[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 16 Feb 2024 12:13:52 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
64a70ab0 by security tracker role at 2024-02-16T20:12:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2024-25466 (Directory Traversal vulnerability in React Native Document 
Picker befo ...)
+       TODO: check
+CVE-2024-25320 (Tongda OA v2017 and up to v11.9 was discovered to contain a 
SQL inject ...)
+       TODO: check
+CVE-2024-24377 (An issue in idocv v.14.1.3_20231228 allows a remote attacker 
to execut ...)
+       TODO: check
+CVE-2024-23591 (ThinkSystem SR670V2 servers manufactured from approximately 
June 2021  ...)
+       TODO: check
+CVE-2024-22854 (DOM-based HTML injection vulnerability in the main page of 
Darktrace T ...)
+       TODO: check
+CVE-2024-22426 (Dell RecoverPoint for Virtual Machines 5.3.x contains an OS 
Command in ...)
+       TODO: check
+CVE-2024-22425 (Dell RecoverPoint for Virtual Machines 5.3.x contains a brute 
force/di ...)
+       TODO: check
+CVE-2024-21915 (A privilege escalation vulnerability exists in Rockwell 
Automation Fac ...)
+       TODO: check
+CVE-2024-21775 (Zoho ManageEngine Exchange Reporter Plus versions5714and below 
are vul ...)
+       TODO: check
+CVE-2024-1591 (Prior to version 24.1, a local authenticated attacker can view 
Sysvol  ...)
+       TODO: check
+CVE-2024-1515
+       REJECTED
+CVE-2024-1444
+       REJECTED
+CVE-2024-0023 (In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a 
possible ...)
+       TODO: check
+CVE-2024-0021 (In onCreate of NotificationAccessConfirmationActivity.java, 
there is a ...)
+       TODO: check
+CVE-2024-0020 (In onActivityResult of NotificationSoundPreference.java, there 
is a po ...)
+       TODO: check
+CVE-2024-0019 (In setListening of AppOpsControllerImpl.java, there is a 
possible way  ...)
+       TODO: check
+CVE-2024-0018 (In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is 
a possi ...)
+       TODO: check
+CVE-2024-0017 (In shouldUseNoOpLocation of CameraActivity.java, there is a 
possible c ...)
+       TODO: check
+CVE-2024-0016 (In multiple locations, there is a possible out of bounds read 
due to a ...)
+       TODO: check
+CVE-2024-0015 (In convertToComponentName of DreamService.java, there is a 
possible wa ...)
+       TODO: check
+CVE-2023-51931 (An issue in alanclarke URLite v.3.1.0 allows an attacker to 
cause a de ...)
+       TODO: check
+CVE-2023-45860 (In Hazelcast Platform through 5.3.4, a security issue exists 
within th ...)
+       TODO: check
+CVE-2023-40085 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a 
possible ou ...)
+       TODO: check
 CVE-2023-52160
        - wpa <unfixed> (bug #1064061)
        NOTE: https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baff
@@ -634,7 +680,7 @@ CVE-2023-39249 (Dell SupportAssist for Business PCs version 
3.4.0 contains a loc
        NOT-FOR-US: Dell
 CVE-2023-38960 (Insecure Permissions issue in Raiden Professional Server 
RaidenFTPD v. ...)
        NOT-FOR-US: RaidenFTPD
-CVE-2024-1342
+CVE-2024-1342 (A flaw was found in OpenShift. The existing Cross-Site Request 
Forgery ...)
        NOT-FOR-US: Red Hat OpenShift
 CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents 
simultane ...)
        NOT-FOR-US: sidekiq-unique-jobs
@@ -2503,6 +2549,7 @@ CVE-2023-5643 (Out-of-bounds Write vulnerability in Arm 
Ltd Bifrost GPU Kernel D
 CVE-2023-5249 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel 
Driver, Arm ...)
        NOT-FOR-US: Arm
 CVE-2023-52138 (Engrampa is an archive manager for the MATE environment. 
Engrampa is f ...)
+       {DSA-5625-1}
        - engrampa 1.26.2-1 (bug #1063494)
        NOTE: 
https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v
        NOTE: 
https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970
@@ -85008,8 +85055,8 @@ CVE-2023-21167 (In setProfileName of 
DevicePolicyManagerService.java, there is a
        NOT-FOR-US: Android
 CVE-2023-21166 (In RGXBackingZSBuffer of rgxta3d.c, there is a possible 
arbitrary code ...)
        NOT-FOR-US: Android
-CVE-2023-21165
-       RESERVED
+CVE-2023-21165 (In DevmemIntUnmapPMR of devicemem_server.c, there is a 
possible arbitr ...)
+       TODO: check
 CVE-2023-21164 (In DevmemIntMapPMR of devicemem_server.c, there is a possible 
arbitrar ...)
        NOT-FOR-US: Android
 CVE-2023-21163 (In PMR_ReadBytes of pmr.c, there is a possible arbitrary code 
executio ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64a70ab02de2596eae87321c1c2380d60758a50b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64a70ab02de2596eae87321c1c2380d60758a50b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to