[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 16 08:11:40 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9090787c by security tracker role at 2024-02-16T08:11:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2024-25415 (A remote code execution (RCE) vulnerability in /admin/define_language. ...)
+	TODO: check
+CVE-2024-25414 (An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1 ...)
+	TODO: check
+CVE-2024-25413 (A XSLT Server Side injection vulnerability in the Import Jobs function ...)
+	TODO: check
+CVE-2024-25123 (MSS (Mission Support System) is an open source package designed for pl ...)
+	TODO: check
+CVE-2024-23674 (The Online-Ausweis-Funktion eID scheme in the German National Identity ...)
+	TODO: check
+CVE-2024-23479 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to  ...)
+	TODO: check
+CVE-2024-23478 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to  ...)
+	TODO: check
+CVE-2024-23477 (The SolarWinds Access Rights Manager (ARM) was found to be susceptible ...)
+	TODO: check
+CVE-2024-23476 (The SolarWinds Access Rights Manager (ARM) was found to be susceptible ...)
+	TODO: check
+CVE-2024-21728 (An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTi ...)
+	TODO: check
+CVE-2024-0622 (Local privilege escalation vulnerabilityaffects OpenText Operations Ag ...)
+	TODO: check
+CVE-2024-0240 (A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products  ...)
+	TODO: check
+CVE-2024-0041 (In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there ...)
+	TODO: check
+CVE-2024-0040 (In setParameter of MtpPacket.cpp, there is a possible out of bounds re ...)
+	TODO: check
+CVE-2024-0038 (In injectInputEventToInputFilter of AccessibilityManagerService.java,  ...)
+	TODO: check
+CVE-2024-0037 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...)
+	TODO: check
+CVE-2024-0036 (In startNextMatchingActivity of ActivityTaskManagerService.java, there ...)
+	TODO: check
+CVE-2024-0035 (In onNullBinding of TileLifecycleManager.java, there is a possible way ...)
+	TODO: check
+CVE-2024-0034 (In BackgroundLaunchProcessController, there is a possible way to launc ...)
+	TODO: check
+CVE-2024-0033 (In multiple functions of ashmem-dev.cpp, there is a possible missing s ...)
+	TODO: check
+CVE-2024-0032 (In queryChildDocuments of FileSystemProvider.java, there is a possible ...)
+	TODO: check
+CVE-2024-0031 (In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a p ...)
+	TODO: check
+CVE-2024-0030 (In btif_to_bta_response of btif_gatt_util.cc, there is a possible out  ...)
+	TODO: check
+CVE-2024-0029 (In multiple files, there is a possible way to capture the device scree ...)
+	TODO: check
+CVE-2024-0014 (In startInstall of UpdateFetcher.java, there is a possible way to trig ...)
+	TODO: check
+CVE-2023-6451 (Publicly known cryptographic machine key in AlayaCare's Procura Portal ...)
+	TODO: check
+CVE-2023-6123 (Improper Neutralization vulnerability affects OpenText ALM Octaneversi ...)
+	TODO: check
+CVE-2023-49508 (Directory Traversal vulnerability in YetiForceCompany YetiForceCRM ver ...)
+	TODO: check
+CVE-2023-40122 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...)
+	TODO: check
+CVE-2023-40093 (In multiple files, there is a possible way that trimmed content could  ...)
+	TODO: check
+CVE-2023-40057 (The SolarWinds Access Rights Manager was found to be susceptible to a  ...)
+	TODO: check
 CVE-2024-21890
 	[experimental] - nodejs <unfixed>
 	- nodejs <not-affected> (Only affects 20.x and later)
@@ -18528,31 +18590,31 @@ CVE-2022-48613 (Race condition vulnerability in the kernel module. Successful ex
 	NOT-FOR-US: Huawei
 CVE-2023-47248 (Deserialization of untrusted data in IPC and Parquet readers in PyArro ...)
 	- apache-arrow <itp> (bug #970021)
-CVE-2023-40114
+CVE-2023-40114 (In multiple functions of MtpFfsHandle.cpp , there is a possible out of ...)
 	NOT-FOR-US: Android
-CVE-2023-40111
+CVE-2023-40111 (In setMediaButtonReceiver of MediaSessionRecord.java, there is a possi ...)
 	NOT-FOR-US: Android
-CVE-2023-40110
+CVE-2023-40110 (In multiple functions of MtpPacket.cpp, there is a possible out of bou ...)
 	NOT-FOR-US: Android
-CVE-2023-40109
+CVE-2023-40109 (In createFromParcel of UsbConfiguration.java, there is a possible back ...)
 	NOT-FOR-US: Android
-CVE-2023-40107
+CVE-2023-40107 (In ARTPWriter of ARTPWriter.cpp, there is a possible use after free du ...)
 	NOT-FOR-US: Android
-CVE-2023-40106
+CVE-2023-40106 (In sanitizeSbn of NotificationManagerService.java, there is a possible ...)
 	NOT-FOR-US: Android
-CVE-2023-40105
+CVE-2023-40105 (In backupAgentCreated of ActivityManagerService.java, there is a possi ...)
 	NOT-FOR-US: Android
-CVE-2023-40124
+CVE-2023-40124 (In multiple locations, there is a possible cross-user read due to a co ...)
 	NOT-FOR-US: Android
-CVE-2023-40115
+CVE-2023-40115 (In readLogs of StatsService.cpp, there is a possible memory corruption ...)
 	NOT-FOR-US: Android
-CVE-2023-40100
+CVE-2023-40100 (In discovery_thread of Dns64Configuration.cpp, there is a possible mem ...)
 	NOT-FOR-US: Android
-CVE-2023-40104
+CVE-2023-40104 (In ca-certificates, there is a possible way to read encrypted TLS data ...)
 	NOT-FOR-US: Android
-CVE-2023-40113
+CVE-2023-40113 (In multiple locations, there is a possible way for apps to access cros ...)
 	NOT-FOR-US: Android
-CVE-2023-40112
+CVE-2023-40112 (In ippSetValueTag of ipp.c, there is a possible out of bounds read due ...)
 	NOT-FOR-US: Android
 CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log injecti ...)
 	NOT-FOR-US: YugabyteDB



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9090787ca3bca6fe0c48f96e1d152347fc3d5e99

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9090787ca3bca6fe0c48f96e1d152347fc3d5e99
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240216/872ae299/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list