Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e91dea23 by security tracker role at 2024-05-20T20:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,330 +1,398 @@
-CVE-2024-36009 [ax25: Fix netdev refcount issue]
+CVE-2024-5137 (A vulnerability classified as problematic was found in
PHPGurukul Dire ...)
+ TODO: check
+CVE-2024-5136 (A vulnerability classified as problematic has been found in
PHPGurukul ...)
+ TODO: check
+CVE-2024-5135 (A vulnerability was found in PHPGurukul Directory Management
System 1. ...)
+ TODO: check
+CVE-2024-4323 (A memory corruption vulnerability in Fluent Bit versions 2.0.7
thru 3. ...)
+ TODO: check
+CVE-2024-4287 (In mintplex-labs/anything-llm, a vulnerability exists due to
improper ...)
+ TODO: check
+CVE-2024-4151 (An Improper Access Control vulnerability exists in
lunary-ai/lunary ve ...)
+ TODO: check
+CVE-2024-3761 (In lunary-ai/lunary version 1.2.2, the DELETE endpoint located
at `pac ...)
+ TODO: check
+CVE-2024-3482 (A Stored Cross-Site Scripting (XSS) vulnerability has been
identified ...)
+ TODO: check
+CVE-2024-35580 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
adv.iptv.stbpv ...)
+ TODO: check
+CVE-2024-35579 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
iptv.city.vlan ...)
+ TODO: check
+CVE-2024-35578 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
adv.iptv.stbal ...)
+ TODO: check
+CVE-2024-35576 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
iptv.stb.port ...)
+ TODO: check
+CVE-2024-35571 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
iptv.stb.mode ...)
+ TODO: check
+CVE-2024-34953 (An issue in taurusxin ncmdump v1.3.2 allows attackers to cause
a Denia ...)
+ TODO: check
+CVE-2024-34952 (taurusxin ncmdump v1.3.2 was discovered to contain a
segmentation viol ...)
+ TODO: check
+CVE-2024-34949 (likeshop 2.5.7 is vulnerable to SQL Injection via the
getOrderList fun ...)
+ TODO: check
+CVE-2024-34948 (An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd
IK-Q3000 ...)
+ TODO: check
+CVE-2024-34947 (Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000
3.7.10 x64 ...)
+ TODO: check
+CVE-2024-34193 (smanga 3.2.7 does not filter the file parameter at the PHP/get
file fl ...)
+ TODO: check
+CVE-2024-31714 (Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before
allows ...)
+ TODO: check
+CVE-2024-2835 (A Stored Cross-Site Scripting (XSS) vulnerability has been
identified ...)
+ TODO: check
+CVE-2024-29651 (A Prototype Pollution issue in API Dev Tools
json-schema-ref-parser v. ...)
+ TODO: check
+CVE-2024-29000 (The SolarWinds Platform was determined to be affected by a
reflected c ...)
+ TODO: check
+CVE-2024-27312 (Zoho ManageEngine PAM360 version 6601 is vulnerable to
authorization v ...)
+ TODO: check
+CVE-2024-24294 (A Prototype Pollution issue in Blackprint @blackprint/engine
v.0.9.0 a ...)
+ TODO: check
+CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader
v.10.0.3 all ...)
+ TODO: check
+CVE-2024-1968 (In scrapy/scrapy, an issue was identified where the
Authorization head ...)
+ TODO: check
+CVE-2024-0401 (ASUS routers supporting custom OpenVPN profiles are vulnerable
to a co ...)
+ TODO: check
+CVE-2023-49335 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
injectio ...)
+ TODO: check
+CVE-2023-49334 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
Injectio ...)
+ TODO: check
+CVE-2023-49333 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
injectio ...)
+ TODO: check
+CVE-2023-49332 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
injectio ...)
+ TODO: check
+CVE-2023-49331 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
injectio ...)
+ TODO: check
+CVE-2023-49330 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
Injectio ...)
