Report Name: Linux Patch Wednesday February 2024
Generated: 2024-03-05 21:10:30

Product Name	Prevalence	U	C	H	M	L	A	Comment
AMD Processor	0.9				1		1	Processor
Linux Kernel	0.9			6	11		17	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Sudo	0.9		1		1		2	Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
Chromium	0.8			2	14		16	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GNU C Library	0.8		2	1			3	The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
Mozilla Firefox	0.8			3	10	1	14	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Node.js	0.8			1			1	Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
OpenSSL	0.8			1	1		2	A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
Safari	0.8			2			2	Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Secure Boot	0.8				1		1	Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
.NET	0.7				2		2	.NET
BIND	0.7				4		4	BIND is a suite of software for interacting with the Domain Name System
Oracle MySQL	0.7				29	1	30	MySQL is an open-source relational database management system
ImageMagick	0.6				1		1	ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
Puma	0.6				1		1	Puma is a Ruby/Rack web server built for parallelism
Redis	0.6			1			1	Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
DNSSEC	0.5				1		1	The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
GRUB2	0.5				1		1	Product detected by a:gnu:grub2 (exists in CPE dict)
GnuTLS	0.5		1	1			2	Product detected by a:gnu:gnutls (exists in CPE dict)
Go	0.5				1		1	Product detected by a:golang:go (exists in CPE dict)
JGit	0.5			1			1	Product detected by a:eclipse:jgit (exists in CPE dict)
OpenJ9	0.5					1	1	Product detected by a:eclipse:openj9 (exists in CPE dict)
Pillow	0.5			1	1		2	Product detected by a:python:pillow (exists in CPE dict)
Santuario XML Security for Java	0.5				1		1	Product detected by a:apache:santuario_xml_security_for_java (exists in CPE dict)
Secure Endpoint	0.5				1		1	Product detected by a:cisco:secure_endpoint (exists in CPE dict)
Slurm	0.5			1	3		4	Product detected by a:schedmd:slurm (exists in CPE dict)
XTERM	0.5		1		1		2	Product detected by a:invisible-island:xterm (exists in CPE dict)
Zstandard	0.5				1		1	Product detected by a:facebook:zstandard (exists in CPE dict)
atril	0.5		1				1	Product detected by a:mate-desktop:atril (does NOT exist in CPE dict)
django	0.5				1		1	Product detected by a:djangoproject:django (exists in CPE dict)
dnsmasq	0.5		1				1	Product detected by a:thekelleys:dnsmasq (exists in CPE dict)
edk2	0.5				9		9	Product detected by a:tianocore:edk2 (exists in CPE dict)
engrampa	0.5		1				1	Product detected by a:mate-desktop:engrampa (does NOT exist in CPE dict)
glacne_store	0.5					1	1	Product detected by a:openstack:glacne_store (does NOT exist in CPE dict)
jinja	0.5				1		1	Product detected by a:palletsprojects:jinja (exists in CPE dict)
libgit2	0.5			1			1	Product detected by a:libgit2:libgit2 (exists in CPE dict)
libtiff	0.5			1	2		3	Product detected by a:libtiff:libtiff (exists in CPE dict)
linux_kernel	0.5				2		2	Product detected by o:linux:linux_kernel (exists in CPE dict)
postfix	0.5			1			1	Product detected by a:postfix:postfix (exists in CPE dict)
postgresql	0.5				1		1	Product detected by a:postgresql:postgresql (exists in CPE dict)
pycryptodome	0.5				1		1	Product detected by a:pycryptodome:pycryptodome (does NOT exist in CPE dict)
rpm	0.5			3			3	Product detected by a:rpm:rpm (exists in CPE dict)
runc	0.5		1				1	Product detected by a:linuxfoundation:runc (exists in CPE dict)
tcpslice	0.5			1			1	Product detected by a:tcpdump:tcpslice (exists in CPE dict)
Unknown Product	0				1	3	4	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		2	6			8
Authentication Bypass	0.98		1		1		2
Code Injection	0.97			1			1
Command Injection	0.97		1		2		3
Security Feature Bypass	0.9			5	7		12
Elevation of Privilege	0.85		1	5	2		8
Information Disclosure	0.83		2	1	2		5
Cross Site Scripting	0.8				1		1
Denial of Service	0.7		2	7	55		64
Incorrect Calculation	0.5			1	1		2
Memory Corruption	0.5			1	24		25
Spoofing	0.4				1		1
Unknown Vulnerability Type	0			1	9	7	17

