[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 16 Feb 2024 00:18:15 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9090787c by security tracker role at 2024-02-16T08:11:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2024-25415 (A remote code execution (RCE) vulnerability in 
/admin/define_language. ...)
+       TODO: check
+CVE-2024-25414 (An arbitrary file upload vulnerability in /admin/upgrade of 
CSZ CMS v1 ...)
+       TODO: check
+CVE-2024-25413 (A XSLT Server Side injection vulnerability in the Import Jobs 
function ...)
+       TODO: check
+CVE-2024-25123 (MSS (Mission Support System) is an open source package 
designed for pl ...)
+       TODO: check
+CVE-2024-23674 (The Online-Ausweis-Funktion eID scheme in the German National 
Identity ...)
+       TODO: check
+CVE-2024-23479 (SolarWinds Access Rights Manager (ARM) was found to be 
susceptible to  ...)
+       TODO: check
+CVE-2024-23478 (SolarWinds Access Rights Manager (ARM) was found to be 
susceptible to  ...)
+       TODO: check
+CVE-2024-23477 (The SolarWinds Access Rights Manager (ARM) was found to be 
susceptible ...)
+       TODO: check
+CVE-2024-23476 (The SolarWinds Access Rights Manager (ARM) was found to be 
susceptible ...)
+       TODO: check
+CVE-2024-21728 (An Open Redirect vulnerability was found in osTicky2 below 
2.2.8. osTi ...)
+       TODO: check
+CVE-2024-0622 (Local privilege escalation vulnerabilityaffects OpenText 
Operations Ag ...)
+       TODO: check
+CVE-2024-0240 (A memory leak in the Silicon Labs' Bluetooth stack for EFR32 
products  ...)
+       TODO: check
+CVE-2024-0041 (In removePersistentDot of 
SystemStatusAnimationSchedulerImpl.kt, there ...)
+       TODO: check
+CVE-2024-0040 (In setParameter of MtpPacket.cpp, there is a possible out of 
bounds re ...)
+       TODO: check
+CVE-2024-0038 (In injectInputEventToInputFilter of 
AccessibilityManagerService.java,  ...)
+       TODO: check
+CVE-2024-0037 (In applyCustomDescription of SaveUi.java, there is a possible 
way to v ...)
+       TODO: check
+CVE-2024-0036 (In startNextMatchingActivity of 
ActivityTaskManagerService.java, there ...)
+       TODO: check
+CVE-2024-0035 (In onNullBinding of TileLifecycleManager.java, there is a 
possible way ...)
+       TODO: check
+CVE-2024-0034 (In BackgroundLaunchProcessController, there is a possible way 
to launc ...)
+       TODO: check
+CVE-2024-0033 (In multiple functions of ashmem-dev.cpp, there is a possible 
missing s ...)
+       TODO: check
+CVE-2024-0032 (In queryChildDocuments of FileSystemProvider.java, there is a 
possible ...)
+       TODO: check
+CVE-2024-0031 (In attp_build_read_by_type_value_cmd of att_protocol.cc , there 
is a p ...)
+       TODO: check
+CVE-2024-0030 (In btif_to_bta_response of btif_gatt_util.cc, there is a 
possible out  ...)
+       TODO: check
+CVE-2024-0029 (In multiple files, there is a possible way to capture the 
device scree ...)
+       TODO: check
+CVE-2024-0014 (In startInstall of UpdateFetcher.java, there is a possible way 
to trig ...)
+       TODO: check
+CVE-2023-6451 (Publicly known cryptographic machine key in AlayaCare's Procura 
Portal ...)
+       TODO: check
+CVE-2023-6123 (Improper Neutralization vulnerability affects OpenText ALM 
Octaneversi ...)
+       TODO: check
+CVE-2023-49508 (Directory Traversal vulnerability in YetiForceCompany 
YetiForceCRM ver ...)
+       TODO: check
+CVE-2023-40122 (In applyCustomDescription of SaveUi.java, there is a possible 
way to v ...)
+       TODO: check
+CVE-2023-40093 (In multiple files, there is a possible way that trimmed 
content could  ...)
+       TODO: check
+CVE-2023-40057 (The SolarWinds Access Rights Manager was found to be 
susceptible to a  ...)
+       TODO: check
 CVE-2024-21890
        [experimental] - nodejs <unfixed>
        - nodejs <not-affected> (Only affects 20.x and later)
@@ -18528,31 +18590,31 @@ CVE-2022-48613 (Race condition vulnerability in the 
kernel module. Successful ex
        NOT-FOR-US: Huawei
 CVE-2023-47248 (Deserialization of untrusted data in IPC and Parquet readers 
in PyArro ...)
        - apache-arrow <itp> (bug #970021)
-CVE-2023-40114
+CVE-2023-40114 (In multiple functions of MtpFfsHandle.cpp , there is a 
possible out of ...)
        NOT-FOR-US: Android
-CVE-2023-40111
+CVE-2023-40111 (In setMediaButtonReceiver of MediaSessionRecord.java, there is 
a possi ...)
        NOT-FOR-US: Android
-CVE-2023-40110
+CVE-2023-40110 (In multiple functions of MtpPacket.cpp, there is a possible 
out of bou ...)
        NOT-FOR-US: Android
-CVE-2023-40109
+CVE-2023-40109 (In createFromParcel of UsbConfiguration.java, there is a 
possible back ...)
        NOT-FOR-US: Android
-CVE-2023-40107
+CVE-2023-40107 (In ARTPWriter of ARTPWriter.cpp, there is a possible use after 
free du ...)
        NOT-FOR-US: Android
-CVE-2023-40106
+CVE-2023-40106 (In sanitizeSbn of NotificationManagerService.java, there is a 
possible ...)
        NOT-FOR-US: Android
-CVE-2023-40105
+CVE-2023-40105 (In backupAgentCreated of ActivityManagerService.java, there is 
a possi ...)
        NOT-FOR-US: Android
-CVE-2023-40124
+CVE-2023-40124 (In multiple locations, there is a possible cross-user read due 
to a co ...)
        NOT-FOR-US: Android
-CVE-2023-40115
+CVE-2023-40115 (In readLogs of StatsService.cpp, there is a possible memory 
corruption ...)
        NOT-FOR-US: Android
-CVE-2023-40100
+CVE-2023-40100 (In discovery_thread of Dns64Configuration.cpp, there is a 
possible mem ...)
        NOT-FOR-US: Android
-CVE-2023-40104
+CVE-2023-40104 (In ca-certificates, there is a possible way to read encrypted 
TLS data ...)
        NOT-FOR-US: Android
-CVE-2023-40113
+CVE-2023-40113 (In multiple locations, there is a possible way for apps to 
access cros ...)
        NOT-FOR-US: Android
-CVE-2023-40112
+CVE-2023-40112 (In ippSetValueTag of ipp.c, there is a possible out of bounds 
read due ...)
        NOT-FOR-US: Android
 CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log 
injecti ...)
        NOT-FOR-US: YugabyteDB



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9090787ca3bca6fe0c48f96e1d152347fc3d5e99

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9090787ca3bca6fe0c48f96e1d152347fc3d5e99
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to