ISHACK AI BOT

Oracle Linux: CVE-2024-7524: ELSA-2024-5322:firefox security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 08/06/2024 Created 10/18/2024 Added 10/16/2024 Modified 12/20/2024 Description Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection.On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. The Mozilla Foundation Security Advisory describes this flaw as: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection.On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2024-7524 CVE - 2024-7524 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5324

Gentoo Linux: CVE-2024-6997: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-6997 CVE - 2024-6997 202501-09

Gentoo Linux: CVE-2024-7004: QtWebEngine: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-7004 CVE - 2024-7004 202501-09

Gentoo Linux: CVE-2024-7532: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-7532 CVE - 2024-7532 202501-09

Gentoo Linux: CVE-2024-7531: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7531 CVE - 2024-7531 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-6994: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-6994 CVE - 2024-6994 202501-09

Gentoo Linux: CVE-2024-7529: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7529 CVE - 2024-7529 202412-04 202412-06 202412-13

Rocky Linux: CVE-2024-7383: libnbd (RLSA-2024-6757) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/05/2024 Created 10/03/2024 Added 10/02/2024 Modified 11/18/2024 Description A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic. Solution(s) rocky-upgrade-libnbd rocky-upgrade-libnbd-debuginfo rocky-upgrade-libnbd-debugsource rocky-upgrade-libnbd-devel rocky-upgrade-nbdfuse rocky-upgrade-nbdfuse-debuginfo rocky-upgrade-ocaml-libnbd rocky-upgrade-ocaml-libnbd-debuginfo rocky-upgrade-ocaml-libnbd-devel rocky-upgrade-python3-libnbd rocky-upgrade-python3-libnbd-debuginfo References https://attackerkb.com/topics/cve-2024-7383 CVE - 2024-7383 https://errata.rockylinux.org/RLSA-2024:6757

SUSE: CVE-2024-7383: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/05/2024 Created 08/08/2024 Added 08/07/2024 Modified 08/07/2024 Description A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic. Solution(s) suse-upgrade-libnbd suse-upgrade-libnbd-bash-completion suse-upgrade-libnbd-devel suse-upgrade-libnbd0 suse-upgrade-nbdfuse suse-upgrade-python3-libnbd References https://attackerkb.com/topics/cve-2024-7383 CVE - 2024-7383

SUSE: CVE-2024-7409: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/05/2024 Created 08/22/2024 Added 08/21/2024 Modified 12/30/2024 Description A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. Solution(s) suse-upgrade-qemu suse-upgrade-qemu-accel-qtest suse-upgrade-qemu-accel-tcg-x86 suse-upgrade-qemu-arm suse-upgrade-qemu-audio-alsa suse-upgrade-qemu-audio-dbus suse-upgrade-qemu-audio-jack suse-upgrade-qemu-audio-pa suse-upgrade-qemu-audio-pipewire suse-upgrade-qemu-audio-spice suse-upgrade-qemu-block-curl suse-upgrade-qemu-block-dmg suse-upgrade-qemu-block-gluster suse-upgrade-qemu-block-iscsi suse-upgrade-qemu-block-nfs suse-upgrade-qemu-block-rbd suse-upgrade-qemu-block-ssh suse-upgrade-qemu-chardev-baum suse-upgrade-qemu-chardev-spice suse-upgrade-qemu-doc suse-upgrade-qemu-extra suse-upgrade-qemu-guest-agent suse-upgrade-qemu-headless suse-upgrade-qemu-hw-display-qxl suse-upgrade-qemu-hw-display-virtio-gpu suse-upgrade-qemu-hw-display-virtio-gpu-pci suse-upgrade-qemu-hw-display-virtio-vga suse-upgrade-qemu-hw-s390x-virtio-gpu-ccw suse-upgrade-qemu-hw-usb-host suse-upgrade-qemu-hw-usb-redirect suse-upgrade-qemu-hw-usb-smartcard suse-upgrade-qemu-img suse-upgrade-qemu-ipxe suse-upgrade-qemu-ivshmem-tools suse-upgrade-qemu-ksm suse-upgrade-qemu-kvm suse-upgrade-qemu-lang suse-upgrade-qemu-linux-user suse-upgrade-qemu-microvm suse-upgrade-qemu-ppc suse-upgrade-qemu-pr-helper suse-upgrade-qemu-s390x suse-upgrade-qemu-seabios suse-upgrade-qemu-sgabios suse-upgrade-qemu-skiboot suse-upgrade-qemu-slof suse-upgrade-qemu-spice suse-upgrade-qemu-tools suse-upgrade-qemu-ui-curses suse-upgrade-qemu-ui-dbus suse-upgrade-qemu-ui-gtk suse-upgrade-qemu-ui-opengl suse-upgrade-qemu-ui-spice-app suse-upgrade-qemu-ui-spice-core suse-upgrade-qemu-vgabios suse-upgrade-qemu-vhost-user-gpu suse-upgrade-qemu-x86 References https://attackerkb.com/topics/cve-2024-7409 CVE - 2024-7409

