[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 9 09:12:00 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc9d4ef9 by security tracker role at 2024-04-09T08:11:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2024-3466 (A vulnerability was found in SourceCodester Laundry Management System  ...)
+	TODO: check
+CVE-2024-3465 (A vulnerability was found in SourceCodester Laundry Management System  ...)
+	TODO: check
+CVE-2024-31366 (Missing Authorization vulnerability in Themify Post Type Builder (PTB) ...)
+	TODO: check
+CVE-2024-31365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and before all ...)
+	TODO: check
+CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...)
+	TODO: check
+CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ compone ...)
+	TODO: check
+CVE-2024-30697 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...)
+	TODO: check
+CVE-2024-30696 (OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_ ...)
+	TODO: check
+CVE-2024-30695 (An issue was discovered in the default configurations of ROS2 Galactic ...)
+	TODO: check
+CVE-2024-30694 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...)
+	TODO: check
+CVE-2024-30692 (A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSIO ...)
+	TODO: check
+CVE-2024-30691 (An issue was discovered in ROS2 Galactic Geochelone in version ROS_VER ...)
+	TODO: check
+CVE-2024-30690 (An unauthorized node injection vulnerability has been identified in RO ...)
+	TODO: check
+CVE-2024-30688 (An arbitrary file upload vulnerability has been discovered in ROS2 Iro ...)
+	TODO: check
+CVE-2024-30687 (An insecure deserialization vulnerability has been identified in ROS2  ...)
+	TODO: check
+CVE-2024-30686 (An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ...)
+	TODO: check
+CVE-2024-30684 (An insecure logging vulnerability has been identified within ROS2 Iron ...)
+	TODO: check
+CVE-2024-30683 (A buffer overflow vulnerability has been discovered in the C++ compone ...)
+	TODO: check
+CVE-2024-30681 (An OS command injection vulnerability has been discovered in ROS2 Iron ...)
+	TODO: check
+CVE-2024-30680 (Shell injection vulnerability was discovered in ROS2 (Robot Operating  ...)
+	TODO: check
+CVE-2024-30679 (An issue was discovered in the default configurations of ROS2 Iron Irw ...)
+	TODO: check
+CVE-2024-30678 (An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS ...)
+	TODO: check
+CVE-2024-30676 (A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini ver ...)
+	TODO: check
+CVE-2024-30218 (The ABAP Application Server of SAP NetWeaver as well as ABAP Platforma ...)
+	TODO: check
+CVE-2024-30217 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...)
+	TODO: check
+CVE-2024-30216 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...)
+	TODO: check
+CVE-2024-30215 (The Resource Settings page allows a high privilege attacker to load ex ...)
+	TODO: check
+CVE-2024-30214 (The application allows a high privilege attacker to append a malicious ...)
+	TODO: check
+CVE-2024-2975 (A race condition was identified through which privilege escalation was ...)
+	TODO: check
+CVE-2024-28167 (SAP Group Reporting Data Collectiondoes not perform necessary authoriz ...)
+	TODO: check
+CVE-2024-27901 (SAP Asset Accounting could allow a high privileged attacker to exploit ...)
+	TODO: check
+CVE-2024-27899 (Self-Registrationand Modify your own profile in User Admin Application ...)
+	TODO: check
+CVE-2024-27898 (SAP NetWeaver application, due to insufficient input validation, allow ...)
+	TODO: check
+CVE-2024-27632 (An issue in GNU Savane v.3.12 and before allows a remote attacker to e ...)
+	TODO: check
+CVE-2024-27631 (Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and befo ...)
+	TODO: check
+CVE-2024-27630 (Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and befor ...)
+	TODO: check
+CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business Intelligence La ...)
+	TODO: check
+CVE-2024-23584 (The NMAP Importer service may expose data store credentials to authori ...)
+	TODO: check
+CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsExce ...)
+	TODO: check
+CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept ...)
+	TODO: check
+CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...)
+	TODO: check
+CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...)
+	TODO: check
+CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...)
+	TODO: check
+CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, wher ...)
+	TODO: check
+CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...)
+	TODO: check
+CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...)
+	TODO: check
 CVE-2024-25743
 	- linux <unfixed>
 	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html
@@ -1706,7 +1800,7 @@ CVE-2024-31080 (A heap-based buffer over-read vulnerability was found in the X.o
 	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b
 	NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
-CVE-2024-27983
+CVE-2024-27983 (An attacker can make the Node.js HTTP/2 server completely unavailable  ...)
 	- nodejs 18.20.1+dfsg-1 (bug #1068347)
 	NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
 CVE-2024-27982



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9d4ef9e4c2f4e5bae98c8083b3eca598f1a8c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9d4ef9e4c2f4e5bae98c8083b3eca598f1a8c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240409/b38ba48a/attachment.htm>

More information about the debian-security-tracker-commits mailing list