[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 17 09:12:07 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
39cb9062 by security tracker role at 2024-07-17T08:11:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,34 +1,258 @@
-CVE-2024-41010 [bpf: Fix too early release of tcx_entry]
+CVE-2024-6808 (A vulnerability was found in itsourcecode Simple Task List 1.0. It has ...)
+ TODO: check
+CVE-2024-6807 (A vulnerability was found in SourceCodester Student Study Center Desk ...)
+ TODO: check
+CVE-2024-6803 (A vulnerability has been found in itsourcecode Document Management Sys ...)
+ TODO: check
+CVE-2024-6802 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2024-6801 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2024-6669 (The AI ChatBot for WordPress \u2013 WPBot plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-6660 (The BookingPress \u2013 Appointment Booking Calendar Plugin and Online ...)
+ TODO: check
+CVE-2024-6535 (A flaw was found in Skupper. When Skupper is initialized with the cons ...)
+ TODO: check
+CVE-2024-6467 (The BookingPress \u2013 Appointment Booking Calendar Plugin and Online ...)
+ TODO: check
+CVE-2024-6395 (An exposure of sensitive information vulnerability in GitHub Enterpris ...)
+ TODO: check
+CVE-2024-6336 (A Security Misconfiguration vulnerability in GitHub Enterprise Server ...)
+ TODO: check
+CVE-2024-6220 (The \u7b80\u6570\u91c7\u96c6\u5668 (Keydatas) plugin for WordPress is ...)
+ TODO: check
+CVE-2024-6033 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
+ TODO: check
+CVE-2024-5817 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...)
+ TODO: check
+CVE-2024-5816 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...)
+ TODO: check
+CVE-2024-5815 (A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server ...)
+ TODO: check
+CVE-2024-5795 (A Denial of Service vulnerability was identified in GitHub Enterprise ...)
+ TODO: check
+CVE-2024-5703 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...)
+ TODO: check
+CVE-2024-5582 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-5566 (An improper privilege management vulnerability allowed users to migrat ...)
+ TODO: check
+CVE-2024-5500 (Inappropriate implementation in Sign-In in Google Chrome prior to 1.3. ...)
+ TODO: check
+CVE-2024-5255 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-5254 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-5253 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-5252 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-5251 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-40637 (dbt enables data analysts and engineers to transform their data using ...)
+ TODO: check
+CVE-2024-40536 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovere ...)
+ TODO: check
+CVE-2024-40535 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...)
+ TODO: check
+CVE-2024-3176 (Out of bounds write in SwiftShader in Google Chrome prior to 117.0.593 ...)
+ TODO: check
+CVE-2024-3175 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...)
+ TODO: check
+CVE-2024-3174 (Inappropriate implementation in V8 in Google Chrome prior to 119.0.604 ...)
+ TODO: check
+CVE-2024-3173 (Insufficient data validation in Updater in Google Chrome prior to 120. ...)
+ TODO: check
+CVE-2024-3172 (Insufficient data validation in DevTools in Google Chrome prior to 121 ...)
+ TODO: check
+CVE-2024-3171 (Use after free in Accessibility in Google Chrome prior to 122.0.6261.5 ...)
+ TODO: check
+CVE-2024-3170 (Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allow ...)
+ TODO: check
+CVE-2024-3169 (Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed ...)
+ TODO: check
+CVE-2024-3168 (Use after free in DevTools in Google Chrome prior to 122.0.6261.57 all ...)
+ TODO: check
+CVE-2024-39877 (Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability t ...)
+ TODO: check
+CVE-2024-39863 (Apache Airflow versions before 2.9.3 have a vulnerability that allows ...)
+ TODO: check
+CVE-2024-2884 (Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allo ...)
+ TODO: check
+CVE-2024-21687 (This High severity File Inclusion vulnerability was introduced in vers ...)
+ TODO: check
+CVE-2024-21188 (Vulnerability in the Oracle Financial Services Revenue Management and ...)
+ TODO: check
+CVE-2024-21185 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21184 (Vulnerability in the Oracle Database RDBMS Security component of Oracl ...)
+ TODO: check
+CVE-2024-21183 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2024-21182 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2024-21181 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2024-21180 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2024-21179 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21178 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2024-21177 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21176 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21175 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2024-21174 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
+ TODO: check
+CVE-2024-21173 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21171 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21170 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ TODO: check
+CVE-2024-21169 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ TODO: check
+CVE-2024-21168 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...)
+ TODO: check
+CVE-2024-21167 (Vulnerability in the Oracle Trading Community product of Oracle E-Busi ...)
+ TODO: check
+CVE-2024-21166 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21165 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21164 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21163 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21162 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21161 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21160 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21159 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21158 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2024-21157 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21155 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+ TODO: check
+CVE-2024-21154 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
+ TODO: check
+CVE-2024-21153 (Vulnerability in the Oracle Process Manufacturing Product Development ...)
+ TODO: check
+CVE-2024-21152 (Vulnerability in the Oracle Process Manufacturing Financials product o ...)