Alma Linux: CVE-2024-7383: Moderate: virt:rhel and virt-devel:rhel security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/05/2024 Created 09/24/2024 Added 09/23/2024 Modified 11/14/2024 Description A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic. Solution(s) alma-upgrade-hivex alma-upgrade-hivex-devel alma-upgrade-libguestfs alma-upgrade-libguestfs-appliance alma-upgrade-libguestfs-bash-completion alma-upgrade-libguestfs-devel alma-upgrade-libguestfs-gfs2 alma-upgrade-libguestfs-gobject alma-upgrade-libguestfs-gobject-devel alma-upgrade-libguestfs-inspect-icons alma-upgrade-libguestfs-java alma-upgrade-libguestfs-java-devel alma-upgrade-libguestfs-javadoc alma-upgrade-libguestfs-man-pages-ja alma-upgrade-libguestfs-man-pages-uk alma-upgrade-libguestfs-rescue alma-upgrade-libguestfs-rsync alma-upgrade-libguestfs-tools alma-upgrade-libguestfs-tools-c alma-upgrade-libguestfs-winsupport alma-upgrade-libguestfs-xfs alma-upgrade-libiscsi alma-upgrade-libiscsi-devel alma-upgrade-libiscsi-utils alma-upgrade-libnbd alma-upgrade-libnbd-bash-completion alma-upgrade-libnbd-devel alma-upgrade-libtpms alma-upgrade-libtpms-devel alma-upgrade-libvirt alma-upgrade-libvirt-client alma-upgrade-libvirt-daemon alma-upgrade-libvirt-daemon-config-network alma-upgrade-libvirt-daemon-config-nwfilter alma-upgrade-libvirt-daemon-driver-interface alma-upgrade-libvirt-daemon-driver-network alma-upgrade-libvirt-daemon-driver-nodedev alma-upgrade-libvirt-daemon-driver-nwfilter alma-upgrade-libvirt-daemon-driver-qemu alma-upgrade-libvirt-daemon-driver-secret alma-upgrade-libvirt-daemon-driver-storage alma-upgrade-libvirt-daemon-driver-storage-core alma-upgrade-libvirt-daemon-driver-storage-disk alma-upgrade-libvirt-daemon-driver-storage-gluster alma-upgrade-libvirt-daemon-driver-storage-iscsi alma-upgrade-libvirt-daemon-driver-storage-iscsi-direct alma-upgrade-libvirt-daemon-driver-storage-logical alma-upgrade-libvirt-daemon-driver-storage-mpath alma-upgrade-libvirt-daemon-driver-storage-rbd alma-upgrade-libvirt-daemon-driver-storage-scsi alma-upgrade-libvirt-daemon-kvm alma-upgrade-libvirt-dbus alma-upgrade-libvirt-devel alma-upgrade-libvirt-docs alma-upgrade-libvirt-libs alma-upgrade-libvirt-lock-sanlock alma-upgrade-libvirt-nss alma-upgrade-libvirt-wireshark alma-upgrade-lua-guestfs alma-upgrade-nbdfuse alma-upgrade-nbdkit alma-upgrade-nbdkit-bash-completion alma-upgrade-nbdkit-basic-filters alma-upgrade-nbdkit-basic-plugins alma-upgrade-nbdkit-curl-plugin alma-upgrade-nbdkit-devel alma-upgrade-nbdkit-example-plugins alma-upgrade-nbdkit-gzip-filter alma-upgrade-nbdkit-gzip-plugin alma-upgrade-nbdkit-linuxdisk-plugin alma-upgrade-nbdkit-nbd-plugin alma-upgrade-nbdkit-python-plugin alma-upgrade-nbdkit-server alma-upgrade-nbdkit-ssh-plugin alma-upgrade-nbdkit-tar-filter alma-upgrade-nbdkit-tar-plugin alma-upgrade-nbdkit-tmpdisk-plugin alma-upgrade-nbdkit-vddk-plugin alma-upgrade-nbdkit-xz-filter alma-upgrade-netcf alma-upgrade-netcf-devel alma-upgrade-netcf-libs alma-upgrade-ocaml-hivex alma-upgrade-ocaml-hivex-devel alma-upgrade-ocaml-libguestfs alma-upgrade-ocaml-libguestfs-devel alma-upgrade-ocaml-libnbd alma-upgrade-ocaml-libnbd-devel alma-upgrade-perl-hivex alma-upgrade-perl-sys-guestfs alma-upgrade-perl-sys-virt alma-upgrade-python3-hivex alma-upgrade-python3-libguestfs alma-upgrade-python3-libnbd alma-upgrade-python3-libvirt alma-upgrade-qemu-guest-agent alma-upgrade-qemu-img alma-upgrade-qemu-kvm alma-upgrade-qemu-kvm-block-curl alma-upgrade-qemu-kvm-block-gluster alma-upgrade-qemu-kvm-block-iscsi alma-upgrade-qemu-kvm-block-rbd alma-upgrade-qemu-kvm-block-ssh alma-upgrade-qemu-kvm-common alma-upgrade-qemu-kvm-core alma-upgrade-qemu-kvm-docs alma-upgrade-qemu-kvm-hw-usbredir alma-upgrade-qemu-kvm-tests alma-upgrade-qemu-kvm-ui-opengl alma-upgrade-qemu-kvm-ui-spice alma-upgrade-ruby-hivex alma-upgrade-ruby-libguestfs alma-upgrade-seabios alma-upgrade-seabios-bin alma-upgrade-seavgabios-bin alma-upgrade-sgabios alma-upgrade-sgabios-bin alma-upgrade-slof alma-upgrade-supermin alma-upgrade-supermin-devel alma-upgrade-swtpm alma-upgrade-swtpm-devel alma-upgrade-swtpm-libs alma-upgrade-swtpm-tools alma-upgrade-swtpm-tools-pkcs11 alma-upgrade-virt-dib alma-upgrade-virt-v2v alma-upgrade-virt-v2v-bash-completion alma-upgrade-virt-v2v-man-pages-ja alma-upgrade-virt-v2v-man-pages-uk References https://attackerkb.com/topics/cve-2024-7383 CVE - 2024-7383 https://errata.almalinux.org/8/ALSA-2024-6964.html https://errata.almalinux.org/9/ALSA-2024-6757.html