Source	U	C	H	M	L	A
debian		9	27	69	3	108
redhat		3	14	50	3	70
oraclelinux		3	8	14		25
almalinux		3	7	11		21
ubuntu		5	13	69	3	90
redos		2		2		4

Urgent (0)

Critical (9)

1. Elevation of Privilege - GNU C Library (CVE-2023-6246) - Critical [666]

Description: A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

debian: CVE-2023-6246 was patched at 2024-01-30, unknown date

ubuntu: CVE-2023-6246 was patched at 2024-02-01

2. Remote Code Execution - XTERM (CVE-2022-45063) - Critical [654]

Description: xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

debian: CVE-2022-45063 was patched at unknown date

redos: CVE-2022-45063 was patched at 2024-02-01

3. Information Disclosure - runc (CVE-2024-21626) - Critical [648]

Description: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

debian: CVE-2024-21626 was patched at 2024-02-04, unknown date

redhat: CVE-2024-21626 was patched at 2024-02-02, 2024-02-07, 2024-02-08

oraclelinux: CVE-2024-21626 was patched at 2024-02-05, 2024-02-09, 2024-02-14

almalinux: CVE-2024-21626 was patched at 2024-02-02, 2024-02-08

ubuntu: CVE-2024-21626 was patched at 2024-01-31

4. Remote Code Execution - engrampa (CVE-2023-52138) - Critical [642]

Description: Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.

debian: CVE-2023-52138 was patched at 2024-02-16, unknown date

5. Authentication Bypass - Sudo (CVE-2023-42465) - Critical [634]

Description: Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

debian: CVE-2023-42465 was patched at unknown date

redhat: CVE-2023-42465 was patched at 2024-02-14

oraclelinux: CVE-2023-42465 was patched at 2024-02-14

almalinux: CVE-2023-42465 was patched at 2024-02-14

6. Command Injection - atril (CVE-2023-51698) - Critical [625]

Description: Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.

debian: CVE-2023-51698 was patched at unknown date

redos: CVE-2023-51698 was patched at 2024-01-23

7. Information Disclosure - GnuTLS (CVE-2024-0553) - Critical [624]

Description: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

debian: CVE-2024-0553 was patched at unknown date

redhat: CVE-2024-0553 was patched at 2024-01-29, 2024-01-31, 2024-02-13

oraclelinux: CVE-2024-0553 was patched at 2024-01-30, 2024-02-02, 2024-02-05

almalinux: CVE-2024-0553 was patched at 2024-01-29, 2024-01-31

ubuntu: CVE-2024-0553 was patched at 2024-01-22

8. Denial of Service - GNU C Library (CVE-2023-6779) - Critical [615]

Description: An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

debian: CVE-2023-6779 was patched at 2024-01-30, unknown date

ubuntu: CVE-2023-6779 was patched at 2024-02-01

9. Denial of Service - dnsmasq (CVE-2023-50387) - Critical [613]

Description: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

debian: CVE-2023-50387 was patched at 2024-02-14, 2024-02-18, unknown date

ubuntu: CVE-2023-50387 was patched at 2024-02-13, 2024-02-19

High (28)

