Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
39cb9062 by security tracker role at 2024-07-17T08:11:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,34 +1,258 @@
-CVE-2024-41010 [bpf: Fix too early release of tcx_entry]
+CVE-2024-6808 (A vulnerability was found in itsourcecode Simple Task List 1.0.
It has ...)
+ TODO: check
+CVE-2024-6807 (A vulnerability was found in SourceCodester Student Study
Center Desk ...)
+ TODO: check
+CVE-2024-6803 (A vulnerability has been found in itsourcecode Document
Management Sys ...)
+ TODO: check
+CVE-2024-6802 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-6801 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-6669 (The AI ChatBot for WordPress \u2013 WPBot plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-6660 (The BookingPress \u2013 Appointment Booking Calendar Plugin and
Online ...)
+ TODO: check
+CVE-2024-6535 (A flaw was found in Skupper. When Skupper is initialized with
the cons ...)
+ TODO: check
+CVE-2024-6467 (The BookingPress \u2013 Appointment Booking Calendar Plugin and
Online ...)
+ TODO: check
+CVE-2024-6395 (An exposure of sensitive information vulnerability in GitHub
Enterpris ...)
+ TODO: check
+CVE-2024-6336 (A Security Misconfiguration vulnerability in GitHub Enterprise
Server ...)
+ TODO: check
+CVE-2024-6220 (The \u7b80\u6570\u91c7\u96c6\u5668 (Keydatas) plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-6033 (The Event Manager, Events Calendar, Tickets, Registrations
\u2013 Even ...)
+ TODO: check
+CVE-2024-5817 (An Incorrect Authorization vulnerability was identified in
GitHub Ente ...)
+ TODO: check
+CVE-2024-5816 (An Incorrect Authorization vulnerability was identified in
GitHub Ente ...)
+ TODO: check
+CVE-2024-5815 (A Cross-Site Request Forgery vulnerability in GitHub Enterprise
Server ...)
+ TODO: check
+CVE-2024-5795 (A Denial of Service vulnerability was identified in GitHub
Enterprise ...)
+ TODO: check
+CVE-2024-5703 (The Email Subscribers by Icegram Express \u2013 Email
Marketing, Newsl ...)
+ TODO: check
+CVE-2024-5582 (The Schema & Structured Data for WP & AMP plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-5566 (An improper privilege management vulnerability allowed users to
migrat ...)
+ TODO: check
+CVE-2024-5500 (Inappropriate implementation in Sign-In in Google Chrome prior
to 1.3. ...)
+ TODO: check
+CVE-2024-5255 (The Ultimate Addons for WPBakery plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-5254 (The Ultimate Addons for WPBakery plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-5253 (The Ultimate Addons for WPBakery plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-5252 (The Ultimate Addons for WPBakery plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-5251 (The Ultimate Addons for WPBakery plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-40637 (dbt enables data analysts and engineers to transform their
data using ...)
+ TODO: check
+CVE-2024-40536 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were
discovere ...)
+ TODO: check
+CVE-2024-40535 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was
discovered ...)
+ TODO: check
+CVE-2024-3176 (Out of bounds write in SwiftShader in Google Chrome prior to
117.0.593 ...)
+ TODO: check
+CVE-2024-3175 (Insufficient data validation in Extensions in Google Chrome
prior to 1 ...)
+ TODO: check
+CVE-2024-3174 (Inappropriate implementation in V8 in Google Chrome prior to
119.0.604 ...)
+ TODO: check
+CVE-2024-3173 (Insufficient data validation in Updater in Google Chrome prior
to 120. ...)
+ TODO: check
+CVE-2024-3172 (Insufficient data validation in DevTools in Google Chrome prior
to 121 ...)
+ TODO: check
+CVE-2024-3171 (Use after free in Accessibility in Google Chrome prior to
122.0.6261.5 ...)
+ TODO: check
+CVE-2024-3170 (Use after free in WebRTC in Google Chrome prior to
121.0.6167.85 allow ...)
+ TODO: check
+CVE-2024-3169 (Use after free in V8 in Google Chrome prior to 121.0.6167.139
allowed ...)
