[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 16 20:12:22 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
64a70ab0 by security tracker role at 2024-02-16T20:12:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2024-25466 (Directory Traversal vulnerability in React Native Document Picker befo ...)
+	TODO: check
+CVE-2024-25320 (Tongda OA v2017 and up to v11.9 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2024-24377 (An issue in idocv v.14.1.3_20231228 allows a remote attacker to execut ...)
+	TODO: check
+CVE-2024-23591 (ThinkSystem SR670V2 servers manufactured from approximately June 2021  ...)
+	TODO: check
+CVE-2024-22854 (DOM-based HTML injection vulnerability in the main page of Darktrace T ...)
+	TODO: check
+CVE-2024-22426 (Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command in ...)
+	TODO: check
+CVE-2024-22425 (Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/di ...)
+	TODO: check
+CVE-2024-21915 (A privilege escalation vulnerability exists in Rockwell Automation Fac ...)
+	TODO: check
+CVE-2024-21775 (Zoho ManageEngine Exchange Reporter Plus versions5714and below are vul ...)
+	TODO: check
+CVE-2024-1591 (Prior to version 24.1, a local authenticated attacker can view Sysvol  ...)
+	TODO: check
+CVE-2024-1515
+	REJECTED
+CVE-2024-1444
+	REJECTED
+CVE-2024-0023 (In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible ...)
+	TODO: check
+CVE-2024-0021 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...)
+	TODO: check
+CVE-2024-0020 (In onActivityResult of NotificationSoundPreference.java, there is a po ...)
+	TODO: check
+CVE-2024-0019 (In setListening of AppOpsControllerImpl.java, there is a possible way  ...)
+	TODO: check
+CVE-2024-0018 (In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possi ...)
+	TODO: check
+CVE-2024-0017 (In shouldUseNoOpLocation of CameraActivity.java, there is a possible c ...)
+	TODO: check
+CVE-2024-0016 (In multiple locations, there is a possible out of bounds read due to a ...)
+	TODO: check
+CVE-2024-0015 (In convertToComponentName of DreamService.java, there is a possible wa ...)
+	TODO: check
+CVE-2023-51931 (An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a de ...)
+	TODO: check
+CVE-2023-45860 (In Hazelcast Platform through 5.3.4, a security issue exists within th ...)
+	TODO: check
+CVE-2023-40085 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...)
+	TODO: check
 CVE-2023-52160
 	- wpa <unfixed> (bug #1064061)
 	NOTE: https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baff
@@ -634,7 +680,7 @@ CVE-2023-39249 (Dell SupportAssist for Business PCs version 3.4.0 contains a loc
 	NOT-FOR-US: Dell
 CVE-2023-38960 (Insecure Permissions issue in Raiden Professional Server RaidenFTPD v. ...)
 	NOT-FOR-US: RaidenFTPD
-CVE-2024-1342
+CVE-2024-1342 (A flaw was found in OpenShift. The existing Cross-Site Request Forgery ...)
 	NOT-FOR-US: Red Hat OpenShift
 CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...)
 	NOT-FOR-US: sidekiq-unique-jobs
@@ -2503,6 +2549,7 @@ CVE-2023-5643 (Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel D
 CVE-2023-5249 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
 	NOT-FOR-US: Arm
 CVE-2023-52138 (Engrampa is an archive manager for the MATE environment. Engrampa is f ...)
+	{DSA-5625-1}
 	- engrampa 1.26.2-1 (bug #1063494)
 	NOTE: https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v
 	NOTE: https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970
@@ -85008,8 +85055,8 @@ CVE-2023-21167 (In setProfileName of DevicePolicyManagerService.java, there is a
 	NOT-FOR-US: Android
 CVE-2023-21166 (In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code ...)
 	NOT-FOR-US: Android
-CVE-2023-21165
-	RESERVED
+CVE-2023-21165 (In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitr ...)
+	TODO: check
 CVE-2023-21164 (In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrar ...)
 	NOT-FOR-US: Android
 CVE-2023-21163 (In PMR_ReadBytes of pmr.c, there is a possible arbitrary code executio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64a70ab02de2596eae87321c1c2380d60758a50b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64a70ab02de2596eae87321c1c2380d60758a50b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240216/7210152c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list