10. Code Injection - Pillow (CVE-2023-50447) - High [589]

Description: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

debian: CVE-2023-50447 was patched at unknown date

redhat: CVE-2023-50447 was patched at 2024-02-08, 2024-02-19, 2024-02-20

oraclelinux: CVE-2023-50447 was patched at 2024-02-18, 2024-02-20

ubuntu: CVE-2023-50447 was patched at 2024-01-30

11. Security Feature Bypass - GnuTLS (CVE-2024-0567) - High [589]

Description: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

debian: CVE-2024-0567 was patched at unknown date

redhat: CVE-2024-0567 was patched at 2024-01-29

oraclelinux: CVE-2024-0567 was patched at 2024-01-30

almalinux: CVE-2024-0567 was patched at 2024-01-29

ubuntu: CVE-2024-0567 was patched at 2024-01-22

12. Security Feature Bypass - postfix (CVE-2023-51764) - High [589]

Description: Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

debian: CVE-2023-51764 was patched at unknown date

ubuntu: CVE-2023-51764 was patched at 2024-01-22, 2024-01-31

13. Denial of Service - Linux Kernel (CVE-2023-6610) - High [572]

Description: An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

debian: CVE-2023-6610 was patched at unknown date

redhat: CVE-2023-6610 was patched at 2024-02-07, 2024-02-20

14. Denial of Service - libtiff (CVE-2023-6277) - High [553]

Description: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

debian: CVE-2023-6277 was patched at unknown date

ubuntu: CVE-2023-6277 was patched at 2024-02-19

15. Elevation of Privilege - rpm (CVE-2021-35938) - High [532]

Description: A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

debian: CVE-2021-35938 was patched at unknown date

redhat: CVE-2021-35938 was patched at 2024-01-25, 2024-01-30, 2024-02-01

oraclelinux: CVE-2021-35938 was patched at 2024-01-25, 2024-02-02

almalinux: CVE-2021-35938 was patched at 2024-01-25, 2024-02-01

16. Elevation of Privilege - rpm (CVE-2021-35939) - High [532]

Description: It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

debian: CVE-2021-35939 was patched at unknown date

redhat: CVE-2021-35939 was patched at 2024-01-25, 2024-01-30, 2024-02-01

oraclelinux: CVE-2021-35939 was patched at 2024-01-25, 2024-02-02

almalinux: CVE-2021-35939 was patched at 2024-01-25, 2024-02-01

17. Incorrect Calculation - GNU C Library (CVE-2023-6780) - High [532]

Description: An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

debian: CVE-2023-6780 was patched at 2024-01-30, unknown date

ubuntu: CVE-2023-6780 was patched at 2024-02-01

18. Elevation of Privilege - rpm (CVE-2021-35937) - High [520]

Description: A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

debian: CVE-2021-35937 was patched at unknown date

redhat: CVE-2021-35937 was patched at 2024-01-25, 2024-01-30, 2024-02-01

oraclelinux: CVE-2021-35937 was patched at 2024-01-25, 2024-02-02

almalinux: CVE-2021-35937 was patched at 2024-01-25, 2024-02-01

19. Unknown Vulnerability Type - Node.js (CVE-2023-42282) - High [490]

Description: {'nvd_cve_data_all': 'The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.', 'combined_cve_data_all': ''}

debian: CVE-2023-42282 was patched at unknown date

ubuntu: CVE-2023-42282 was patched at 2024-02-19

20. Remote Code Execution - Safari (CVE-2024-23213) - High [478]

Description: The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.

debian: CVE-2024-23213 was patched at 2024-02-08, unknown date

ubuntu: CVE-2024-23213 was patched at 2024-02-12

21. Memory Corruption - tcpslice (CVE-2021-41043) - High [470]

Description: Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.

debian: CVE-2021-41043 was patched at unknown date

redhat: CVE-2021-41043 was patched at 2024-01-25, 2024-01-30, 2024-02-12

oraclelinux: CVE-2021-41043 was patched at 2024-02-13

almalinux: CVE-2021-41043 was patched at 2024-02-12

22. Remote Code Execution - Redis (CVE-2023-41056) - High [469]

Description: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

debian: CVE-2023-41056 was patched at 2024-01-29, unknown date

23. Remote Code Execution - Linux Kernel (CVE-2021-34866) - High [447]

Description: This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.

