[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 10 11:02:19 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab2ebc54 by Salvatore Bonaccorso at 2024-07-10T11:39:10+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,87 +83,87 @@ CVE-2024-36450 (Cross-site scripting vulnerability exists in sysinfo.cgi of Webm
 CVE-2024-35154 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote auth ...)
 	NOT-FOR-US: IBM
 CVE-2024-34726 (In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code e ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34725 (In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arb ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34724 (In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34723 (In onTransact of ParcelableListBinder.java , there is a possible way t ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34722 (In smp_proc_rand of smp_act.cc, there is a possible authentication byp ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34721 (In ensureFileColumns of MediaProvider.java, there is a possible disclo ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34720 (In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-32670 (Exposure of Sensitive Information to an Unauthorized Actor in Samsung  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-31339 (In multiple functions of StatsService.cpp, there is a possible memory  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31335 (In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31334 (In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possi ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31332 (In multiple locations, there is a possible way to bypass a restriction ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31331 (In setMimeGroup of PackageManagerService.java, there is a possible way ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31327 (In multiple functions of MessageQueueBase.h, there is a possible out o ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31326 (In multiple locations, there is a possible way in which policy migrati ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31325 (In multiple locations, there is a possible way to reveal images across ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31324 (In hide of WindowState.java, there is a possible way to bypass tapjack ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31323 (In onCreate of multiple files, there is a possible way to trick the us ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31322 (In updateServicesLocked of AccessibilityManagerService.java, there is  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31320 (In setSkipPrompt of AssociationRequest.java , there is a possible way  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31319 (In updateNotificationChannelFromPrivilegedListener of NotificationMana ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31318 (In CompanionDeviceManagerService.java, there is a possible way to pair ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31317 (In multiple functions of ZygoteProcess.java, there is a possible way t ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31316 (In onResult of AccountManagerService.java, there is a possible way to  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31315 (In multiple functions of ManagedServices.java, there is a possible way ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31314 (In multiple functions of ShortcutService.java, there is a possible per ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31313 (In availableToWriteBytes of MessageQueueBase.h, there is a possible ou ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31312 (In multiple locations, there is a possible information leak due to a m ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31311 (In increment_annotation_count of stats_event.c, there is a possible ou ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31310 (In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-27386 (A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27385 (A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-25023 (IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar S ...)
 	NOT-FOR-US: IBM
 CVE-2024-23711 (In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-23698 (In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitr ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-23697 (In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary c ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-23696 (In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary cod ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-23695 (In CacheOpPMRExec of cache_km.c, there is a possible out of bounds wri ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-22477 (A cross-site scripting vulnerability exists in the admin console OIDC  ...)
 	TODO: check
 CVE-2024-22377 (The deploy directory in PingFederate runtime nodes is reachable to una ...)
 	TODO: check
 CVE-2024-21993 (SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: NetAPP
 CVE-2024-21832 (A potential JSON injection attack vector exists in PingFederate REST A ...)
 	TODO: check
 CVE-2024-21526 (All versions of the package speaker are vulnerable to Denial of Servic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab2ebc54b5f1628ef010b57678806ce38a3e99e3

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab2ebc54b5f1628ef010b57678806ce38a3e99e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240710/f6233d23/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list