[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 09 Apr 2024 01:12:09 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dc9d4ef9 by security tracker role at 2024-04-09T08:11:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2024-3466 (A vulnerability was found in SourceCodester Laundry Management 
System  ...)
+       TODO: check
+CVE-2024-3465 (A vulnerability was found in SourceCodester Laundry Management 
System  ...)
+       TODO: check
+CVE-2024-31366 (Missing Authorization vulnerability in Themify Post Type 
Builder (PTB) ...)
+       TODO: check
+CVE-2024-31365 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and 
before all ...)
+       TODO: check
+CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone 
ROS_VERS ...)
+       TODO: check
+CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ 
compone ...)
+       TODO: check
+CVE-2024-30697 (An issue was discovered in ROS2 Galactic Geochelone in 
ROS_VERSION 2 a ...)
+       TODO: check
+CVE-2024-30696 (OS command injection vulnerability in ROS2 Galactic Geochelone 
in ROS_ ...)
+       TODO: check
+CVE-2024-30695 (An issue was discovered in the default configurations of ROS2 
Galactic ...)
+       TODO: check
+CVE-2024-30694 (A shell injection vulnerability was discovered in ROS2 (Robot 
Operatin ...)
+       TODO: check
+CVE-2024-30692 (A issue was discovered in ROS2 Galactic Geochelone versions 
ROS_VERSIO ...)
+       TODO: check
+CVE-2024-30691 (An issue was discovered in ROS2 Galactic Geochelone in version 
ROS_VER ...)
+       TODO: check
+CVE-2024-30690 (An unauthorized node injection vulnerability has been 
identified in RO ...)
+       TODO: check
+CVE-2024-30688 (An arbitrary file upload vulnerability has been discovered in 
ROS2 Iro ...)
+       TODO: check
+CVE-2024-30687 (An insecure deserialization vulnerability has been identified 
in ROS2  ...)
+       TODO: check
+CVE-2024-30686 (An issue was discovered in ROS2 Iron Irwini versions 
ROS_VERSION 2 and ...)
+       TODO: check
+CVE-2024-30684 (An insecure logging vulnerability has been identified within 
ROS2 Iron ...)
+       TODO: check
+CVE-2024-30683 (A buffer overflow vulnerability has been discovered in the C++ 
compone ...)
+       TODO: check
+CVE-2024-30681 (An OS command injection vulnerability has been discovered in 
ROS2 Iron ...)
+       TODO: check
+CVE-2024-30680 (Shell injection vulnerability was discovered in ROS2 (Robot 
Operating  ...)
+       TODO: check
+CVE-2024-30679 (An issue was discovered in the default configurations of ROS2 
Iron Irw ...)
+       TODO: check
+CVE-2024-30678 (An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 
and ROS ...)
+       TODO: check
+CVE-2024-30676 (A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron 
Irwini ver ...)
+       TODO: check
+CVE-2024-30218 (The ABAP Application Server of SAP NetWeaver as well as ABAP 
Platforma ...)
+       TODO: check
+CVE-2024-30217 (Cash Management in SAP S/4 HANA does not perform necessary 
authorizati ...)
+       TODO: check
+CVE-2024-30216 (Cash Management in SAP S/4 HANA does not perform necessary 
authorizati ...)
+       TODO: check
+CVE-2024-30215 (The Resource Settings page allows a high privilege attacker to 
load ex ...)
+       TODO: check
+CVE-2024-30214 (The application allows a high privilege attacker to append a 
malicious ...)
+       TODO: check
+CVE-2024-2975 (A race condition was identified through which privilege 
escalation was ...)
+       TODO: check
+CVE-2024-28167 (SAP Group Reporting Data Collectiondoes not perform necessary 
authoriz ...)
+       TODO: check
+CVE-2024-27901 (SAP Asset Accounting could allow a high privileged attacker to 
exploit ...)
+       TODO: check
+CVE-2024-27899 (Self-Registrationand Modify your own profile in User Admin 
Application ...)
+       TODO: check
+CVE-2024-27898 (SAP NetWeaver application, due to insufficient input 
validation, allow ...)
+       TODO: check
+CVE-2024-27632 (An issue in GNU Savane v.3.12 and before allows a remote 
attacker to e ...)
+       TODO: check
+CVE-2024-27631 (Cross Site Request Forgery vulnerability in GNU Savane v.3.12 
and befo ...)
+       TODO: check
+CVE-2024-27630 (Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 
and befor ...)
+       TODO: check
+CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business 
Intelligence La ...)
+       TODO: check
+CVE-2024-23584 (The NMAP Importer service may expose data store credentials to 
authori ...)
+       TODO: check
+CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an 
ArrayIndexOutOfBoundsExce ...)
+       TODO: check
+CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a 
NullPointerExcept ...)
+       TODO: check
+CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a 
NullPointerException v ...)
+       TODO: check
+CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a 
NullPointerException via ...)
+       TODO: check
+CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does 
not sa ...)
+       TODO: check
+CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss 
EAP, wher ...)
+       TODO: check
+CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, 
where a ...)
+       TODO: check
+CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, 
where a ...)
+       TODO: check
 CVE-2024-25743
        - linux <unfixed>
        NOTE: 
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html
@@ -1706,7 +1800,7 @@ CVE-2024-31080 (A heap-based buffer over-read 
vulnerability was found in the X.o
        [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be 
running as root)
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b
        NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
-CVE-2024-27983
+CVE-2024-27983 (An attacker can make the Node.js HTTP/2 server completely 
unavailable  ...)
        - nodejs 18.20.1+dfsg-1 (bug #1068347)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
 CVE-2024-27982



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9d4ef9e4c2f4e5bae98c8083b3eca598f1a8c4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9d4ef9e4c2f4e5bae98c8083b3eca598f1a8c4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to