debian: CVE-2021-34866 was patched at unknown date

redhat: CVE-2021-34866 was patched at 2024-02-07

24. Remote Code Execution - libgit2 (CVE-2024-24577) - High [440]

Description: libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.

debian: CVE-2024-24577 was patched at 2024-02-09, unknown date

25. Security Feature Bypass - Mozilla Firefox (CVE-2024-0750) - High [436]

Description: A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

debian: CVE-2024-0750 was patched at 2024-01-24, unknown date

redhat: CVE-2024-0750 was patched at 2024-01-30, 2024-01-31

oraclelinux: CVE-2024-0750 was patched at 2024-01-30, 2024-01-31

almalinux: CVE-2024-0750 was patched at 2024-01-30

ubuntu: CVE-2024-0750 was patched at 2024-01-29

26. Remote Code Execution - JGit (CVE-2023-4759) - High [428]

Description: Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit maintainers would like to thank RyotaK for finding and reporting this issue.

debian: CVE-2023-4759 was patched at unknown date

redhat: CVE-2023-4759 was patched at 2024-02-07

27. Remote Code Execution - Slurm (CVE-2023-49937) - High [428]

Description: An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

debian: CVE-2023-49937 was patched at 2024-01-28, unknown date

28. Elevation of Privilege - Mozilla Firefox (CVE-2024-0751) - High [427]

Description: A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

debian: CVE-2024-0751 was patched at 2024-01-24, unknown date

redhat: CVE-2024-0751 was patched at 2024-01-30, 2024-01-31

oraclelinux: CVE-2024-0751 was patched at 2024-01-30, 2024-01-31

almalinux: CVE-2024-0751 was patched at 2024-01-30

ubuntu: CVE-2024-0751 was patched at 2024-01-29

29. Security Feature Bypass - Chromium (CVE-2024-0804) - High [425]

Description: Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2024-0804 was patched at 2024-01-24, unknown date

30. Denial of Service - Linux Kernel (CVE-2023-6356) - High [417]

Description: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

debian: CVE-2023-6356 was patched at unknown date

redhat: CVE-2023-6356 was patched at 2024-02-07, 2024-02-20

31. Denial of Service - Linux Kernel (CVE-2023-6535) - High [417]

Description: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

debian: CVE-2023-6535 was patched at unknown date

redhat: CVE-2023-6535 was patched at 2024-02-07, 2024-02-20

32. Denial of Service - Linux Kernel (CVE-2023-6536) - High [417]

Description: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

debian: CVE-2023-6536 was patched at unknown date

redhat: CVE-2023-6536 was patched at 2024-02-07, 2024-02-20

33. Denial of Service - Mozilla Firefox (CVE-2024-0745) - High [413]

Description: The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.

ubuntu: CVE-2024-0745 was patched at 2024-01-29

34. Security Feature Bypass - Chromium (CVE-2024-0814) - High [413]

Description: Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2024-0814 was patched at 2024-01-24, unknown date

35. Information Disclosure - Safari (CVE-2024-23206) - High [412]

Description: An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.

debian: CVE-2024-23206 was patched at 2024-02-08, unknown date

ubuntu: CVE-2024-23206 was patched at 2024-02-12

36. Elevation of Privilege - Linux Kernel (CVE-2024-0193) - High [408]

Description: A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.

debian: CVE-2024-0193 was patched at unknown date

ubuntu: CVE-2024-0193 was patched at 2024-01-25, 2024-01-26, 2024-01-30, 2024-02-06, 2024-02-09, 2024-02-14, 2024-02-15

37. Denial of Service - OpenSSL (CVE-2024-0727) - High [401]

Description: Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

debian: CVE-2024-0727 was patched at unknown date

ubuntu: CVE-2024-0727 was patched at 2024-02-05, 2024-02-13

Medium (105)

38. Elevation of Privilege - Linux Kernel (CVE-2023-5972) - Medium [397]

Description: A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.

ubuntu: CVE-2023-5972 was patched at 2024-02-07

39. Elevation of Privilege - Linux Kernel (CVE-2024-0646) - Medium [397]

Description: An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

debian: CVE-2024-0646 was patched at unknown date

redhat: CVE-2024-0646 was patched at 2024-02-07, 2024-02-15, 2024-02-20

ubuntu: CVE-2024-0646 was patched at 2024-02-15

40. Security Feature Bypass - Secure Boot (CVE-2023-48733) - Medium [389]

Description: An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

debian: CVE-2023-48733 was patched at 2024-02-14, unknown date

ubuntu: CVE-2023-48733 was patched at 2024-02-15

41. Denial of Service - Sudo (CVE-2023-7090) - Medium [382]

Description: A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.

debian: CVE-2023-7090 was patched at unknown date

redos: CVE-2023-7090 was patched at 2024-02-08

42. Incorrect Calculation - Chromium (CVE-2024-0808) - Medium [377]

Description: Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

debian: CVE-2024-0808 was patched at 2024-01-24, unknown date

43. Memory Corruption - Chromium (CVE-2024-1283) - Medium [377]

Description: Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2024-1283 was patched at 2024-02-08, unknown date

44. Memory Corruption - Chromium (CVE-2024-1284) - Medium [377]

Description: Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2024-1284 was patched at 2024-02-08, unknown date

45. Security Feature Bypass - Chromium (CVE-2024-0809) - Medium [377]

Description: Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2024-0809 was patched at 2024-01-24, unknown date

46. Denial of Service - BIND (CVE-2023-4408) - Medium [372]

Description: The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

debian: CVE-2023-4408 was patched at 2024-02-14, unknown date

ubuntu: CVE-2023-4408 was patched at 2024-02-13, 2024-02-19

47. Denial of Service - BIND (CVE-2023-5679) - Medium [372]

Description: A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

debian: CVE-2023-5679 was patched at 2024-02-14, unknown date

ubuntu: CVE-2023-5679 was patched at 2024-02-13

48. Denial of Service - Linux Kernel (CVE-2023-1838) - Medium [370]

Description: A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

debian: CVE-2023-1838 was patched at unknown date

redhat: CVE-2023-1838 was patched at 2024-01-25, 2024-01-30, 2024-02-20

49. Denial of Service - Linux Kernel (CVE-2024-0565) - Medium [370]

Description: An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

debian: CVE-2024-0565 was patched at unknown date

ubuntu: CVE-2024-0565 was patched at 2024-02-15

50. Denial of Service - Linux Kernel (CVE-2024-0607) - Medium [370]

Description: A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.

debian: CVE-2024-0607 was patched at unknown date

ubuntu: CVE-2024-0607 was patched at 2024-02-15

51. Authentication Bypass - GRUB2 (CVE-2023-4001) - Medium [365]

Description: An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

redhat: CVE-2023-4001 was patched at 2024-01-25

oraclelinux: CVE-2023-4001 was patched at 2024-01-25

almalinux: CVE-2023-4001 was patched at 2024-01-25

52. Denial of Service - Mozilla Firefox (CVE-2024-0741) - Medium [365]

Description: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

debian: CVE-2024-0741 was patched at 2024-01-24, unknown date

redhat: CVE-2024-0741 was patched at 2024-01-30, 2024-01-31

oraclelinux: CVE-2024-0741 was patched at 2024-01-30, 2024-01-31

almalinux: CVE-2024-0741 was patched at 2024-01-30

ubuntu: CVE-2024-0741 was patched at 2024-01-29

53. Denial of Service - Mozilla Firefox (CVE-2024-0743) - Medium [365]

Description: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122.