+ TODO: check
+CVE-2024-21151 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2024-21150 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2024-21149 (Vulnerability in the Oracle Enterprise Asset Management product of Ora ...)
+ TODO: check
+CVE-2024-21148 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ TODO: check
+CVE-2024-21147 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2024-21146 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ TODO: check
+CVE-2024-21145 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2024-21144 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ TODO: check
+CVE-2024-21143 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ TODO: check
+CVE-2024-21142 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21141 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21140 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2024-21139 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2024-21138 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2024-21137 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21136 (Vulnerability in the Oracle Retail Xstore Office product of Oracle Ret ...)
+ TODO: check
+CVE-2024-21135 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21134 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21133 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...)
+ TODO: check
+CVE-2024-21132 (Vulnerability in the Oracle Purchasing product of Oracle E-Business Su ...)
+ TODO: check
+CVE-2024-21131 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2024-21130 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21129 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21128 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ TODO: check
+CVE-2024-21127 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21126 (Vulnerability in the Oracle Database Portable Clusterware component of ...)
+ TODO: check
+CVE-2024-21125 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21123 (Vulnerability in the Oracle Database Core component of Oracle Database ...)
+ TODO: check
+CVE-2024-21122 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components produ ...)
+ TODO: check
+CVE-2024-20996 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-7013 (Inappropriate implementation in Compositing in Google Chrome prior to ...)
+ TODO: check
+CVE-2023-7012 (Insufficient data validation in Permission Prompts in Google Chrome pr ...)
+ TODO: check
+CVE-2023-7011 (Inappropriate implementation in Picture in Picture in Google Chrome pr ...)
+ TODO: check
+CVE-2023-7010 (Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allow ...)
+ TODO: check
+CVE-2023-4860 (Inappropriate implementation in Skia in Google Chrome prior to 115.0.5 ...)
+ TODO: check
+CVE-2020-36765 (Insufficient policy enforcement in Navigation in Google Chrome prior t ...)
+ TODO: check
+CVE-2019-25154 (Inappropriate implementation in iframe in Google Chrome prior to 77.0. ...)
+ TODO: check
+CVE-2024-41010 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1cb6f0bae50441f4b4b32a28315853b279c7404e (6.10)
-CVE-2024-41009 [bpf: Fix overrunning reservations in ringbuf]
+CVE-2024-41009 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.8-1
[bookworm] - linux 6.1.98-1
NOTE: https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)
-CVE-2024-6779
+CVE-2024-6779 (Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478 ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6778
+CVE-2024-6778 (Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an a ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6777
+CVE-2024-6777 (Use after free in Navigation in Google Chrome prior to 126.0.6478.182 ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6776
+CVE-2024-6776 (Use after free in Audio in Google Chrome prior to 126.0.6478.182 allow ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6775
+CVE-2024-6775 (Use after free in Media Stream in Google Chrome prior to 126.0.6478.18 ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6774
+CVE-2024-6774 (Use after free in Screen Capture in Google Chrome prior to 126.0.6478. ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6773
+CVE-2024-6773 (Inappropriate implementation in V8 in Google Chrome prior to 126.0.647 ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-6772
+CVE-2024-6772 (Inappropriate implementation in V8 in Google Chrome prior to 126.0.647 ...)
- chromium 126.0.6478.182-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6621 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...)
@@ -1757,7 +1981,7 @@ CVE-2024-5528
CVE-2024-2880 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
[experimental] - gitlab 16.11.6-1
- gitlab <unfixed>
-CVE-2024-6595
+CVE-2024-6595 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
[experimental] - gitlab 16.11.6-1
- gitlab <unfixed>
CVE-2024-5470 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
@@ -159920,8 +160144,8 @@ CVE-2022-35642 ("IBM InfoSphere Information Server 11.7 is vulnerable to cross-s
NOT-FOR-US: IBM
CVE-2022-35641
RESERVED
-CVE-2022-35640
- RESERVED
+CVE-2022-35640 (IBM Sterling Partner Engagement Manager 6.2.2 could allow a local atta ...)
+ TODO: check
CVE-2022-35639 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do no ...)
NOT-FOR-US: IBM
CVE-2022-35638 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...)
@@ -290450,8 +290674,8 @@ CVE-2020-25838 (Unauthorized disclosure of sensitive information vulnerability i
NOT-FOR-US: Micro Focus
CVE-2020-25837 (Sensitive information disclosure vulnerability in Micro Focus Self Ser ...)
NOT-FOR-US: Micro Focus
-CVE-2020-25836
- RESERVED
+CVE-2020-25836 (Exposure of Sensitive Information to an Unauthorized Access vulnerabil ...)
+ TODO: check
CVE-2020-25835 (A potential vulnerability has been identified in Micro Focus ArcSight ...)
NOT-FOR-US: Micro Focus ArcSight Management Center
CVE-2020-25834 (Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger prod ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39cb90622a719fe684a65484bac97c538dfefe10
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39cb90622a719fe684a65484bac97c538dfefe10
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240717/b991ec97/attachment.htm>
More information about the debian-security-tracker-commits
mailing list