Debian Linux vulnerabilities

CVE-2024-52301 [HIGH] CWE-88 CVE-2024-52301: Laravel is a web application framework. When the register_argc_argv php directive is set to on , and Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignor

CVE-2024-52533 [CRITICAL] CWE-120 CVE-2024-52533: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflo gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

CVE-2024-46952 [HIGH] CWE-120 CVE-2024-46952: An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer o An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).

CVE-2024-46956 [HIGH] CWE-125 CVE-2024-46956: An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data acc An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.

CVE-2024-46953 [HIGH] CWE-190 CVE-2024-46953: An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflo An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

CVE-2024-46951 [HIGH] CWE-824 CVE-2024-46951: An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implemen An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.

CVE-2024-46955 [MEDIUM] CWE-125 CVE-2024-46955: An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bo An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.

CVE-2024-50602 [MEDIUM] CWE-754 CVE-2024-50602: An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser funct An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

CVE-2024-47685 [CRITICAL] CWE-908 CVE-2024-47685: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() BUG: KMSAN: uni

CVE-2024-41311 [HIGH] CWE-125 CVE-2024-41311: In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an o In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.

CVE-2024-9680 [CRITICAL] CWE-416 CVE-2024-9680: An attacker was able to achieve code execution in the content process by exploiting a use-after-free An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird

CVE-2024-8508 [MEDIUM] CWE-606 CVE-2024-8508: NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded perform

CVE-2024-47175 [CRITICAL] CWE-20 CVE-2024-47175: CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately

CVE-2024-46544 [MEDIUM] CWE-276 CVE-2024-46544: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view a Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neit

CVE-2024-8096 [MEDIUM] CWE-295 CVE-2024-8096: When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP sta When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not

CVE-2024-44977 [HIGH] CWE-787 CVE-2024-44977: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)

CVE-2024-44986 [HIGH] CWE-416 CVE-2024-44986: In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_f In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive.

CVE-2024-44974 [HIGH] CWE-416 CVE-2024-44974: In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF w In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, rea

CVE-2024-44940 [HIGH] CVE-2024-44940: In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_rec In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_receive on unsupported protocol Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler. Such a packet is easily constructed. Syzbot generates them and sets off this warning. Remove the warning as it is exp

CVE-2024-42302 [HIGH] CWE-416 CVE-2024-42302: In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently to hot-removal of the same portion of the hierarchy: The dpc_handler() awaits readiness of the secondary bus below the Downstream Port where the DPC even