+ TODO: check
+CVE-2024-3168 (Use after free in DevTools in Google Chrome prior to
122.0.6261.57 all ...)
+ TODO: check
+CVE-2024-39877 (Apache Airflow 2.4.0, and versions before 2.9.3, has a
vulnerability t ...)
+ TODO: check
+CVE-2024-39863 (Apache Airflow versions before 2.9.3 have a vulnerability that
allows ...)
+ TODO: check
+CVE-2024-2884 (Out of bounds read in V8 in Google Chrome prior to
121.0.6167.139 allo ...)
+ TODO: check
+CVE-2024-21687 (This High severity File Inclusion vulnerability was introduced
in vers ...)
+ TODO: check
+CVE-2024-21188 (Vulnerability in the Oracle Financial Services Revenue
Management and ...)
+ TODO: check
+CVE-2024-21185 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21184 (Vulnerability in the Oracle Database RDBMS Security component
of Oracl ...)
+ TODO: check
+CVE-2024-21183 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2024-21182 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2024-21181 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2024-21180 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2024-21179 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21178 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2024-21177 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21176 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21175 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2024-21174 (Vulnerability in the Java VM component of Oracle Database
Server. Sup ...)
+ TODO: check
+CVE-2024-21173 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21171 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21170 (Vulnerability in the MySQL Connectors product of Oracle MySQL
(compone ...)
+ TODO: check
+CVE-2024-21169 (Vulnerability in the Oracle Marketing product of Oracle
E-Business Sui ...)
+ TODO: check
+CVE-2024-21168 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator
product of ...)
+ TODO: check
+CVE-2024-21167 (Vulnerability in the Oracle Trading Community product of
Oracle E-Busi ...)
+ TODO: check
+CVE-2024-21166 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21165 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21164 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21163 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21162 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21161 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21160 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21159 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21158 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2024-21157 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21155 (Vulnerability in the Oracle ZFS Storage Appliance Kit product
of Oracl ...)
+ TODO: check
+CVE-2024-21154 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources
product ...)
+ TODO: check
+CVE-2024-21153 (Vulnerability in the Oracle Process Manufacturing Product
Development ...)
+ TODO: check
+CVE-2024-21152 (Vulnerability in the Oracle Process Manufacturing Financials
product o ...)
+ TODO: check
+CVE-2024-21151 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2024-21150 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2024-21149 (Vulnerability in the Oracle Enterprise Asset Management
product of Ora ...)
+ TODO: check
+CVE-2024-21148 (Vulnerability in the Oracle Applications Framework product of
Oracle E ...)
+ TODO: check
+CVE-2024-21147 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2024-21146 (Vulnerability in the Oracle Trade Management product of Oracle
E-Busin ...)
+ TODO: check
+CVE-2024-21145 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2024-21144 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ TODO: check
+CVE-2024-21143 (Vulnerability in the Oracle iStore product of Oracle
E-Business Suite ...)
+ TODO: check
+CVE-2024-21142 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21141 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21140 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2024-21139 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2024-21138 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2024-21137 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21136 (Vulnerability in the Oracle Retail Xstore Office product of
Oracle Ret ...)
+ TODO: check
+CVE-2024-21135 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21134 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21133 (Vulnerability in the Oracle Reports Developer product of
Oracle Fusion ...)
+ TODO: check
+CVE-2024-21132 (Vulnerability in the Oracle Purchasing product of Oracle
E-Business Su ...)
+ TODO: check
+CVE-2024-21131 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2024-21130 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21129 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21128 (Vulnerability in the Oracle Application Object Library product
of Orac ...)
+ TODO: check
+CVE-2024-21127 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21126 (Vulnerability in the Oracle Database Portable Clusterware
component of ...)
+ TODO: check
+CVE-2024-21125 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21123 (Vulnerability in the Oracle Database Core component of Oracle
Database ...)
+ TODO: check
+CVE-2024-21122 (Vulnerability in the PeopleSoft Enterprise HCM Shared
Components produ ...)
