[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 13 Aug 2023 13:12:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0de458a1 by security tracker role at 2023-08-13T20:12:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2023-39406 (Permission control vulnerability in the XLayout component. 
Successful  ...)
+       TODO: check
+CVE-2023-39405 (Vulnerability of out-of-bounds parameter read/write in the 
Wi-Fi modul ...)
+       TODO: check
+CVE-2023-39404 (Vulnerability of input parameter verification in certain APIs 
in the w ...)
+       TODO: check
+CVE-2023-39403 (Parameter verification vulnerability in the installd module. 
Successfu ...)
+       TODO: check
+CVE-2023-39402 (Parameter verification vulnerability in the installd module. 
Successfu ...)
+       TODO: check
+CVE-2023-39401 (Parameter verification vulnerability in the installd module. 
Successfu ...)
+       TODO: check
+CVE-2023-39400 (Parameter verification vulnerability in the installd module. 
Successfu ...)
+       TODO: check
+CVE-2023-39399 (Parameter verification vulnerability in the installd module. 
Successfu ...)
+       TODO: check
+CVE-2023-39398 (Parameter verification vulnerability in the installd module. 
Successfu ...)
+       TODO: check
+CVE-2023-39397 (Input parameter verification vulnerability in the 
communication system ...)
+       TODO: check
+CVE-2023-39396 (Deserialization vulnerability in the input module. Successful 
exploita ...)
+       TODO: check
+CVE-2023-39395 (Mismatch vulnerability in the serialization process in the 
communicati ...)
+       TODO: check
+CVE-2023-39394 (Vulnerability of API privilege escalation in the wifienhance 
module. S ...)
+       TODO: check
+CVE-2023-39393 (Vulnerability of insecure signatures in the 
ServiceWifiResources modul ...)
+       TODO: check
+CVE-2023-39392 (Vulnerability of insecure signatures in the OsuLogin module. 
Successfu ...)
+       TODO: check
+CVE-2023-39391 (Vulnerability of system file information leakage in the USB 
Service mo ...)
+       TODO: check
+CVE-2023-39390 (Vulnerability of input parameter verification in certain APIs 
in the w ...)
+       TODO: check
+CVE-2023-39389 (Vulnerability of input parameters being not strictly verified 
in the P ...)
+       TODO: check
+CVE-2023-39388 (Vulnerability of input parameters being not strictly verified 
in the P ...)
+       TODO: check
+CVE-2023-39387 (Vulnerability of permission control in the window management 
module. S ...)
+       TODO: check
+CVE-2023-39386 (Vulnerability of input parameters being not strictly verified 
in the P ...)
+       TODO: check
+CVE-2023-39385 (Vulnerability of configuration defects in the media module of 
certain  ...)
+       TODO: check
+CVE-2023-39384 (Vulnerability of incomplete permission verification in the 
input metho ...)
+       TODO: check
+CVE-2023-39383 (Vulnerability of input parameters being not strictly verified 
in the A ...)
+       TODO: check
+CVE-2023-39382 (Input verification vulnerability in the audio module. 
Successful explo ...)
+       TODO: check
+CVE-2023-39381 (Input verification vulnerability in the storage module. 
Successful exp ...)
+       TODO: check
+CVE-2023-39380 (Permission control vulnerability in the audio module. 
Successful explo ...)
+       TODO: check
+CVE-2021-46895 (Vulnerability of defects introduced in the design process in 
the Multi ...)
+       TODO: check
 CVE-2023-4265 (Potential buffer overflow vulnerabilities in the following 
locations:  ...)
        NOT-FOR-US: zephyr-rtos
 CVE-2023-4293 (The Premium Packages - Sell Digital Products Securely plugin 
for WordP ...)
@@ -4922,6 +4978,7 @@ CVE-2023-34318 (A heap buffer overflow vulnerability was 
found in sox, in the st
 CVE-2023-34316 (An attacker could bypass the latest Delta Electronics 
InfraSuite Devic ...)
        NOT-FOR-US: Delta Electronics InfraSuite Device Master
 CVE-2023-32627 (A floating point exception vulnerability was found in sox, in 
the read ...)
+       {DLA-3527-1}
        - sox <unfixed> (bug #1041112)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212282
        NOTE: https://sourceforge.net/p/sox/bugs/369/
@@ -12243,7 +12300,7 @@ CVE-2023-2257 (Authentication Bypass in Hub Business 
integration in Devolutions
 CVE-2023-2256 (The Product Addons & Fields for WooCommerce WordPress plugin 
before 32 ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-2255 (Improper access control in editor components of The Document 
Foundatio ...)
-       {DSA-5415-1}
+       {DSA-5415-1 DLA-3526-1}
        - libreoffice 4:7.4.5-3
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
 CVE-2023-2254
@@ -26781,7 +26838,7 @@ CVE-2023-0952 (Improper access controls on entries in 
Devolutions Server  2022.3
 CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions 
Server 2 ...)
        NOT-FOR-US: Devolutions Server
 CVE-2023-0950 (Improper Validation of Array Index vulnerability in the 
spreadsheet co ...)
-       {DSA-5415-1}
+       {DSA-5415-1 DLA-3526-1}
        - libreoffice 4:7.4.5-3
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/
 CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
modoboa/mo ...)
@@ -70465,6 +70522,7 @@ CVE-2022-38747
 CVE-2022-38746
        RESERVED
 CVE-2022-38745 (Apache OpenOffice versions before 4.1.14 may be configured to 
add an e ...)
+       {DLA-3526-1}
        - libreoffice 1:7.3.1-1
        [bullseye] - libreoffice 1:7.0.4-4+deb11u6
        NOTE: 
https://cgit.freedesktop.org/libreoffice/core/commit/?id=5e8f64e50f97d39e83a3358697be14db03566878
@@ -141393,7 +141451,7 @@ CVE-2021-40008 (There is a memory leak vulnerability 
in CloudEngine 12800 V200R0
        NOT-FOR-US: Huawei
 CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD 
V100R005C10SP ...)
        NOT-FOR-US: Huawei
-CVE-2021-40006 (The fingerprint module has a security risk of brute force 
cracking. Su ...)
+CVE-2021-40006 (Vulnerability of design defects in the security algorithm 
component. S ...)
        NOT-FOR-US: Huawei
 CVE-2021-40005 (The distributed data service component has a vulnerability in 
data acc ...)
        NOT-FOR-US: Huawei



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0de458a16578bb5f589cacca0d04485e3dfd331f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0de458a16578bb5f589cacca0d04485e3dfd331f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to