Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3c47b23 by security tracker role at 2024-06-19T20:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,548 +1,662 @@
-CVE-2021-47616 [RDMA: Fix use-after-free in rxe_queue_cleanup]
+CVE-2024-5676 (The Paradox IP150 Internet Module in version 1.40.00 is
vulnerable to ...)
+ TODO: check
+CVE-2024-4632 (The WooCommerce Checkout & Funnel Builder by CartFlows \u2013
Create H ...)
+ TODO: check
+CVE-2024-38358 (Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI
and Ems ...)
+ TODO: check
+CVE-2024-38357 (TinyMCE is an open source rich text editor. A cross-site
scripting (XS ...)
+ TODO: check
+CVE-2024-38356 (TinyMCE is an open source rich text editor. A cross-site
scripting (XS ...)
+ TODO: check
+CVE-2024-38355 (Socket.IO is an open source, real-time, bidirectional,
event-based, co ...)
+ TODO: check
+CVE-2024-38352
+ REJECTED
+CVE-2024-38329 (IBM Storage Protect for Virtual Environments: Data Protection
for VMwa ...)
+ TODO: check
+CVE-2024-36117 (Reposilite is an open source, lightweight and easy-to-use
repository m ...)
+ TODO: check
+CVE-2024-36116 (Reposilite is an open source, lightweight and easy-to-use
repository m ...)
+ TODO: check
+CVE-2024-36115 (Reposilite is an open source, lightweight and easy-to-use
repository m ...)
+ TODO: check
+CVE-2024-35780 (Deserialization of Untrusted Data vulnerability in Live
Composer Team ...)
+ TODO: check
+CVE-2024-35765 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34993 (In the module "Bulk Export products to Google Merchant-Google
Shopping ...)
+ TODO: check
+CVE-2024-34444 (Missing Authorization vulnerability in ThemePunch OHG Slider
Revolutio ...)
+ TODO: check
+CVE-2024-34443 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-32030 (Kafka UI is an Open-Source Web UI for Apache Kafka Management.
Kafka U ...)
+ TODO: check
+CVE-2024-22263 (Spring Cloud Data Flow is a microservices-based Streaming and
Batch da ...)
+ TODO: check
+CVE-2024-0383 (The WP Recipe Maker plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2023-6495 (The YARPP \u2013 Yet Another Related Posts Plugin plugin for
WordPress ...)
+ TODO: check
+CVE-2023-50900 (Cross-Site Request Forgery (CSRF) vulnerability in Averta
Master Slide ...)
+ TODO: check
+CVE-2023-48761 (Missing Authorization vulnerability in Crocoblock JetElements
For Elem ...)
+ TODO: check
+CVE-2023-48760 (Missing Authorization vulnerability in Crocoblock JetElements
For Elem ...)
+ TODO: check
+CVE-2023-48759 (Missing Authorization vulnerability in Crocoblock JetElements
For Elem ...)
+ TODO: check
+CVE-2023-47788 (Missing Authorization vulnerability in Automattic Jetpack.This
issue a ...)
+ TODO: check
+CVE-2023-47783 (Missing Authorization vulnerability in Thrive Themes Thrive
Theme Buil ...)
+ TODO: check
+CVE-2023-47771 (Missing Authorization vulnerability in ThemePunch OHG
Essential Grid.T ...)
+ TODO: check
+CVE-2023-47770 (Missing Authorization vulnerability in Muffin Group
Betheme.This issue ...)
+ TODO: check
+CVE-2023-47681 (Missing Authorization vulnerability in QuadLayers WooCommerce
Checkout ...)
+ TODO: check
+CVE-2023-46148 (Missing Authorization vulnerability in Themify Themify
Ultra.This issu ...)
+ TODO: check
+CVE-2023-46146 (Missing Authorization vulnerability in Themify Themify
Ultra.This issu ...)
+ TODO: check
+CVE-2023-45658 (Missing Authorization vulnerability in POSIMYTH Nexter.This
issue affe ...)
+ TODO: check
+CVE-2023-44151 (Missing Authorization vulnerability in Brainstorm Force
Pre-Publish Ch ...)
+ TODO: check
+CVE-2023-44148 (Missing Authorization vulnerability in Brainstorm Force Astra
Bulk Edi ...)
+ TODO: check
+CVE-2023-41805 (Missing Authorization vulnerability in Brainstorm Force
Premium Starte ...)
+ TODO: check
+CVE-2023-40608 (Missing Authorization vulnerability in Paid Memberships Pro
Paid Membe ...)
+ TODO: check
+CVE-2023-40004 (Missing Authorization vulnerability in ServMask All-in-One WP
Migratio ...)
+ TODO: check
+CVE-2023-39998 (Missing Authorization vulnerability in Muffingroup
Betheme.This issue ...)
+ TODO: check
+CVE-2023-39993 (Missing Authorization vulnerability in Wpmet Elements kit
Elementor ad ...)