+ TODO: check
+CVE-2024-36009 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
NOTE:
https://git.kernel.org/linus/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b (6.9-rc6)
-CVE-2024-36008 [ipv4: check for NULL idev in ip_route_use_hint()]
+CVE-2024-36008 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1 (6.9-rc6)
-CVE-2024-36007 [mlxsw: spectrum_acl_tcam: Fix warning during rehash]
+CVE-2024-36007 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/743edc8547a92b6192aa1f1b6bb78233fa21dc9b (6.9-rc6)
-CVE-2024-36006 [mlxsw: spectrum_acl_tcam: Fix incorrect list API usage]
+CVE-2024-36006 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b377add0f0117409c418ddd6504bd682ebe0bf79 (6.9-rc6)
-CVE-2024-36005 [netfilter: nf_tables: honor table dormant flag from netdev
release event path]
+CVE-2024-36005 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2 (6.9-rc6)
-CVE-2024-36004 [i40e: Do not use WQ_MEM_RECLAIM flag for workqueue]
+CVE-2024-36004 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/2cc7d150550cc981aceedf008f5459193282425c (6.9-rc6)
-CVE-2024-36003 [ice: fix LAG and VF lock dependency in ice_reset_vf()]
+CVE-2024-36003 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/96fdd1f6b4ed72a741fb0eb705c0e13049b8721f (6.9-rc6)
-CVE-2024-36002 [dpll: fix dpll_pin_on_pin_register() for multiple parent pins]
+CVE-2024-36002 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/38d7b94e81d068b8d8c8392f421cfd2c3bbfd1a6 (6.9-rc6)
-CVE-2024-36001 [netfs: Fix the pre-flush when appending to a file in
writethrough mode]
+CVE-2024-36001 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c97f59e276d4e93480f29a70accbd0d7273cf3f5 (6.9-rc6)
-CVE-2024-36000 [mm/hugetlb: fix missing hugetlb_lock for resv uncharge]
+CVE-2024-36000 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.8.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b76b46902c2d0395488c8412e1116c2486cdfcb2 (6.9-rc6)
-CVE-2024-35999 [smb3: missing lock when picking channel]
+CVE-2024-35999 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.8.9-1
NOTE:
https://git.kernel.org/linus/8094a600245e9b28eb36a13036f202ad67c1f887 (6.9-rc6)
-CVE-2024-35998 [smb3: fix lock ordering potential deadlock in
cifs_sync_mid_result]
+CVE-2024-35998 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
NOTE:
https://git.kernel.org/linus/8861fd5180476f45f9e8853db154600469a0284f (6.9-rc6)
-CVE-2024-35997 [HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent
lock-up]
+CVE-2024-35997 (In the Linux kernel, the following vulnerability has been
resolved: H ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e (6.9-rc6)
-CVE-2024-35996 [cpu: Re-enable CPU mitigations by default for !X86
architectures]
+CVE-2024-35996 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fe42754b94a42d08cf9501790afc25c4f6a5f631 (6.9-rc6)
-CVE-2024-35995 [ACPI: CPPC: Use access_width over bit_width for system memory
accesses]
+CVE-2024-35995 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
NOTE:
https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)
-CVE-2024-35994 [firmware: qcom: uefisecapp: Fix memory related IO errors and
crashes]
+CVE-2024-35994 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ed09f81eeaa8f9265e1787282cb283f10285c259 (6.9-rc6)
-CVE-2024-35993 [mm: turn folio_test_hugetlb into a PageType]
+CVE-2024-35993 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d99e3140a4d33e26066183ff727d8f02f56bec64 (6.9-rc6)
-CVE-2024-35992 [phy: marvell: a3700-comphy: Fix out of bounds read]
+CVE-2024-35992 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e4308bc22b9d46cf33165c9dfaeebcf29cd56f04 (6.9-rc6)
-CVE-2024-35991 [dmaengine: idxd: Convert spinlock to mutex to lock evl
workqueue]
+CVE-2024-35991 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d5638de827cff0fce77007e426ec0ffdedf68a44 (6.9-rc6)