Ubuntu: (CVE-2024-7409): qemu vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/05/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/23/2025 Description A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. Solution(s) ubuntu-upgrade-qemu References https://attackerkb.com/topics/cve-2024-7409 CVE - 2024-7409 https://www.cve.org/CVERecord?id=CVE-2024-7409

Ubuntu: USN-6962-1 (CVE-2024-6472): LibreOffice vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/05/2024 Created 08/20/2024 Added 08/19/2024 Modified 10/23/2024 Description Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5. Solution(s) ubuntu-upgrade-libreoffice References https://attackerkb.com/topics/cve-2024-6472 CVE - 2024-6472 USN-6962-1

FreeBSD: VID-66907DAB-6BB2-11EF-B813-4CCC6ADDA413 (CVE-2024-6996): qt5-webengine -- Multiple vulnerabilities Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 08/05/2024 Created 09/10/2024 Added 09/06/2024 Modified 01/28/2025 Description Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-qt5-webengine References CVE-2024-6996

FreeBSD: VID-5776CC4F-5717-11EF-B611-84A93843EB75 (CVE-2024-42009): Roundcube -- Multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/04/2024 Created 08/13/2024 Added 08/10/2024 Modified 01/28/2025 Description A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. Solution(s) freebsd-upgrade-package-roundcube References CVE-2024-42009

FreeBSD: VID-5776CC4F-5717-11EF-B611-84A93843EB75 (CVE-2024-42010): Roundcube -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/04/2024 Created 08/13/2024 Added 08/10/2024 Modified 08/10/2024 Description mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information. Solution(s) freebsd-upgrade-package-roundcube References CVE-2024-42010

Debian: CVE-2024-6989: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/02/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/28/2025 Description Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-6989 CVE - 2024-6989 DSA-5735-1

FreeBSD: VID-5776CC4F-5717-11EF-B611-84A93843EB75 (CVE-2024-42008): Roundcube -- Multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/04/2024 Created 08/13/2024 Added 08/10/2024 Modified 01/28/2025 Description A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header. Solution(s) freebsd-upgrade-package-roundcube References CVE-2024-42008

Debian: CVE-2024-7003: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/02/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/28/2025 Description Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-7003 CVE - 2024-7003 DSA-5735-1