+ TODO: check
+CVE-2023-39990 (Missing Authorization vulnerability in Paid Memberships
Pro.This issue ...)
+ TODO: check
+CVE-2023-39922 (Missing Authorization vulnerability in ThemeFusion Avada.This
issue af ...)
+ TODO: check
+CVE-2023-39312 (Missing Authorization vulnerability in ThemeFusion Avada.This
issue af ...)
+ TODO: check
+CVE-2023-39310 (Missing Authorization vulnerability in ThemeFusion Fusion
Builder.This ...)
+ TODO: check
+CVE-2023-38394 (Missing Authorization vulnerability in Artbees JupiterX
Core.This issu ...)
+ TODO: check
+CVE-2023-38393 (Missing Authorization vulnerability in Saturday Drive Ninja
Forms.This ...)
+ TODO: check
+CVE-2023-38386 (Missing Authorization vulnerability in Saturday Drive Ninja
Forms.This ...)
+ TODO: check
+CVE-2023-37872 (Missing Authorization vulnerability in Woo WooCommerce Ship to
Multipl ...)
+ TODO: check
+CVE-2023-37870 (Missing Authorization vulnerability in Woo WooCommerce
Warranty Reques ...)
+ TODO: check
+CVE-2023-37869 (Missing Authorization vulnerability in Premium Addons Premium
Addons P ...)
+ TODO: check
+CVE-2023-36684 (Missing Authorization vulnerability in Brainstorm Force
Convert Pro.Th ...)
+ TODO: check
+CVE-2023-36683 (Missing Authorization vulnerability in WP SCHEMA PRO Schema
Pro.This i ...)
+ TODO: check
+CVE-2023-36676 (Missing Authorization vulnerability in Brainstorm Force
Spectra.This i ...)
+ TODO: check
+CVE-2023-36516 (Missing Authorization vulnerability in ThimPress
LearnPress.This issue ...)
+ TODO: check
+CVE-2023-36515 (Missing Authorization vulnerability in ThimPress
LearnPress.This issue ...)
+ TODO: check
+CVE-2023-36512 (Missing Authorization vulnerability in Woo AutomateWoo.This
issue affe ...)
+ TODO: check
+CVE-2023-35050 (Missing Authorization vulnerability in Elementor Elementor
Pro.This is ...)
+ TODO: check
+CVE-2023-35049 (Missing Authorization vulnerability in WooCommerce WooCommerce
Stripe ...)
+ TODO: check
+CVE-2021-47616 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/84b01721e8042cdd1e8ffeb648844a09cd4213e0 (5.16-rc5)
-CVE-2021-47615 [RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow]
+CVE-2021-47615 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)
-CVE-2021-47614 [RDMA/irdma: Fix a user-after-free in add_pble_prm]
+CVE-2021-47614 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1e11a39a82e95ce86f849f40dda0d9c0498cebd9 (5.16-rc5)
-CVE-2021-47613 [i2c: virtio: fix completion handling]
+CVE-2021-47613 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b503de239f62eca898cfb7e820d9a35499137d22 (5.16-rc5)
-CVE-2021-47612 [nfc: fix segfault in nfc_genl_dump_devices_done]
+CVE-2021-47612 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/fd79a0cbf0b2e34bcc45b13acf962e2032a82203 (5.16-rc5)
-CVE-2021-47611 [mac80211: validate extended element ID is present]
+CVE-2021-47611 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/768c0b19b50665e337c96858aa2b7928d6dcf756 (5.16-rc6)
-CVE-2021-47610 [drm/msm: Fix null ptr access msm_ioctl_gem_submit()]
+CVE-2021-47610 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 5.15.15-1
NOTE:
https://git.kernel.org/linus/26d776fd0f79f093a5d0ce1a4c7c7a992bc3264c (5.16-rc4)
-CVE-2021-47609 [firmware: arm_scpi: Fix string overflow in SCPI genpd driver]
+CVE-2021-47609 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/865ed67ab955428b9aa771d8b4f1e4fb7fd08945 (5.16-rc6)
-CVE-2021-47608 [bpf: Fix kernel address leakage in atomic fetch]
+CVE-2021-47608 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6)
-CVE-2021-47607 [bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg]
+CVE-2021-47607 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a82fe085f344ef20b452cd5f481010ff96b5c4cd (5.16-rc6)
-CVE-2021-47606 [net: netlink: af_netlink: Prevent empty skb by adding a check
on len.]
+CVE-2021-47606 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/f123cffdd8fe8ea6c7fded4b88516a42798797d0 (5.16-rc4)
-CVE-2021-47605 [vduse: fix memory corruption in vduse_dev_ioctl()]
+CVE-2021-47605 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ff9f9c6e74848170fcb45c8403c80d661484c8c9 (5.16-rc6)
-CVE-2021-47604 [vduse: check that offset is within bounds in get_config()]
+CVE-2021-47604 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/dc1db0060c02d119fd4196924eff2d1129e9a442 (5.16-rc6)
-CVE-2021-47603 [audit: improve robustness of the audit queue handling]
+CVE-2021-47603 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/f4b3ee3c85551d2d343a3ba159304066523f730f (5.16-rc6)
-CVE-2021-47602 [mac80211: track only QoS data frames for admission control]
+CVE-2021-47602 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a (5.16-rc6)
-CVE-2021-47601 [tee: amdtee: fix an IS_ERR() vs NULL bug]
+CVE-2021-47601 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9d7482771fac8d8e38e763263f2ca0ca12dd22c6 (5.16-rc6)
-CVE-2021-47600 [dm btree remove: fix use after free in rebalance_children()]
+CVE-2021-47600 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/1b8d2789dad0005fd5e7d35dab26a8e1203fb6da (5.16-rc6)
-CVE-2021-47599 [btrfs: use latest_dev in btrfs_show_devname]
+CVE-2021-47599 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 5.15.15-1
NOTE:
https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)
-CVE-2021-47598 [sch_cake: do not call cake_destroy() from cake_init()]
+CVE-2021-47598 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/ab443c53916730862cec202078d36fd4008bea79 (5.16-rc6)
-CVE-2021-47597 [inet_diag: fix kernel-infoleak for UDP sockets]
+CVE-2021-47597 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
NOTE:
https://git.kernel.org/linus/71ddeac8cd1d217744a0e060ff520e147c9328d1 (5.16-rc6)
-CVE-2021-47596 [net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg]
+CVE-2021-47596 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/27cbf64a766e86f068ce6214f04c00ceb4db1af4 (5.16-rc6)
-CVE-2021-47595 [net/sched: sch_ets: don't remove idle classes from the
round-robin list]
+CVE-2021-47595 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c062f2a0b04d86c5b8c9d973bea43493eaca3d32 (5.16-rc6)
-CVE-2021-47594 [mptcp: never allow the PM to close a listener subflow]
+CVE-2021-47594 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b0cdc5dbcf2ba0d99785da5aabf1b17943805b8a (5.16-rc6)
-CVE-2021-47593 [mptcp: clear 'kern' flag from fallback sockets]
+CVE-2021-47593 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d6692b3b97bdc165d150f4c1505751a323a80717 (5.16-rc6)
-CVE-2021-47592 [net: stmmac: fix tc flower deletion for VLAN priority Rx
steering]
+CVE-2021-47592 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/aeb7c75cb77478fdbf821628e9c95c4baa9adc63 (5.16-rc6)
-CVE-2021-47591 [mptcp: remove tcp ulp setsockopt support]
+CVE-2021-47591 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/404cd9a22150f24acf23a8df2ad0c094ba379f57 (5.16-rc6)
-CVE-2021-47590 [mptcp: fix deadlock in __mptcp_push_pending()]
+CVE-2021-47590 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3d79e3756ca90f7a6087b77b62c1d9c0801e0820 (5.16-rc6)
-CVE-2021-47589 [igbvf: fix double free in `igbvf_probe`]
+CVE-2021-47589 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/b6d335a60dc624c0d279333b22c737faa765b028 (5.16-rc6)
-CVE-2021-47588 [sit: do not call ipip6_dev_free() from sit_init_net()]
+CVE-2021-47588 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/e28587cc491ef0f3c51258fdc87fbc386b1d4c59 (5.16-rc6)
-CVE-2021-47587 [net: systemport: Add global locking for descriptor lifecycle]
+CVE-2021-47587 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/8b8e6e782456f1ce02a7ae914bbd5b1053f0b034 (5.16-rc6)
-CVE-2021-47586 [net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup]
+CVE-2021-47586 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0546b224cc7717cc8a2db076b0bb069a9c430794 (5.16-rc6)
-CVE-2021-47585 [btrfs: fix memory leak in __add_inode_ref()]
+CVE-2021-47585 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f35838a6930296fc1988764cfa54cb3f705c0665 (5.16-rc6)
-CVE-2021-47584 [iocost: Fix divide-by-zero on donation from low hweight cgroup]
+CVE-2021-47584 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/edaa26334c117a584add6053f48d63a988d25a6e (5.16-rc6)
-CVE-2021-47583 [media: mxl111sf: change mutex_init() location]
+CVE-2021-47583 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/44870a9e7a3c24acbb3f888b2a7cc22c9bdf7e7f (5.16-rc1)
-CVE-2021-47582 [USB: core: Make do_proc_control() and do_proc_bulk() killable]
+CVE-2021-47582 (In the Linux kernel, the following vulnerability has been
resolved: U ...)
- linux 5.15.15-1
NOTE:
https://git.kernel.org/linus/ae8709b296d80c7f45aa1f35c0e7659ad69edce1 (5.16-rc1)
-CVE-2021-47581 [xen/netback: don't queue unlimited number of packages]
+CVE-2021-47581 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/be81992f9086b230623ae3ebbc85ecee4d00a3d3 (5.16-rc7)
-CVE-2021-47580 [scsi: scsi_debug: Fix type in min_t to avoid stack OOB]
+CVE-2021-47580 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
NOTE:
https://git.kernel.org/linus/36e07d7ede88a1f1ef8f0f209af5b7612324ac2c (5.16-rc3)
-CVE-2021-47579 [ovl: fix warning in ovl_create_real()]
+CVE-2021-47579 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/1f5573cfe7a7056e80a92c7a037a3e69f3a13d1c (5.16-rc1)
-CVE-2021-47578 [scsi: scsi_debug: Don't call kcalloc() if size arg is zero]
+CVE-2021-47578 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
NOTE:
https://git.kernel.org/linus/3344b58b53a76199dae48faa396e9fc37bf86992 (5.16-rc1)
-CVE-2021-47577 [io-wq: check for wq exit after adding new worker task_work]
+CVE-2021-47577 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.15.15-1
NOTE:
https://git.kernel.org/linus/71a85387546e50b1a37b0fa45dadcae3bfb35cf6 (5.16-rc5)
-CVE-2021-47576 [scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select()]
+CVE-2021-47576 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/e0a2c28da11e2c2b963fc01d50acbf03045ac732 (5.16-rc3)
-CVE-2021-47575 [xen/console: harden hvc_xen against event channel storms]
+CVE-2021-47575 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/fe415186b43df0db1f17fa3a46275fd92107fe71 (5.16-rc7)
-CVE-2021-47574 [xen/netfront: harden netfront against event channel storms]
+CVE-2021-47574 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/b27d47950e481f292c0a5ad57357edb9d95d03ba (5.16-rc7)
-CVE-2021-47573 [xen/blkfront: harden blkfront against event channel storms]
+CVE-2021-47573 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/0fd08a34e8e3b67ec9bd8287ac0facf8374b844a (5.16-rc7)
-CVE-2024-38618 [ALSA: timer: Set lower bound of start tick time]
+CVE-2024-38618 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e (6.10-rc1)
-CVE-2024-38617 [kunit/fortify: Fix mismatched kvalloc()/vfree() usage]
+CVE-2024-38617 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/998b18072ceb0613629c256b409f4d299829c7ec (6.10-rc1)
-CVE-2024-38616 [wifi: carl9170: re-fix fortified-memset warning]
+CVE-2024-38616 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/066afafc10c9476ee36c47c9062527a17e763901 (6.10-rc1)
-CVE-2024-38615 [cpufreq: exit() callback is optional]
+CVE-2024-38615 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b8f85833c05730d631576008daaa34096bc7f3ce (6.10-rc1)
-CVE-2024-38614 [openrisc: traps: Don't send signals to kernel mode threads]
+CVE-2024-38614 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c88cfb5cea5f8f9868ef02cc9ce9183a26dcf20f (6.10-rc1)
-CVE-2024-38613 [m68k: Fix spinlock race in kernel thread creation]
+CVE-2024-38613 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/da89ce46f02470ef08f0f580755d14d547da59ed (6.10-rc1)
-CVE-2024-38612 [ipv6: sr: fix invalid unregister error path]
+CVE-2024-38612 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/160e9d2752181fcf18c662e74022d77d3164cd45 (6.10-rc1)
-CVE-2024-38611 [media: i2c: et8ek8: Don't strip remove function when driver is
builtin]
+CVE-2024-38611 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/545b215736c5c4b354e182d99c578a472ac9bfce (6.10-rc1)
-CVE-2024-38610 [drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()]
+CVE-2024-38610 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3d6586008f7b638f91f3332602592caa8b00b559 (6.10-rc1)
-CVE-2024-38609 [wifi: mt76: connac: check for null before dereferencing]
+CVE-2024-38609 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/cb47c7be0e93dd5acda078163799401ac3a78e10 (6.10-rc1)
-CVE-2024-38608 [net/mlx5e: Fix netif state handling]
+CVE-2024-38608 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)
-CVE-2024-38607 [macintosh/via-macii: Fix "BUG: sleeping function called from
invalid context"]
+CVE-2024-38607 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/d301a71c76ee4c384b4e03cdc320a55f5cf1df05 (6.10-rc1)
-CVE-2024-38606 [crypto: qat - validate slices count returned by FW]
+CVE-2024-38606 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/483fd65ce29317044d1d00757e3fd23503b6b04c (6.10-rc1)
-CVE-2024-38605 [ALSA: core: Fix NULL module pointer assignment at card init]
+CVE-2024-38605 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/39381fe7394e5eafac76e7e9367e7351138a29c1 (6.10-rc1)
-CVE-2024-38604 [block: refine the EOF check in blkdev_iomap_begin]
+CVE-2024-38604 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0c12028aec837f5a002009bbf68d179d506510e8 (6.10-rc1)
-CVE-2024-38603 [drivers/perf: hisi: hns3: Actually use
devm_add_action_or_reset()]
+CVE-2024-38603 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/582c1aeee0a9e73010cf1c4cef338709860deeb0 (6.10-rc1)
-CVE-2024-38602 [ax25: Fix reference count leak issues of ax25_dev]
+CVE-2024-38602 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/b505e0319852b08a3a716b64620168eab21f4ced (6.10-rc1)
-CVE-2024-38601 [ring-buffer: Fix a race between readers and resize checks]
+CVE-2024-38601 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/c2274b908db05529980ec056359fae916939fdaa (6.10-rc1)
-CVE-2024-38600 [ALSA: Fix deadlocks with kctl removals at disconnection]
+CVE-2024-38600 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/87988a534d8e12f2e6fc01fe63e6c1925dc5307c (6.10-rc1)
-CVE-2024-38599 [jffs2: prevent xattr node from overflowing the eraseblock]
+CVE-2024-38599 (In the Linux kernel, the following vulnerability has been
resolved: j ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/c6854e5a267c28300ff045480b5a7ee7f6f1d913 (6.10-rc1)
-CVE-2024-38598 [md: fix resync softlockup when bitmap size is less than array
size]
+CVE-2024-38598 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/f0e729af2eb6bee9eb58c4df1087f14ebaefe26b (6.10-rc1)
-CVE-2024-38597 [eth: sungem: remove .ndo_poll_controller to avoid deadlocks]
+CVE-2024-38597 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/ac0a230f719b02432d8c7eba7615ebd691da86f4 (6.10-rc1)
-CVE-2024-38596 [af_unix: Fix data races in
unix_release_sock/unix_stream_sendmsg]
+CVE-2024-38596 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/540bf24fba16b88c1b3b9353927204b4f1074e25 (6.10-rc1)
-CVE-2024-38595 [net/mlx5: Fix peer devlink set for SF representor devlink port]
+CVE-2024-38595 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3c453e8cc672de1f9c662948dba43176bc68d7f0 (6.10-rc1)
-CVE-2024-38594 [net: stmmac: move the EST lock to struct stmmac_priv]
+CVE-2024-38594 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197 (6.10-rc1)
-CVE-2024-38593 [net: micrel: Fix receiving the timestamp in the frame for
lan8841]
+CVE-2024-38593 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/aea27a92a41dae14843f92c79e9e42d8f570105c (6.10-rc1)
-CVE-2024-38592 [drm/mediatek: Init `ddp_comp` with devm_kcalloc()]
+CVE-2024-38592 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/01a2c5123e27b3c4685bf2fc4c2e879f6e0c7b33 (6.10-rc1)
-CVE-2024-38591 [RDMA/hns: Fix deadlock on SRQ async events.]
+CVE-2024-38591 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b46494b6f9c19f141114a57729e198698f40af37 (6.10-rc1)
-CVE-2024-38590 [RDMA/hns: Modify the print level of CQE error]
+CVE-2024-38590 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/349e859952285ab9689779fb46de163f13f18f43 (6.10-rc1)
-CVE-2024-38589 [netrom: fix possible dead-lock in nr_rt_ioctl()]
+CVE-2024-38589 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6 (6.10-rc1)
-CVE-2024-38588 [ftrace: Fix possible use-after-free issue in ftrace_location()]
+CVE-2024-38588 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/e60b613df8b6253def41215402f72986fee3fc8d (6.10-rc1)
-CVE-2024-38587 [speakup: Fix sizeof() vs ARRAY_SIZE() bug]
+CVE-2024-38587 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b (6.10-rc1)
-CVE-2024-38586 [r8169: Fix possible ring buffer corruption on fragmented Tx
packets.]