-CVE-2024-35990 [dma: xilinx_dpdma: Fix locking]
+CVE-2024-35990 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/244296cc3a155199a8b080d19e645d7d49081a38 (6.9-rc6)
-CVE-2024-35989 [dmaengine: idxd: Fix oops during rmmod on single-CPU platforms]
+CVE-2024-35989 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f221033f5c24659dc6ad7e5cf18fb1b075f4a8be (6.9-rc6)
-CVE-2024-35988 [riscv: Fix TASK_SIZE on 64-bit NOMMU]
+CVE-2024-35988 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6065e736f82c817c9a597a31ee67f0ce4628e948 (6.9-rc6)
-CVE-2024-35987 [riscv: Fix loading 64-bit NOMMU kernels past the start of RAM]
+CVE-2024-35987 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/aea702dde7e9876fb00571a2602f25130847bf0f (6.9-rc6)
-CVE-2024-35986 [phy: ti: tusb1210: Resolve charger-det crash if charger psy is
unregistered]
+CVE-2024-35986 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bf6e4ee5c43690e4c5a8a057bbcd4ff986bed052 (6.9-rc6)
-CVE-2024-35985 [sched/eevdf: Prevent vlag from going out of bounds in
reweight_eevdf()]
+CVE-2024-35985 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1560d1f6eb6b398bddd80c16676776c0325fe5fe (6.9-rc6)
-CVE-2024-35984 [i2c: smbus: fix NULL function pointer dereference]
+CVE-2024-35984 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f (6.9-rc6)
-CVE-2024-35983 [bounds: Use the right number of bits for power-of-two
CONFIG_NR_CPUS]
+CVE-2024-35983 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5af385f5f4cddf908f663974847a4083b2ff2c79 (6.9-rc7)
-CVE-2024-35982 [batman-adv: Avoid infinite loop trying to resize local TT]
+CVE-2024-35982 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/b1f532a3b1e6d2e5559c7ace49322922637a28aa (6.9-rc4)
-CVE-2024-35981 [virtio_net: Do not send RSS key if it is not supported]
+CVE-2024-35981 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/059a49aa2e25c58f90b50151f109dd3c4cdb3a47 (6.9-rc4)
-CVE-2024-35980 [arm64: tlb: Fix TLBI RANGE operand]
+CVE-2024-35980 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e3ba51ab24fddef79fc212f9840de54db8fd1685 (6.9-rc4)
-CVE-2024-35979 [raid1: fix use-after-free for original bio in
raid1_write_request()]
+CVE-2024-35979 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fcf3f7e2fc8a53a6140beee46ec782a4c88e4744 (6.9-rc4)
-CVE-2024-35978 [Bluetooth: Fix memory leak in hci_req_sync_complete()]
+CVE-2024-35978 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810 (6.9-rc4)
-CVE-2024-35977 [platform/chrome: cros_ec_uart: properly fix race condition]
+CVE-2024-35977 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5e700b384ec13f5bcac9855cb28fcc674f1d3593 (6.9-rc4)
-CVE-2024-35976 [Description:]
+CVE-2024-35976 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/237f3cf13b20db183d3706d997eedc3c49eacd44 (6.9-rc4)
-CVE-2024-35975 [octeontx2-pf: Fix transmit scheduler resource leak]
+CVE-2024-35975 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bccb798e07f8bb8b91212fe8ed1e421685449076 (6.9-rc4)
-CVE-2024-35974 [block: fix q->blkg_list corruption during disk rebind]
+CVE-2024-35974 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.8.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8b8ace080319a866f5dfe9da8e665ae51d971c54 (6.9-rc4)
-CVE-2024-35973 [geneve: fix header validation in geneve[6]_xmit_skb]
+CVE-2024-35973 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/d8a6213d70accb403b82924a1c229e733433a5ef (6.9-rc4)
-CVE-2024-35972 [bnxt_en: Fix possible memory leak in
bnxt_rdma_aux_device_init()]
+CVE-2024-35972 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff (6.9-rc4)
-CVE-2024-35971 [net: ks8851: Handle softirqs at the end of IRQ thread to fix
hang]
+CVE-2024-35971 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/be0384bf599cf1eb8d337517feeb732d71f75a6f (6.9-rc4)
-CVE-2024-35970 [af_unix: Clear stale u->oob_skb.]
