[Git][security-tracker-team/security-tracker][master] automatic update

Wed, 09 Aug 2023 01:12:42 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e740c12a by security tracker role at 2023-08-09T08:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-4243 (The FULL - Customer plugin for WordPress is vulnerable to 
Arbitrary Fi ...)
+       TODO: check
+CVE-2023-4242 (The FULL - Customer plugin for WordPress is vulnerable to 
Information  ...)
+       TODO: check
+CVE-2023-4239 (The Real Estate Manager plugin for WordPress is vulnerable to 
privileg ...)
+       TODO: check
+CVE-2023-3632 (Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes 
Educati ...)
+       TODO: check
+CVE-2023-39951 (OpenTelemetry Java Instrumentation provides OpenTelemetry 
auto-instrum ...)
+       TODO: check
+CVE-2023-39910 (The cryptocurrency wallet entropy seeding mechanism used in 
Libbitcoin ...)
+       TODO: check
+CVE-2023-39341 ("FFRI yarai", "FFRI yarai Home and Business Edition" and their 
OEM pro ...)
+       TODO: check
+CVE-2023-39214 (Exposure of sensitive information in Zoom Client SDK's before 
5.15.5 m ...)
+       TODO: check
+CVE-2023-39213 (Improper neutralization of special elements in Zoom Desktop 
Client for ...)
+       TODO: check
+CVE-2023-39212 (Untrusted search path in Zoom Rooms for Windows before version 
5.15.5  ...)
+       TODO: check
+CVE-2023-39211 (Improper privilege management in Zoom Desktop Client for 
Windows and Z ...)
+       TODO: check
+CVE-2023-39210 (Cleartext storage of sensitive information in Zoom Client SDK 
for Wind ...)
+       TODO: check
+CVE-2023-39209 (Improper input validation in Zoom Desktop Client for Windows 
before 5. ...)
+       TODO: check
+CVE-2023-38752 (Improper authorization vulnerability in Special Interest Group 
Network ...)
+       TODO: check
+CVE-2023-38751 (Improper authorization vulnerability in Special Interest Group 
Network ...)
+       TODO: check
+CVE-2023-38209 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and 
earlier) ...)
+       TODO: check
+CVE-2023-38208 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and 
earlier) ...)
+       TODO: check
+CVE-2023-38207 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and 
earlier) ...)
+       TODO: check
+CVE-2023-37864 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
+       TODO: check
+CVE-2023-37863 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
+       TODO: check
+CVE-2023-37862 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
+       TODO: check
+CVE-2023-37861 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
+       TODO: check
+CVE-2023-37860 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
+       TODO: check
+CVE-2023-37859 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
+       TODO: check
+CVE-2023-37858 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
+       TODO: check
+CVE-2023-37857 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
+       TODO: check
+CVE-2023-37856 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
+       TODO: check
+CVE-2023-37855 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
+       TODO: check
+CVE-2023-33934 (Improper Input Validation vulnerability in Apache Software 
Foundation  ...)
+       TODO: check
+CVE-2023-2905 (Due to a failure in validating the length of a provided 
MQTT_CMD_PUBLI ...)
+       TODO: check
 CVE-2023-4219 (A vulnerability was found in SourceCodester Doctors Appointment 
System ...)
        NOT-FOR-US: SourceCodester Doctors Appointment System
 CVE-2023-4203 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are 
affect ...)
@@ -5342,6 +5402,7 @@ CVE-2023-34487 (itsourcecode Online Hotel Management 
System Project In PHP v1.0.
 CVE-2023-34486 (itsourcecode Online Hotel Management System Project In PHP 
v1.0.0 is v ...)
        NOT-FOR-US: itsourcecode Online Hotel Management System Project
 CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated users with access 
to the Or ...)
+       {DSA-5473-1}
        - orthanc 1.12.1+dfsg-1 (bug #1040597)
        [buster] - orthanc <no-dsa> (Requires new configuration variable)
        NOTE: 
https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568
@@ -26168,8 +26229,8 @@ CVE-2023-26312
        RESERVED
 CVE-2023-26311
        RESERVED
-CVE-2023-26310
-       RESERVED
+CVE-2023-26310 (There is a command injection problem in the old version of the 
mobile  ...)
+       TODO: check
 CVE-2023-26309
        RESERVED
 CVE-2023-26308
@@ -31979,8 +32040,8 @@ CVE-2023-24483 (A vulnerability has been identified 
that, if exploited, could re
        NOT-FOR-US: Citrix
 CVE-2023-24482 (A vulnerability has been identified in COMOS V10.2 (All 
versions), COM ...)
