based buffer over-read vulnerability was found in the X.org ser ...) + {DSA-5657-1} - xorg-server 2:21.1.11-3 - xwayland <unfixed> [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root) NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html CVE-2024-31080 (A heap-based buffer over-read vulnerability was found in the X.org ser ...) + {DSA-5657-1} - xorg-server 2:21.1.11-3 - xwayland <unfixed> [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root) @@ -4439,6 +4475,7 @@ CVE-2024-26655 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8 (6.9-rc2) CVE-2024-26654 (In the Linux kernel, the following vulnerability has been resolved: A ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://git.kernel.org/linus/051e0840ffa8ab25554d6b14b62c9ab9e4901457 (6.9-rc2) CVE-2024-26653 (In the Linux kernel, the following vulnerability has been resolved: u ...) @@ -7226,10 +7263,12 @@ CVE-2023-49837 (Uncontrolled Resource Consumption vulnerability in David Artiss CVE-2023-47715 (IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an ...) NOT-FOR-US: IBM CVE-2024-26643 (In the Linux kernel, the following vulnerability has been resolved: n ...) + {DSA-5658-1} - linux <unfixed> [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/552705a3650bbf46a22b1adedc1b04181490fc36 (6.8) CVE-2024-26642 (In the Linux kernel, the following vulnerability has been resolved: n ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://git.kernel.org/linus/16603605b667b70da974bea8216c93e7db043bf1 (6.8) CVE-2023-52620 (In the Linux kernel, the following vulnerability has been resolved: n ...) @@ -15173,10 +15212,12 @@ CVE-2023-6477 (An issue has been discovered in GitLab EE affecting all versions CVE-2024-1451 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <not-affected> (Only affects 16.9) CVE-2024-26585 (In the Linux kernel, the following vulnerability has been resolved: t ...) + {DSA-5658-1} - linux 6.7.7-1 [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb (6.8-rc5) CVE-2024-26584 (In the Linux kernel, the following vulnerability has been resolved: n ...) + {DSA-5658-1} - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/8590541473188741055d27b955db0777569438e3 (6.8-rc5) CVE-2024-26583 (In the Linux kernel, the following vulnerability has been resolved: t ...) @@ -18913,9 +18954,11 @@ CVE-2024-24859 (A race condition was found in the Linux kernel's net/bluetooth i - linux <unfixed> NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8153 CVE-2024-24858 (A race condition was found in the Linux kernel's net/bluetooth in {con ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8154 CVE-2024-24857 (A race condition was found in the Linux kernel's net/bluetooth device ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8155 CVE-2024-24855 (A race condition was found in the Linux kernel's scsi device driver in ...) @@ -35807,6 +35850,7 @@ CVE-2023-47234 (An issue was discovered in FRRouting FRR through 9.0.1. A crash - frr 9.1-0.1 (bug #1055852) NOTE: https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf CVE-2023-47233 (The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf ...) + {DSA-5658-1} - linux <unfixed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1216702 CVE-2023-45189 (A vulnerability in IBM Robotic Process Automation and IBM Robotic Proc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35bc06b65b4e036fabdca415dfb9fe5a596c79d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35bc06b65b4e036fabdca415dfb9fe5a596c79d8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits