Debian Linux vulnerabilities

CVE-2024-50349 [LOW] CWE-116 CVE-2024-50349: Git is a fast, scalable, distributed revision control system with an unusually rich command set that Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a p

CVE-2023-27539 [MEDIUM] CVE-2023-27539: There is a denial of service vulnerability in the header parsing component of Rack. There is a denial of service vulnerability in the header parsing component of Rack.

CVE-2024-12426 [MEDIUM] CWE-200 CVE-2024-12426: Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerabi Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such link

CVE-2024-12425 [LOW] CWE-22 CVE-2024-12425: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 befo

CVE-2024-46981 [CRITICAL] CWE-416 CVE-2024-46981: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a s Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server execu

CVE-2024-56705 [MEDIUM] CWE-617 CVE-2024-56705: In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for r In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for rgby_data memory allocation failure In ia_css_3a_statistics_allocate(), there is no check on the allocation result of the rgby_data memory. If rgby_data is not successfully allocated, it may trigger the assert(host_stats->rgby_data) assertion in ia_cs

CVE-2024-53197 [HIGH] CWE-787 CVE-2024-53197: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_

CVE-2024-56644 [MEDIUM] CVE-2024-56644: In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired excep In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that must be fulfilled for the leak to occur: * an ICMPv6 packet i

CVE-2024-53150 [HIGH] CWE-125 CVE-2024-53150: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bou In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-

CVE-2024-47606 [HIGH] CWE-190 CVE-2024-47606: GStreamer is a library for constructing graphs of media-handling components. An integer underflow ha GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit neg

CVE-2024-46901 [MEDIUM] CWE-20 CVE-2024-46901: Insufficient validation of filenames against control characters in Apache Subversion repositories se Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories

CVE-2024-53104 [HIGH] CWE-787 CVE-2024-53104: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing f In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

CVE-2024-53566 [MEDIUM] CWE-22 CVE-2024-53566: An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.

CVE-2024-44308 [HIGH] CVE-2024-44308: The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and i The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac sys

CVE-2024-44309 [MEDIUM] CWE-79 CVE-2024-44309: A cookie management issue was addressed with improved state management. This issue is fixed in Safar A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been a

CVE-2024-10224 [HIGH] CWE-78 CVE-2024-10224: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before vers Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().

CVE-2024-50302 [MEDIUM] CWE-908 CVE-2024-50302: In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

CVE-2024-52316 [CRITICAL] CWE-391 CVE-2024-52316: Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Ja Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to by

CVE-2024-10978 [MEDIUM] CWE-266 CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or ch Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results t

CVE-2024-49369 [CRITICAL] CWE-295 CVE-2024-49369: Icinga is a monitoring system which checks the availability of network resources, notifies users of Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client