        NOT-FOR-US: Siemens
-CVE-2023-24477
-       RESERVED
+CVE-2023-24477 (In certain conditions, depending on timing and the usage of 
the Chrome ...)
+       TODO: check
 CVE-2023-24471
        RESERVED
 CVE-2023-24015
@@ -31991,8 +32052,8 @@ CVE-2023-23574
        RESERVED
 CVE-2023-22843
        RESERVED
-CVE-2023-22378
-       RESERVED
+CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks 
Guardian and CM ...)
+       TODO: check
 CVE-2023-0479
        RESERVED
 CVE-2023-0478
@@ -43423,8 +43484,8 @@ CVE-2022-47187
        RESERVED
 CVE-2022-47186
        RESERVED
-CVE-2022-47185
-       RESERVED
+CVE-2022-47185 (Improper input validation vulnerability on the range header in 
Apache  ...)
+       TODO: check
 CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        {DSA-5435-1 DLA-3475-1}
        - trafficserver 9.2.1+ds-1 (bug #1038248)
@@ -336552,6 +336613,7 @@ CVE-2018-17438 (A SIGFPE signal is raised in the 
function H5D__select_io() of H5
        NOTE: fix in develop branch: 
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f
        NOTE: Negligible security impact
 CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in 
H5Odtype.c in ...)
+       {DLA-3522-1}
        - hdf5 1.10.6+repack-2 (low)
        [stretch] - hdf5 <no-dsa> (Minor issue)
        [jessie] - hdf5 <ignored> (Minor issue)
@@ -336571,6 +336633,7 @@ CVE-2018-17435 (A heap-based buffer over-read in 
H5O_attr_decode() in H5Oattr.c
        NOTE: Negligible security impact
        NOTE: Fixed for 1.10.x in 1.10.7: 
https://forum.hdfgroup.org/t/release-of-hdf5-1-10-7-newsletter-175-the-hdf-group/7511
 CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of 
h5repack_ ...)
+       {DLA-3522-1}
        - hdf5 1.10.6+repack-2 (low)
        [stretch] - hdf5 <no-dsa> (Minor issue)
        [jessie] - hdf5 <ignored> (Minor issue)
@@ -337013,6 +337076,7 @@ CVE-2018-17239
 CVE-2018-17238
        RESERVED
 CVE-2018-17237 (A SIGFPE signal is raised in the function 
H5D__chunk_set_info_real() o ...)
+       {DLA-3522-1}
        - hdf5 1.10.6+repack-2 (low)
        [stretch] - hdf5 <no-dsa> (Minor issue)
        [jessie] - hdf5 <ignored> (Minor issue)
@@ -337031,6 +337095,7 @@ CVE-2018-17235 (The function 
mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp
        [jessie] - mp4v2 <ignored> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
 CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in 
H5Ocache.c in  ...)
+       {DLA-3522-1}
        - hdf5 1.10.6+repack-2 (low)
        [stretch] - hdf5 <no-dsa> (Minor issue)
        [jessie] - hdf5 <ignored> (Minor issue)
@@ -337039,6 +337104,7 @@ CVE-2018-17234 (Memory leak in the 
H5O__chunk_deserialize() function in H5Ocache
        NOTE: does not appear in 1.10.5 release notes, but fixed in
        NOTE: 
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f4138013dbc6851e968ea3d37b32776538ef306b
 CVE-2018-17233 (A SIGFPE signal is raised in the function 
H5D__create_chunk_file_map_h ...)
+       {DLA-3522-1}
        - hdf5 1.10.6+repack-2 (low)
        [stretch] - hdf5 <no-dsa> (Minor issue)
        [jessie] - hdf5 <ignored> (Minor issue)
@@ -353333,6 +353399,7 @@ CVE-2018-11207 (A division by zero was discovered in 
H5D__chunk_init in H5Dchunk
        NOTE: https://jira.hdfgroup.org/browse/HDFFV-10481
        NOTE: 
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/d0362ce438aef8ad690d5b084d929403c9877107
 CVE-2018-11206 (An out of bounds read was discovered in H5O_fill_new_decode 
and H5O_fi ...)
+       {DLA-3522-1}
        - hdf5 1.10.8+repack-1 (low)
        [bullseye] - hdf5 <no-dsa> (Minor issue)
        [stretch] - hdf5 <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e740c12a4d5ea065987146692b5cbf376328185e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e740c12a4d5ea065987146692b5cbf376328185e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to