+ TODO: check
+CVE-2024-20996 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2023-7013 (Inappropriate implementation in Compositing in Google Chrome
prior to ...)
+ TODO: check
+CVE-2023-7012 (Insufficient data validation in Permission Prompts in Google
Chrome pr ...)
+ TODO: check
+CVE-2023-7011 (Inappropriate implementation in Picture in Picture in Google
Chrome pr ...)
+ TODO: check
+CVE-2023-7010 (Use after free in WebRTC in Google Chrome prior to
117.0.5938.62 allow ...)
+ TODO: check
+CVE-2023-4860 (Inappropriate implementation in Skia in Google Chrome prior to
115.0.5 ...)
+ TODO: check
+CVE-2020-36765 (Insufficient policy enforcement in Navigation in Google Chrome
prior t ...)
+ TODO: check
+CVE-2019-25154 (Inappropriate implementation in iframe in Google Chrome prior
to 77.0. ...)
+ TODO: check
+CVE-2024-41010 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1cb6f0bae50441f4b4b32a28315853b279c7404e (6.10)
-CVE-2024-41009 [bpf: Fix overrunning reservations in ringbuf]
+CVE-2024-41009 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.9.8-1
[bookworm] - linux 6.1.98-1
NOTE:
https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)
-CVE-2024-6779
+CVE-2024-6779 (Out of bounds memory access in V8 in Google Chrome prior to
126.0.6478 ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6778
+CVE-2024-6778 (Race in DevTools in Google Chrome prior to 126.0.6478.182
allowed an a ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6777
+CVE-2024-6777 (Use after free in Navigation in Google Chrome prior to
126.0.6478.182 ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6776
+CVE-2024-6776 (Use after free in Audio in Google Chrome prior to
126.0.6478.182 allow ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6775
+CVE-2024-6775 (Use after free in Media Stream in Google Chrome prior to
126.0.6478.18 ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6774
+CVE-2024-6774 (Use after free in Screen Capture in Google Chrome prior to
126.0.6478. ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6773
+CVE-2024-6773 (Inappropriate implementation in V8 in Google Chrome prior to
126.0.647 ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6772
+CVE-2024-6772 (Inappropriate implementation in V8 in Google Chrome prior to
126.0.647 ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6621 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post,
and Au ...)
@@ -1757,7 +1981,7 @@ CVE-2024-5528
CVE-2024-2880 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
[experimental] - gitlab 16.11.6-1
- gitlab <unfixed>
-CVE-2024-6595
+CVE-2024-6595 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
[experimental] - gitlab 16.11.6-1
- gitlab <unfixed>
CVE-2024-5470 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
@@ -159920,8 +160144,8 @@ CVE-2022-35642 ("IBM InfoSphere Information Server
11.7 is vulnerable to cross-s
NOT-FOR-US: IBM
CVE-2022-35641
RESERVED
-CVE-2022-35640
- RESERVED
+CVE-2022-35640 (IBM Sterling Partner Engagement Manager 6.2.2 could allow a
local atta ...)
+ TODO: check
CVE-2022-35639 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud
22.2 do no ...)
NOT-FOR-US: IBM
CVE-2022-35638 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.0.3.8 a ...)
@@ -290450,8 +290674,8 @@ CVE-2020-25838 (Unauthorized disclosure of sensitive
information vulnerability i
NOT-FOR-US: Micro Focus
CVE-2020-25837 (Sensitive information disclosure vulnerability in Micro Focus
Self Ser ...)
NOT-FOR-US: Micro Focus
-CVE-2020-25836
- RESERVED
+CVE-2020-25836 (Exposure of Sensitive Information to an Unauthorized Access
vulnerabil ...)
+ TODO: check
CVE-2020-25835 (A potential vulnerability has been identified in Micro Focus
ArcSight ...)
NOT-FOR-US: Micro Focus ArcSight Management Center
CVE-2020-25834 (Cross-Site Scripting vulnerability on Micro Focus ArcSight
Logger prod ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39cb90622a719fe684a65484bac97c538dfefe10
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39cb90622a719fe684a65484bac97c538dfefe10
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