+CVE-2024-38586 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c71e3a5cffd5309d7f84444df03d5b72600cc417 (6.10-rc1)
-CVE-2024-38585 [tools/nolibc/stdlib: fix memory error in realloc()]
+CVE-2024-38585 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/791f4641142e2aced85de082e5783b4fb0b977c2 (6.10-rc1)
-CVE-2024-38584 [net: ti: icssg_prueth: Fix NULL pointer dereference in
prueth_probe()]
+CVE-2024-38584 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b31c7e78086127a7fcaa761e8d336ee855a920c6 (6.10-rc1)
-CVE-2024-38583 [nilfs2: fix use-after-free of timer for log writer thread]
+CVE-2024-38583 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 (6.10-rc1)
-CVE-2024-38582 [nilfs2: fix potential hang in nilfs_detach_log_writer()]
+CVE-2024-38582 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/eb85dace897c5986bc2f36b3c783c6abb8a4292e (6.10-rc1)
-CVE-2024-38581 [drm/amdgpu/mes: fix use-after-free issue]
+CVE-2024-38581 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)
-CVE-2024-38580 [epoll: be better about file lifetimes]
+CVE-2024-38580 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b (6.9-rc7)
-CVE-2024-38579 [crypto: bcm - Fix pointer arithmetic]
+CVE-2024-38579 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9 (6.10-rc1)
-CVE-2024-38578 [ecryptfs: Fix buffer size for tag 66 packet]
+CVE-2024-38578 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/85a6a1aff08ec9f5b929d345d066e2830e8818e5 (6.10-rc1)
-CVE-2024-38577 [rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow]
+CVE-2024-38577 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/cc5645fddb0ce28492b15520306d092730dffa48 (6.10-rc1)
-CVE-2024-38576 [rcu: Fix buffer overflow in print_cpu_stall_info()]
+CVE-2024-38576 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3758f7d9917bd7ef0482c4184c0ad673b4c4e069 (6.10-rc1)
-CVE-2024-38575 [wifi: brcmfmac: pcie: handle randbuf allocation failure]
+CVE-2024-38575 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/316f790ebcf94bdf59f794b7cdea4068dc676d4c (6.10-rc1)
-CVE-2024-38574 [libbpf: Prevent null-pointer dereference when prog to load has
no BTF]
+CVE-2024-38574 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9bf48fa19a4b1d186e08b20bf7e5de26a15644fb (6.10-rc1)
-CVE-2024-38573 [cppc_cpufreq: Fix possible null pointer dereference]
+CVE-2024-38573 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/cf7de25878a1f4508c69dc9f6819c21ba177dbfe (6.10-rc1)
-CVE-2024-38572 [wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()]
+CVE-2024-38572 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e1bdff48a1bb4a4ac660c19c55a820968c48b3f2 (6.10-rc1)
-CVE-2024-38571 [thermal/drivers/tsens: Fix null pointer dereference]
+CVE-2024-38571 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d998ddc86a27c92140b9f7984ff41e3d1d07a48f (6.10-rc1)
-CVE-2024-38570 [gfs2: Fix potential glock use-after-free on unmount]
+CVE-2024-38570 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/d98779e687726d8f8860f1c54b5687eec5f63a73 (6.10-rc1)
-CVE-2024-38569 [drivers/perf: hisi_pcie: Fix out-of-bound access when valid
event group]
+CVE-2024-38569 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/77fce82678ea5fd51442e62febec2004f79e041b (6.10-rc1)
-CVE-2024-38568 [drivers/perf: hisi: hns3: Fix out-of-bound access when valid
event group]
+CVE-2024-38568 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e (6.10-rc1)
-CVE-2024-38567 [wifi: carl9170: add a proper sanity check for endpoints]
+CVE-2024-38567 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0 (6.10-rc1)
-CVE-2024-38566 [bpf: Fix verifier assumptions about socket->sk]
+CVE-2024-38566 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0db63c0b86e981a1e97d2596d64ceceba1a5470e (6.10-rc1)
-CVE-2024-38565 [wifi: ar5523: enable proper endpoint verification]
+CVE-2024-38565 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/e120b6388d7d88635d67dcae6483f39c37111850 (6.10-rc1)
-CVE-2024-38564 [bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE]
+CVE-2024-38564 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/543576ec15b17c0c93301ac8297333c7b6e84ac7 (6.10-rc1)
-CVE-2024-38563 [wifi: mt76: mt7996: fix potential memory leakage when reading
chip temperature]
+CVE-2024-38563 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/474b9412f33be87076b40a49756662594598a85e (6.10-rc1)
-CVE-2024-38562 [wifi: nl80211: Avoid address calculations via out of bounds
array indexing]
+CVE-2024-38562 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/838c7b8f1f278404d9d684c34a8cb26dc41aaaa1 (6.10-rc1)
-CVE-2024-38561 [kunit: Fix kthread reference]
+CVE-2024-38561 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f8aa1b98ce40184521ed95ec26cc115a255183b2 (6.10-rc1)
-CVE-2024-38560 [scsi: bfa: Ensure the copied buf is NUL terminated]
+CVE-2024-38560 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/13d0cecb4626fae67c00c84d3c7851f6b62f7df3 (6.10-rc1)
-CVE-2024-38559 [scsi: qedf: Ensure the copied buf is NUL terminated]
+CVE-2024-38559 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/d0184a375ee797eb657d74861ba0935b6e405c62 (6.10-rc1)
-CVE-2024-38558 [net: openvswitch: fix overwriting ct original tuple for ICMPv6]
+CVE-2024-38558 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/7c988176b6c16c516474f6fceebe0f055af5eb56 (6.10-rc1)
-CVE-2024-38557 [net/mlx5: Reload only IB representors upon lag disable/enable]