Debian: CVE-2024-7005: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/02/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/28/2025 Description Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-7005 CVE - 2024-7005 DSA-5735-1

Oracle Linux: CVE-2024-7409: ELSA-2024-6964:virt:ol and virt-devel:rhel security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/02/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/07/2025 Description A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. Solution(s) oracle-linux-upgrade-hivex oracle-linux-upgrade-hivex-devel oracle-linux-upgrade-libguestfs oracle-linux-upgrade-libguestfs-appliance oracle-linux-upgrade-libguestfs-bash-completion oracle-linux-upgrade-libguestfs-devel oracle-linux-upgrade-libguestfs-gfs2 oracle-linux-upgrade-libguestfs-gobject oracle-linux-upgrade-libguestfs-gobject-devel oracle-linux-upgrade-libguestfs-inspect-icons oracle-linux-upgrade-libguestfs-java oracle-linux-upgrade-libguestfs-java-devel oracle-linux-upgrade-libguestfs-javadoc oracle-linux-upgrade-libguestfs-man-pages-ja oracle-linux-upgrade-libguestfs-man-pages-uk oracle-linux-upgrade-libguestfs-rescue oracle-linux-upgrade-libguestfs-rsync oracle-linux-upgrade-libguestfs-tools oracle-linux-upgrade-libguestfs-tools-c oracle-linux-upgrade-libguestfs-winsupport oracle-linux-upgrade-libguestfs-xfs oracle-linux-upgrade-libiscsi oracle-linux-upgrade-libiscsi-devel oracle-linux-upgrade-libiscsi-utils oracle-linux-upgrade-libnbd oracle-linux-upgrade-libnbd-bash-completion oracle-linux-upgrade-libnbd-devel oracle-linux-upgrade-libtpms oracle-linux-upgrade-libtpms-devel oracle-linux-upgrade-libvirt oracle-linux-upgrade-libvirt-client oracle-linux-upgrade-libvirt-client-qemu oracle-linux-upgrade-libvirt-daemon oracle-linux-upgrade-libvirt-daemon-config-network oracle-linux-upgrade-libvirt-daemon-config-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-interface oracle-linux-upgrade-libvirt-daemon-driver-network oracle-linux-upgrade-libvirt-daemon-driver-nodedev oracle-linux-upgrade-libvirt-daemon-driver-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-qemu oracle-linux-upgrade-libvirt-daemon-driver-secret oracle-linux-upgrade-libvirt-daemon-driver-storage oracle-linux-upgrade-libvirt-daemon-driver-storage-core oracle-linux-upgrade-libvirt-daemon-driver-storage-disk oracle-linux-upgrade-libvirt-daemon-driver-storage-gluster oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi-direct oracle-linux-upgrade-libvirt-daemon-driver-storage-logical oracle-linux-upgrade-libvirt-daemon-driver-storage-mpath oracle-linux-upgrade-libvirt-daemon-driver-storage-rbd oracle-linux-upgrade-libvirt-daemon-driver-storage-scsi oracle-linux-upgrade-libvirt-daemon-kvm oracle-linux-upgrade-libvirt-dbus oracle-linux-upgrade-libvirt-devel oracle-linux-upgrade-libvirt-docs oracle-linux-upgrade-libvirt-libs oracle-linux-upgrade-libvirt-lock-sanlock oracle-linux-upgrade-libvirt-nss oracle-linux-upgrade-libvirt-wireshark oracle-linux-upgrade-lua-guestfs oracle-linux-upgrade-nbdfuse oracle-linux-upgrade-nbdkit oracle-linux-upgrade-nbdkit-bash-completion oracle-linux-upgrade-nbdkit-basic-filters oracle-linux-upgrade-nbdkit-basic-plugins oracle-linux-upgrade-nbdkit-curl-plugin oracle-linux-upgrade-nbdkit-devel oracle-linux-upgrade-nbdkit-example-plugins oracle-linux-upgrade-nbdkit-gzip-filter oracle-linux-upgrade-nbdkit-gzip-plugin oracle-linux-upgrade-nbdkit-linuxdisk-plugin oracle-linux-upgrade-nbdkit-nbd-plugin oracle-linux-upgrade-nbdkit-python-plugin oracle-linux-upgrade-nbdkit-server oracle-linux-upgrade-nbdkit-ssh-plugin oracle-linux-upgrade-nbdkit-tar-filter oracle-linux-upgrade-nbdkit-tar-plugin oracle-linux-upgrade-nbdkit-tmpdisk-plugin oracle-linux-upgrade-nbdkit-vddk-plugin