debian: CVE-2024-0743 was patched at unknown date

ubuntu: CVE-2024-0743 was patched at 2024-01-29

54. Denial of Service - Mozilla Firefox (CVE-2024-0746) - Medium [365]

Description: A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

debian: CVE-2024-0746 was patched at 2024-01-24, unknown date

redhat: CVE-2024-0746 was patched at 2024-01-30, 2024-01-31

oraclelinux: CVE-2024-0746 was patched at 2024-01-30, 2024-01-31

almalinux: CVE-2024-0746 was patched at 2024-01-30

ubuntu: CVE-2024-0746 was patched at 2024-01-29

55. Denial of Service - OpenSSL (CVE-2023-6129) - Medium [365]

Description: Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.

debian: CVE-2023-6129 was patched at unknown date

ubuntu: CVE-2023-6129 was patched at 2024-02-05

56. Memory Corruption - Chromium (CVE-2024-0806) - Medium [365]

Description: Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

debian: CVE-2024-0806 was patched at 2024-01-24, unknown date

57. Memory Corruption - Chromium (CVE-2024-0807) - Medium [365]

Description: Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2024-0807 was patched at 2024-01-24, unknown date

58. Memory Corruption - Chromium (CVE-2024-1059) - Medium [365]

Description: Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2024-1059 was patched at 2024-02-01, unknown date

59. Memory Corruption - Chromium (CVE-2024-1060) - Medium [365]

Description: Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2024-1060 was patched at 2024-02-01, unknown date

60. Memory Corruption - Chromium (CVE-2024-1077) - Medium [365]

Description: Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

debian: CVE-2024-1077 was patched at 2024-02-01, unknown date

61. Memory Corruption - Mozilla Firefox (CVE-2024-0755) - Medium [365]

Description: Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

debian: CVE-2024-0755 was patched at 2024-01-24, unknown date

redhat: CVE-2024-0755 was patched at 2024-01-30, 2024-01-31

oraclelinux: CVE-2024-0755 was patched at 2024-01-30, 2024-01-31

almalinux: CVE-2024-0755 was patched at 2024-01-30

ubuntu: CVE-2024-0755 was patched at 2024-01-29

62. Security Feature Bypass - Chromium (CVE-2024-0810) - Medium [365]

Description: Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)

debian: CVE-2024-0810 was patched at 2024-01-24, unknown date

63. Security Feature Bypass - Chromium (CVE-2024-0811) - Medium [365]

Description: Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

debian: CVE-2024-0811 was patched at 2024-01-24, unknown date

64. Security Feature Bypass - Mozilla Firefox (CVE-2024-0749) - Medium [365]

Description: A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.

debian: CVE-2024-0749 was patched at 2024-01-24, unknown date

redhat: CVE-2024-0749 was patched at 2024-01-30, 2024-01-31

oraclelinux: CVE-2024-0749 was patched at 2024-01-30, 2024-01-31

almalinux: CVE-2024-0749 was patched at 2024-01-30

ubuntu: CVE-2024-0749 was patched at 2024-01-29

65. Denial of Service - libtiff (CVE-2023-52356) - Medium [363]

Description: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

debian: CVE-2023-52356 was patched at unknown date

ubuntu: CVE-2023-52356 was patched at 2024-02-19

66. Security Feature Bypass - Slurm (CVE-2023-49933) - Medium [363]

Description: An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

debian: CVE-2023-49933 was patched at 2024-01-28, unknown date

67. Security Feature Bypass - Slurm (CVE-2023-49938) - Medium [363]

Description: An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.

debian: CVE-2023-49938 was patched at 2024-01-28, unknown date

68. Information Disclosure - Go (CVE-2023-45287) - Medium [362]

Description: Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.