+CVE-2024-35970 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b46f4eaa4f0ec38909fb0072eea3aeddb32f954e (6.9-rc4)
-CVE-2024-35969 [ipv6: fix race condition between ipv6_get_ifaddr and
ipv6_del_addr]
+CVE-2024-35969 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/7633c4da919ad51164acbf1aa322cc1a3ead6129 (6.9-rc4)
-CVE-2024-35968 [pds_core: Fix pdsc_check_pci_health function to use work
thread]
+CVE-2024-35968 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/81665adf25d28a00a986533f1d3a5df76b79cad9 (6.9-rc4)
-CVE-2024-35967 [Bluetooth: SCO: Fix not validating setsockopt user input]
+CVE-2024-35967 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/51eda36d33e43201e7a4fd35232e069b2c850b01 (6.9-rc4)
-CVE-2024-35966 [Bluetooth: RFCOMM: Fix not validating setsockopt user input]
+CVE-2024-35966 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.8.9-1
NOTE:
https://git.kernel.org/linus/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695 (6.9-rc4)
-CVE-2024-35965 [Bluetooth: L2CAP: Fix not validating setsockopt user input]
+CVE-2024-35965 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
NOTE:
https://git.kernel.org/linus/4f3951242ace5efc7131932e2e01e6ac6baed846 (6.9-rc4)
-CVE-2024-35964 [Bluetooth: ISO: Fix not validating setsockopt user input]
+CVE-2024-35964 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.8.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9e8742cdfc4b0e65266bb4a901a19462bda9285e (6.9-rc4)
-CVE-2024-35963 [Bluetooth: hci_sock: Fix not validating setsockopt user input]
+CVE-2024-35963 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.8.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b2186061d6043d6345a97100460363e990af0d46 (6.9-rc4)
-CVE-2024-35962 [netfilter: complete validation of user input]
+CVE-2024-35962 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/65acf6e0501ac8880a4f73980d01b5d27648b956 (6.9-rc4)
-CVE-2024-35961 [net/mlx5: Register devlink first under devlink lock]
+CVE-2024-35961 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c6e77aa9dd82bc18a89bf49418f8f7e961cfccc8 (6.9-rc4)
-CVE-2024-35960 [net/mlx5: Properly link new fs rules into the tree]
+CVE-2024-35960 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/7c6782ad4911cbee874e85630226ed389ff2e453 (6.9-rc4)
-CVE-2024-35959 [net/mlx5e: Fix mlx5e_priv_init() cleanup flow]
+CVE-2024-35959 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ecb829459a841198e142f72fadab56424ae96519 (6.9-rc4)
-CVE-2024-35958 [net: ena: Fix incorrect descriptor free behavior]
+CVE-2024-35958 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bf02d9fe00632d22fa91d34749c7aacf397b6cde (6.9-rc4)
-CVE-2024-35957 [iommu/vt-d: Fix WARN_ON in iommu probe path]
+CVE-2024-35957 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/89436f4f54125b1297aec1f466efd8acb4ec613d (6.9-rc4)
-CVE-2024-35956 [btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume
operations]
+CVE-2024-35956 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.8.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/74e97958121aa1f5854da6effba70143f051b0cd (6.9-rc4)
-CVE-2024-35955 [kprobes: Fix possible use-after-free issue on kprobe
registration]
+CVE-2024-35955 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 (6.9-rc4)
-CVE-2024-35954 [scsi: sg: Avoid sg device teardown race]
+CVE-2024-35954 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/27f58c04a8f438078583041468ec60597841284d (6.9-rc2)
-CVE-2024-35953 [accel/ivpu: Fix deadlock in context_xa]
+CVE-2024-35953 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fd7726e75968b27fe98534ccbf47ccd6fef686f3 (6.9-rc4)
-CVE-2024-35952 [drm/ast: Fix soft lockup]
+CVE-2024-35952 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bc004f5038220b1891ef4107134ccae44be55109 (6.9-rc4)
-CVE-2024-35951 [drm/panfrost: Fix the error path in
panfrost_mmu_map_fault_addr()]
+CVE-2024-35951 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1fc9af813b25e146d3607669247d0f970f5a87c3 (6.9-rc4)
-CVE-2024-35950 [drm/client: Fully protect modes[] with dev->mode_config.mutex]
+CVE-2024-35950 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/3eadd887dbac1df8f25f701e5d404d1b90fd0fea (6.9-rc4)
-CVE-2024-35949 [btrfs: make sure that WRITTEN is set on all metadata blocks]
+CVE-2024-35949 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/e03418abde871314e1a3a550f4c8afb7b89cb273 (6.9)
-CVE-2024-35948 [bcachefs: Check for journal entries overruning end of sb clean
section]
+CVE-2024-35948 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)
CVE-2024-5134 (A vulnerability was found in SourceCodester Electricity
Consumption Mo ...)