oracle-linux-upgrade-nbdkit-xz-filter oracle-linux-upgrade-netcf oracle-linux-upgrade-netcf-devel oracle-linux-upgrade-netcf-libs oracle-linux-upgrade-ocaml-hivex oracle-linux-upgrade-ocaml-hivex-devel oracle-linux-upgrade-ocaml-libguestfs oracle-linux-upgrade-ocaml-libguestfs-devel oracle-linux-upgrade-ocaml-libnbd oracle-linux-upgrade-ocaml-libnbd-devel oracle-linux-upgrade-perl-hivex oracle-linux-upgrade-perl-sys-guestfs oracle-linux-upgrade-perl-sys-virt oracle-linux-upgrade-python3-hivex oracle-linux-upgrade-python3-libguestfs oracle-linux-upgrade-python3-libnbd oracle-linux-upgrade-python3-libvirt oracle-linux-upgrade-qemu-guest-agent oracle-linux-upgrade-qemu-img oracle-linux-upgrade-qemu-kvm oracle-linux-upgrade-qemu-kvm-audio-pa oracle-linux-upgrade-qemu-kvm-block-blkio oracle-linux-upgrade-qemu-kvm-block-curl oracle-linux-upgrade-qemu-kvm-block-gluster oracle-linux-upgrade-qemu-kvm-block-iscsi oracle-linux-upgrade-qemu-kvm-block-rbd oracle-linux-upgrade-qemu-kvm-block-ssh oracle-linux-upgrade-qemu-kvm-common oracle-linux-upgrade-qemu-kvm-core oracle-linux-upgrade-qemu-kvm-device-display-virtio-gpu oracle-linux-upgrade-qemu-kvm-device-display-virtio-gpu-pci oracle-linux-upgrade-qemu-kvm-device-display-virtio-vga oracle-linux-upgrade-qemu-kvm-device-usb-host oracle-linux-upgrade-qemu-kvm-device-usb-redirect oracle-linux-upgrade-qemu-kvm-docs oracle-linux-upgrade-qemu-kvm-hw-usbredir oracle-linux-upgrade-qemu-kvm-tests oracle-linux-upgrade-qemu-kvm-tools oracle-linux-upgrade-qemu-kvm-ui-egl-headless oracle-linux-upgrade-qemu-kvm-ui-opengl oracle-linux-upgrade-qemu-kvm-ui-spice oracle-linux-upgrade-qemu-pr-helper oracle-linux-upgrade-qemu-virtiofsd oracle-linux-upgrade-ruby-hivex oracle-linux-upgrade-ruby-libguestfs oracle-linux-upgrade-seabios oracle-linux-upgrade-seabios-bin oracle-linux-upgrade-seavgabios-bin oracle-linux-upgrade-sgabios oracle-linux-upgrade-sgabios-bin oracle-linux-upgrade-supermin oracle-linux-upgrade-supermin-devel oracle-linux-upgrade-swtpm oracle-linux-upgrade-swtpm-devel oracle-linux-upgrade-swtpm-libs oracle-linux-upgrade-swtpm-tools oracle-linux-upgrade-swtpm-tools-pkcs11 oracle-linux-upgrade-virt-dib oracle-linux-upgrade-virt-v2v oracle-linux-upgrade-virt-v2v-bash-completion oracle-linux-upgrade-virt-v2v-man-pages-ja oracle-linux-upgrade-virt-v2v-man-pages-uk References https://attackerkb.com/topics/cve-2024-7409 CVE - 2024-7409 ELSA-2024-6964 ELSA-2024-12792 ELSA-2024-9136

Debian: CVE-2024-6993: chromium -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/02/2024 Created 08/03/2024 Added 08/02/2024 Modified 08/02/2024 Description Debian: CVE-2024-6993: chromium -- security update Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-6993 CVE - 2024-6993 DSA-5735-1

Alpine Linux: CVE-2024-42458: Vulnerability in Multiple Components Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/02/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/02/2024 Description server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369. Solution(s) alpine-linux-upgrade-neatvnc References https://attackerkb.com/topics/cve-2024-42458 CVE - 2024-42458 https://security.alpinelinux.org/vuln/CVE-2024-42458

Microsoft Edge Chromium: CVE-2024-7256 Insufficient data validation in Dawn Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/02/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/28/2025 Description Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-7256 CVE - 2024-7256 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7256

Debian: CVE-2024-7256: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/02/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/28/2025 Description Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-7256 CVE - 2024-7256 DSA-5735-1