debian: CVE-2023-45287 was patched at unknown date

redhat: CVE-2023-45287 was patched at 2024-02-08

oraclelinux: CVE-2023-45287 was patched at 2024-02-14

almalinux: CVE-2023-45287 was patched at 2024-02-08

69. Denial of Service - .NET (CVE-2024-21386) - Medium [360]

Description: .NET Denial of Service Vulnerability

redhat: CVE-2024-21386 was patched at 2024-02-13, 2024-02-14, 2024-02-15

oraclelinux: CVE-2024-21386 was patched at 2024-02-15, 2024-02-16, 2024-02-21

almalinux: CVE-2024-21386 was patched at 2024-02-13, 2024-02-15

ubuntu: CVE-2024-21386 was patched at 2024-02-13

70. Denial of Service - .NET (CVE-2024-21404) - Medium [360]

Description: .NET Denial of Service Vulnerability

redhat: CVE-2024-21404 was patched at 2024-02-13, 2024-02-14, 2024-02-15

oraclelinux: CVE-2024-21404 was patched at 2024-02-15, 2024-02-16, 2024-02-21

almalinux: CVE-2024-21404 was patched at 2024-02-13, 2024-02-15

ubuntu: CVE-2024-21404 was patched at 2024-02-13

71. Denial of Service - Linux Kernel (CVE-2023-6679) - Medium [358]

Description: A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.

redhat: CVE-2023-6679 was patched at 2024-01-25

oraclelinux: CVE-2023-6679 was patched at 2024-02-09

72. Denial of Service - Linux Kernel (CVE-2023-7192) - Medium [358]

Description: A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

debian: CVE-2023-7192 was patched at unknown date

redhat: CVE-2023-7192 was patched at 2024-02-07

ubuntu: CVE-2023-7192 was patched at 2024-02-20, 2024-02-21

73. Denial of Service - Linux Kernel (CVE-2024-0641) - Medium [358]

Description: A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

debian: CVE-2024-0641 was patched at unknown date

ubuntu: CVE-2024-0641 was patched at 2024-02-07, 2024-02-08, 2024-02-09, 2024-02-14, 2024-02-15

74. Command Injection - Puma (CVE-2024-21647) - Medium [356]

Description: Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.

debian: CVE-2024-21647 was patched at unknown date

ubuntu: CVE-2024-21647 was patched at 2024-01-25

75. Memory Corruption - Chromium (CVE-2024-0813) - Medium [353]

Description: Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

debian: CVE-2024-0813 was patched at 2024-01-24, unknown date

76. Denial of Service - edk2 (CVE-2023-45232) - Medium [351]

Description: EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

debian: CVE-2023-45232 was patched at unknown date

ubuntu: CVE-2023-45232 was patched at 2024-02-15

77. Information Disclosure - pycryptodome (CVE-2023-52323) - Medium [350]

Description: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

debian: CVE-2023-52323 was patched at unknown date

ubuntu: CVE-2023-52323 was patched at 2024-01-23

78. Memory Corruption - Linux Kernel (CVE-2024-0562) - Medium [346]

Description: A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.

debian: CVE-2024-0562 was patched at unknown date

redhat: CVE-2024-0562 was patched at 2024-01-25

79. Memory Corruption - Linux Kernel (CVE-2024-22705) - Medium [346]

Description: An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.

debian: CVE-2024-22705 was patched at unknown date

ubuntu: CVE-2024-22705 was patched at 2024-02-15

80. Denial of Service - Secure Endpoint (CVE-2024-20290) - Medium [339]

Description: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .

debian: CVE-2024-20290 was patched at unknown date

ubuntu: CVE-2024-20290 was patched at 2024-02-14

81. Denial of Service - Zstandard (CVE-2022-4899) - Medium [339]

Description: A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

debian: CVE-2022-4899 was patched at unknown date

redhat: CVE-2022-4899 was patched at 2024-02-20

82. Denial of Service - edk2 (CVE-2023-45233) - Medium [339]

Description: EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

debian: CVE-2023-45233 was patched at unknown date

ubuntu: CVE-2023-45233 was patched at 2024-02-15

83. Memory Corruption - XTERM (CVE-2023-40359) - Medium [339]

Description: xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature.