+CVE-2024-38557 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4 (6.10-rc1)
-CVE-2024-38556 [net/mlx5: Add a timeout to acquire the command queue semaphore]
+CVE-2024-38556 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/485d65e1357123a697c591a5aeb773994b247ad7 (6.10-rc1)
-CVE-2024-38555 [net/mlx5: Discard command completions in internal error]
+CVE-2024-38555 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40 (6.10-rc1)
-CVE-2024-38554 [ax25: Fix reference count leak issue of net_device]
+CVE-2024-38554 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/36e56b1b002bb26440403053f19f9e1a8bc075b2 (6.10-rc1)
-CVE-2024-38553 [net: fec: remove .ndo_poll_controller to avoid deadlocks]
+CVE-2024-38553 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/c2e0c58b25a0a0c37ec643255558c5af4450c9f5 (6.10-rc1)
-CVE-2024-38552 [drm/amd/display: Fix potential index out of bounds in color
transformation function]
+CVE-2024-38552 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/63ae548f1054a0b71678d0349c7dc9628ddd42ca (6.10-rc1)
-CVE-2024-38551 [ASoC: mediatek: Assign dummy when codec not specified for a
DAI link]
+CVE-2024-38551 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5f39231888c63f0a7708abc86b51b847476379d8 (6.10-rc1)
-CVE-2024-38550 [ASoC: kirkwood: Fix potential NULL dereference]
+CVE-2024-38550 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ea60ab95723f5738e7737b56dda95e6feefa5b50 (6.10-rc1)
-CVE-2024-38549 [drm/mediatek: Add 0 size check to mtk_drm_gem_obj]
+CVE-2024-38549 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/1e4350095e8ab2577ee05f8c3b044e661b5af9a0 (6.10-rc1)
-CVE-2024-38548 [drm: bridge: cdns-mhdp8546: Fix possible null pointer
dereference]
+CVE-2024-38548 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/935a92a1c400285545198ca2800a4c6c519c650a (6.10-rc1)
-CVE-2024-38547 [media: atomisp: ssh_css: Fix a null-pointer dereference in
load_video_binaries]
+CVE-2024-38547 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/3b621e9e9e148c0928ab109ac3d4b81487469acb (6.10-rc1)
-CVE-2024-38546 [drm: vc4: Fix possible null pointer dereference]
+CVE-2024-38546 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/c534b63bede6cb987c2946ed4d0b0013a52c5ba7 (6.10-rc1)
-CVE-2024-38545 [RDMA/hns: Fix UAF for cq async event]
+CVE-2024-38545 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/a942ec2745ca864cd8512142100e4027dc306a42 (6.10-rc1)
-CVE-2024-38544 [RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt]
+CVE-2024-38544 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/2b23b6097303ed0ba5f4bc036a1c07b6027af5c6 (6.10-rc1)
-CVE-2024-38543 [lib/test_hmm.c: handle src_pfns and dst_pfns allocation
failure]
+CVE-2024-38543 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c2af060d1c18beaec56351cf9c9bcbbc5af341a3 (6.10-rc1)
-CVE-2024-38542 [RDMA/mana_ib: boundary check before installing cq callbacks]
+CVE-2024-38542 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f79edef79b6a2161f4124112f9b0c46891bb0b74 (6.10-rc1)
-CVE-2024-38541 [of: module: add buffer overflow check in of_modalias()]
+CVE-2024-38541 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/cf7385cb26ac4f0ee6c7385960525ad534323252 (6.10-rc1)
-CVE-2024-38540 [bnxt_re: avoid shift undefined behavior in
bnxt_qplib_alloc_init_hwq]
+CVE-2024-38540 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.8.12-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/78cfd17142ef70599d6409cbd709d94b3da58659 (6.10-rc1)
-CVE-2024-38539 [RDMA/cma: Fix kmemleak in rdma_core observed during blktests
nvme/rdma use siw]
+CVE-2024-38539 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.8.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9c0731832d3b7420cbadba6a7f334363bc8dfb15 (6.10-rc1)
-CVE-2024-38538 [net: bridge: xmit: make sure we have at least eth header len
bytes]
+CVE-2024-38538 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc (6.10-rc1)
-CVE-2024-36979 [net: bridge: mst: fix vlan use-after-free]
+CVE-2024-36979 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.8.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3a7c1661ae1383364cd6092d851f5e5da64d476b (6.10-rc1)
-CVE-2024-23443
+CVE-2024-23443 (A high-privileged user, allowed to create custom osquery packs
17 coul ...)
- kibana <itp> (bug #700337)
CVE-2024-6146 (Actiontec WCB6200Q uh_get_postdata_withupload Stack-based
Buffer Overf ...)
NOT-FOR-US: Actiontec WCB6200Q
@@ -694,18 +808,22 @@ CVE-2024-21685 (This High severity Information Disclosure
vulnerability was intr
CVE-2023-47726 (IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM
Cloud Pa ...)
NOT-FOR-US: IBM
CVE-2024-6103
+ {DSA-5716-1}
- chromium 126.0.6478.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-6102
+ {DSA-5716-1}
- chromium 126.0.6478.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-6101
+ {DSA-5716-1}
- chromium 126.0.6478.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-6100
+ {DSA-5716-1}
- chromium 126.0.6478.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1013,7 +1131,7 @@ CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error
and resultant heap-based
- netatalk <unfixed>
NOTE: https://github.com/Netatalk/netatalk/issues/1098
NOTE: upstream details have been removed, pinged MITRE for
clarification or rejection
-CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error and resultant
heap-based buffer ...)
+CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error, and resultant
heap-based buffe ...)
- netatalk <unfixed>
NOTE: https://github.com/Netatalk/netatalk/issues/1097
NOTE: upstream details have been removed, pinged MITRE for
clarification or rejection
@@ -2704,7 +2822,7 @@ CVE-2023-38533 (A vulnerability has been identified in
TIA Administrator (All ve
CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor
Website Bui ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5702 (Memory corruption in the networking stack could have led to a
potentia ...)
- {DSA-5711-1 DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3836-1 DLA-3825-1}
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
@@ -2713,7 +2831,7 @@ CVE-2024-5701 (Memory safety bugs present in Firefox 126.
Some of these bugs sho
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11,
and Thu ...)
- {DSA-5711-1 DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3836-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
@@ -2730,7 +2848,7 @@ CVE-2024-5697 (A website was able to detect when a user
took a screenshot of a p
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697
CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker
could ...)
- {DSA-5711-1 DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3836-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
@@ -2744,7 +2862,7 @@ CVE-2024-5694 (An attacker could have caused a
use-after-free in the JavaScript
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694
CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting,
which c ...)
- {DSA-5711-1 DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3836-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
@@ -2759,7 +2877,7 @@ CVE-2024-5692 (On Windows 10, when using the 'Save As'
functionality, an attacke
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5692
CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a
sandboxed i ...)
- {DSA-5711-1 DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3836-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
@@ -2767,7 +2885,7 @@ CVE-2024-5691 (By tricking the browser with a
`X-Frame-Options` header, a sandbo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5691
CVE-2024-5690 (By monitoring the time certain operations take, an attacker
could have ...)
- {DSA-5711-1 DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3836-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
@@ -2778,7 +2896,7 @@ CVE-2024-5689 (In addition to detecting when a user was
taking a screenshot (XXX
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
CVE-2024-5688 (If a garbage collection was triggered at the right time, a
use-after-f ...)
- {DSA-5711-1 DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3836-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
@@ -2854,13 +2972,13 @@ CVE-2024-36302 (An origin validation vulnerability in
the Trend Micro Apex One s
CVE-2024-35329 (libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in
yaml_do ...)
NOTE: disputed libyaml issue, to be rejected
CVE-2024-35242 (Composer is a dependency manager for PHP. On the 2.x branch
prior to v ...)
- {DSA-5715-1}
+ {DSA-5715-1 DLA-3838-1}
- composer 2.7.7-1 (bug #1073126)
NOTE:
https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf
NOTE:
https://github.com/composer/composer/commit/fc57b93603d7d90b71ca8ec77b1c8a9171fdb467
(2.2.24)
NOTE:
https://github.com/composer/composer/commit/6bd43dff859c597c09bd03a7e7d6443822d0a396
(2.7.7)
CVE-2024-35241 (Composer is a dependency manager for PHP. On the 2.x branch
prior to v ...)
- {DSA-5715-1}
+ {DSA-5715-1 DLA-3838-1}
- composer 2.7.7-1 (bug #1073125)
NOTE:
https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c
NOTE:
https://github.com/composer/composer/commit/b93fc6ca437da35ae73d667d0618749c763b67d4
(2.2.24)
@@ -5037,7 +5155,7 @@ CVE-2023-6382 (The Master Slider \u2013 Responsive Touch
Slider plugin for WordP
CVE-2024-5565 (The Vanna library uses a prompt function to present the user
with visu ...)
NOT-FOR-US: Vanna
CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local
maliciou ...)
- {DSA-5713-1}
+ {DSA-5713-1 DLA-3837-1}
- libndp 1.8-2 (bug #1072366)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2284122
NOTE: https://github.com/jpirko/libndp/issues/26
@@ -102127,8 +102245,8 @@ CVE-2023-25699 (Improper Neutralization of Special
Elements used in an OS Comman
NOT-FOR-US: WordPress plugin
CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio
Wombat Shopp ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25697
- RESERVED
+CVE-2023-25697 (Cross-Site Request Forgery (CSRF) vulnerability in
GamiPress.This issu ...)
+ TODO: check
CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow
Hive Pro ...)
NOT-FOR-US: Apache Airflow Hive Provider
CVE-2023-25695 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
@@ -121803,8 +121921,8 @@ CVE-2022-45834
RESERVED
CVE-2022-45833 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin <=
1.5.1 on ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45832
- RESERVED
+CVE-2022-45832 (Missing Authorization vulnerability in Hennessey Digital
Attorney.This ...)
+ TODO: check
CVE-2022-45831 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
biplob01 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45830
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3c47b2362c9954f8d05959a5215772f56fbd529
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3c47b2362c9954f8d05959a5215772f56fbd529
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
