[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 9 09:12:29 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e740c12a by security tracker role at 2023-08-09T08:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-4243 (The FULL - Customer plugin for WordPress is vulnerable to Arbitrary Fi ...)
+	TODO: check
+CVE-2023-4242 (The FULL - Customer plugin for WordPress is vulnerable to Information  ...)
+	TODO: check
+CVE-2023-4239 (The Real Estate Manager plugin for WordPress is vulnerable to privileg ...)
+	TODO: check
+CVE-2023-3632 (Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Educati ...)
+	TODO: check
+CVE-2023-39951 (OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrum ...)
+	TODO: check
+CVE-2023-39910 (The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin ...)
+	TODO: check
+CVE-2023-39341 ("FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM pro ...)
+	TODO: check
+CVE-2023-39214 (Exposure of sensitive information in Zoom Client SDK's before 5.15.5 m ...)
+	TODO: check
+CVE-2023-39213 (Improper neutralization of special elements in Zoom Desktop Client for ...)
+	TODO: check
+CVE-2023-39212 (Untrusted search path in Zoom Rooms for Windows before version 5.15.5  ...)
+	TODO: check
+CVE-2023-39211 (Improper privilege management in Zoom Desktop Client for Windows and Z ...)
+	TODO: check
+CVE-2023-39210 (Cleartext storage of sensitive information in Zoom Client SDK for Wind ...)
+	TODO: check
+CVE-2023-39209 (Improper input validation in Zoom Desktop Client for Windows before 5. ...)
+	TODO: check
+CVE-2023-38752 (Improper authorization vulnerability in Special Interest Group Network ...)
+	TODO: check
+CVE-2023-38751 (Improper authorization vulnerability in Special Interest Group Network ...)
+	TODO: check
+CVE-2023-38209 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) ...)
+	TODO: check
+CVE-2023-38208 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) ...)
+	TODO: check
+CVE-2023-38207 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) ...)
+	TODO: check
+CVE-2023-37864 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
+	TODO: check
+CVE-2023-37863 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
+	TODO: check
+CVE-2023-37862 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
+	TODO: check
+CVE-2023-37861 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
+	TODO: check
+CVE-2023-37860 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
+	TODO: check
+CVE-2023-37859 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
+	TODO: check
+CVE-2023-37858 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
+	TODO: check
+CVE-2023-37857 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
+	TODO: check
+CVE-2023-37856 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
+	TODO: check
+CVE-2023-37855 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
+	TODO: check
+CVE-2023-33934 (Improper Input Validation vulnerability in Apache Software Foundation  ...)
+	TODO: check
+CVE-2023-2905 (Due to a failure in validating the length of a provided MQTT_CMD_PUBLI ...)
+	TODO: check
 CVE-2023-4219 (A vulnerability was found in SourceCodester Doctors Appointment System ...)
 	NOT-FOR-US: SourceCodester Doctors Appointment System
 CVE-2023-4203 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
@@ -5342,6 +5402,7 @@ CVE-2023-34487 (itsourcecode Online Hotel Management System Project In PHP v1.0.
 CVE-2023-34486 (itsourcecode Online Hotel Management System Project In PHP v1.0.0 is v ...)
 	NOT-FOR-US: itsourcecode Online Hotel Management System Project
 CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated users with access to the Or ...)
+	{DSA-5473-1}
 	- orthanc 1.12.1+dfsg-1 (bug #1040597)
 	[buster] - orthanc <no-dsa> (Requires new configuration variable)
 	NOTE: https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568
@@ -26168,8 +26229,8 @@ CVE-2023-26312
 	RESERVED
 CVE-2023-26311
 	RESERVED
-CVE-2023-26310
-	RESERVED
+CVE-2023-26310 (There is a command injection problem in the old version of the mobile  ...)
+	TODO: check
 CVE-2023-26309
 	RESERVED
 CVE-2023-26308
@@ -31979,8 +32040,8 @@ CVE-2023-24483 (A vulnerability has been identified that, if exploited, could re
 	NOT-FOR-US: Citrix
 CVE-2023-24482 (A vulnerability has been identified in COMOS V10.2 (All versions), COM ...)
 	NOT-FOR-US: Siemens
-CVE-2023-24477
-	RESERVED
+CVE-2023-24477 (In certain conditions, depending on timing and the usage of the Chrome ...)
+	TODO: check
 CVE-2023-24471
 	RESERVED
 CVE-2023-24015
@@ -31991,8 +32052,8 @@ CVE-2023-23574
 	RESERVED
 CVE-2023-22843
 	RESERVED
-CVE-2023-22378
-	RESERVED
+CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...)
+	TODO: check
 CVE-2023-0479
 	RESERVED
 CVE-2023-0478
@@ -43423,8 +43484,8 @@ CVE-2022-47187
 	RESERVED
 CVE-2022-47186
 	RESERVED
-CVE-2022-47185
-	RESERVED
+CVE-2022-47185 (Improper input validation vulnerability on the range header in Apache  ...)
+	TODO: check
 CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	{DSA-5435-1 DLA-3475-1}
 	- trafficserver 9.2.1+ds-1 (bug #1038248)
@@ -336552,6 +336613,7 @@ CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5
 	NOTE: fix in develop branch: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f
 	NOTE: Negligible security impact
 CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
+	{DLA-3522-1}
 	- hdf5 1.10.6+repack-2 (low)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -336571,6 +336633,7 @@ CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c
 	NOTE: Negligible security impact
 	NOTE: Fixed for 1.10.x in 1.10.7: https://forum.hdfgroup.org/t/release-of-hdf5-1-10-7-newsletter-175-the-hdf-group/7511
 CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...)
+	{DLA-3522-1}
 	- hdf5 1.10.6+repack-2 (low)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -337013,6 +337076,7 @@ CVE-2018-17239
 CVE-2018-17238
 	RESERVED
 CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_real() o ...)
+	{DLA-3522-1}
 	- hdf5 1.10.6+repack-2 (low)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -337031,6 +337095,7 @@ CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp
 	[jessie] - mp4v2 <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
 CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in  ...)
+	{DLA-3522-1}
 	- hdf5 1.10.6+repack-2 (low)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -337039,6 +337104,7 @@ CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache
 	NOTE: does not appear in 1.10.5 release notes, but fixed in
 	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f4138013dbc6851e968ea3d37b32776538ef306b
 CVE-2018-17233 (A SIGFPE signal is raised in the function H5D__create_chunk_file_map_h ...)
+	{DLA-3522-1}
 	- hdf5 1.10.6+repack-2 (low)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -353333,6 +353399,7 @@ CVE-2018-11207 (A division by zero was discovered in H5D__chunk_init in H5Dchunk
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10481
 	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/d0362ce438aef8ad690d5b084d929403c9877107
 CVE-2018-11206 (An out of bounds read was discovered in H5O_fill_new_decode and H5O_fi ...)
+	{DLA-3522-1}
 	- hdf5 1.10.8+repack-1 (low)
 	[bullseye] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e740c12a4d5ea065987146692b5cbf376328185e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e740c12a4d5ea065987146692b5cbf376328185e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230809/41d310cb/attachment.htm>

More information about the debian-security-tracker-commits mailing list