debian: CVE-2023-40359 was patched at unknown date

redos: CVE-2023-40359 was patched at 2024-02-01

84. Denial of Service - Oracle MySQL (CVE-2024-20960) - Medium [336]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

redhat: CVE-2024-20960 was patched at 2024-02-20

ubuntu: CVE-2024-20960 was patched at 2024-01-30

85. Denial of Service - Oracle MySQL (CVE-2024-20961) - Medium [336]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

redhat: CVE-2024-20961 was patched at 2024-02-20

ubuntu: CVE-2024-20961 was patched at 2024-01-30

86. Denial of Service - Oracle MySQL (CVE-2024-20962) - Medium [336]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

redhat: CVE-2024-20962 was patched at 2024-02-20

ubuntu: CVE-2024-20962 was patched at 2024-01-30

87. Denial of Service - Oracle MySQL (CVE-2024-20963) - Medium [336]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

redhat: CVE-2024-20963 was patched at 2024-02-20

ubuntu: CVE-2024-20963 was patched at 2024-01-30

88. Denial of Service - Oracle MySQL (CVE-2024-20973) - Medium [336]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

redhat: CVE-2024-20973 was patched at 2024-02-20

ubuntu: CVE-2024-20973 was patched at 2024-01-30

89. Denial of Service - Oracle MySQL (CVE-2024-20977) - Medium [336]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

redhat: CVE-2024-20977 was patched at 2024-02-20

ubuntu: CVE-2024-20977 was patched at 2024-01-30

90. Denial of Service - Oracle MySQL (CVE-2024-20985) - Medium [336]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

redhat: CVE-2024-20985 was patched at 2024-02-20

ubuntu: CVE-2024-20985 was patched at 2024-01-30

91. Memory Corruption - AMD Processor (CVE-2023-20592) - Medium [334]

Description: Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

debian: CVE-2023-20592 was patched at unknown date

redhat: CVE-2023-20592 was patched at 2024-02-09

92. Cross Site Scripting - jinja (CVE-2024-22195) - Medium [333]

Description: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

debian: CVE-2024-22195 was patched at unknown date

ubuntu: CVE-2024-22195 was patched at 2024-01-25

93. Memory Corruption - Mozilla Firefox (CVE-2024-0744) - Medium [329]

Description: In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.

ubuntu: CVE-2024-0744 was patched at 2024-01-29

94. Denial of Service - Pillow (CVE-2023-44271) - Medium [327]

Description: An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

debian: CVE-2023-44271 was patched at unknown date

redhat: CVE-2023-44271 was patched at 2024-01-23

oraclelinux: CVE-2023-44271 was patched at 2024-01-23

ubuntu: CVE-2023-44271 was patched at 2024-01-30

95. Denial of Service - Slurm (CVE-2023-49936) - Medium [327]

Description: An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

debian: CVE-2023-49936 was patched at 2024-01-28, unknown date

96. Denial of Service - django (CVE-2024-24680) - Medium [327]

Description: An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

debian: CVE-2024-24680 was patched at unknown date

ubuntu: CVE-2024-24680 was patched at 2024-02-06

97. Denial of Service - Oracle MySQL (CVE-2024-20965) - Medium [324]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

redhat: CVE-2024-20965 was patched at 2024-02-20

ubuntu: CVE-2024-20965 was patched at 2024-01-30

98. Denial of Service - Oracle MySQL (CVE-2024-20967) - Medium [324]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

redhat: CVE-2024-20967 was patched at 2024-02-20

ubuntu: CVE-2024-20967 was patched at 2024-01-30

99. Denial of Service - Oracle MySQL (CVE-2024-20969) - Medium [324]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

redhat: CVE-2024-20969 was patched at 2024-02-20

ubuntu: CVE-2024-20969 was patched at 2024-01-30

100. Memory Corruption - Linux Kernel (CVE-2023-46343) - Medium [322]

Description: In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.