@@ -2328,7 +2396,8 @@ CVE-2024-4760 (A voltage glitch during the startup of
EEFC NVM controllers on Mi
NOT-FOR-US: Microchip SAM E70/S70/V70/V71 microcontrollers
CVE-2024-4733 (The ShiftController Employee Shift Scheduling plugin is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-4642 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the wandb ...)
+CVE-2024-4642
+ REJECTED
NOT-FOR-US: wandb
CVE-2024-4635 (The Menu Icons by ThemeIsle plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: WordPress plugin
@@ -3217,7 +3286,7 @@ CVE-2024-4778 (Memory safety bugs present in Firefox 125.
Some of these bugs sho
- firefox 126.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778
CVE-2024-4777 (Memory safety bugs present in Firefox 125, Firefox ESR 115.10,
and Thu ...)
- {DSA-5693-1 DSA-5691-1 DLA-3815-1}
+ {DSA-5693-1 DSA-5691-1 DLA-3817-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -3243,7 +3312,7 @@ CVE-2024-4771 (A memory allocation check was missing
which would lead to a use-a
- firefox 126.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4771
CVE-2024-4770 (When saving a page to PDF, certain font styles could have led
to a pot ...)
- {DSA-5693-1 DSA-5691-1 DLA-3815-1}
+ {DSA-5693-1 DSA-5691-1 DLA-3817-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -3251,7 +3320,7 @@ CVE-2024-4770 (When saving a page to PDF, certain font
styles could have led to
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769
CVE-2024-4769 (When importing resources using Web Workers, error messages
would disti ...)
- {DSA-5693-1 DSA-5691-1 DLA-3815-1}
+ {DSA-5693-1 DSA-5691-1 DLA-3817-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -3259,7 +3328,7 @@ CVE-2024-4769 (When importing resources using Web
Workers, error messages would
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769
CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it
easier ...)
- {DSA-5693-1 DSA-5691-1 DLA-3815-1}
+ {DSA-5693-1 DSA-5691-1 DLA-3817-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -3267,7 +3336,7 @@ CVE-2024-4768 (A bug in popup notifications' interaction
with WebAuthn made it e
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768
CVE-2024-4767 (If the `browser.privatebrowsing.autostart` preference is
enabled, Inde ...)
- {DSA-5693-1 DSA-5691-1 DLA-3815-1}
+ {DSA-5693-1 DSA-5691-1 DLA-3817-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -3281,7 +3350,7 @@ CVE-2024-4765 (Web application manifests were stored by
using an insecure MD5 ha
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765
CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which
would al ...)
- {DSA-5693-1 DSA-5691-1 DLA-3815-1}
+ {DSA-5693-1 DSA-5691-1 DLA-3817-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -4237,7 +4306,7 @@ CVE-2024-34350 (Next.js is a React framework that can
provide building blocks to
NOT-FOR-US: Next.js
CVE-2024-34345 (The CycloneDX JavaScript library contains the core
functionality of OW ...)
NOT-FOR-US: CycloneDX
-CVE-2024-34338 (A Blind command injection vulnerability in Tenda O3V2
V1.0.0.12 and ea ...)
+CVE-2024-34338 (Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was
discover ...)
NOT-FOR-US: Tenda
CVE-2024-34220 (Sourcecodester Human Resource Management System 1.0 is
vulnerable to S ...)
NOT-FOR-US: Sourcecodester Human Resource Management System
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e91dea230aad31872dc2fe618d0b6c81e214fef1
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e91dea230aad31872dc2fe618d0b6c81e214fef1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
