[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Aug 13 21:12:35 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0de458a1 by security tracker role at 2023-08-13T20:12:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2023-39406 (Permission control vulnerability in the XLayout component. Successful  ...)
+	TODO: check
+CVE-2023-39405 (Vulnerability of out-of-bounds parameter read/write in the Wi-Fi modul ...)
+	TODO: check
+CVE-2023-39404 (Vulnerability of input parameter verification in certain APIs in the w ...)
+	TODO: check
+CVE-2023-39403 (Parameter verification vulnerability in the installd module. Successfu ...)
+	TODO: check
+CVE-2023-39402 (Parameter verification vulnerability in the installd module. Successfu ...)
+	TODO: check
+CVE-2023-39401 (Parameter verification vulnerability in the installd module. Successfu ...)
+	TODO: check
+CVE-2023-39400 (Parameter verification vulnerability in the installd module. Successfu ...)
+	TODO: check
+CVE-2023-39399 (Parameter verification vulnerability in the installd module. Successfu ...)
+	TODO: check
+CVE-2023-39398 (Parameter verification vulnerability in the installd module. Successfu ...)
+	TODO: check
+CVE-2023-39397 (Input parameter verification vulnerability in the communication system ...)
+	TODO: check
+CVE-2023-39396 (Deserialization vulnerability in the input module. Successful exploita ...)
+	TODO: check
+CVE-2023-39395 (Mismatch vulnerability in the serialization process in the communicati ...)
+	TODO: check
+CVE-2023-39394 (Vulnerability of API privilege escalation in the wifienhance module. S ...)
+	TODO: check
+CVE-2023-39393 (Vulnerability of insecure signatures in the ServiceWifiResources modul ...)
+	TODO: check
+CVE-2023-39392 (Vulnerability of insecure signatures in the OsuLogin module. Successfu ...)
+	TODO: check
+CVE-2023-39391 (Vulnerability of system file information leakage in the USB Service mo ...)
+	TODO: check
+CVE-2023-39390 (Vulnerability of input parameter verification in certain APIs in the w ...)
+	TODO: check
+CVE-2023-39389 (Vulnerability of input parameters being not strictly verified in the P ...)
+	TODO: check
+CVE-2023-39388 (Vulnerability of input parameters being not strictly verified in the P ...)
+	TODO: check
+CVE-2023-39387 (Vulnerability of permission control in the window management module. S ...)
+	TODO: check
+CVE-2023-39386 (Vulnerability of input parameters being not strictly verified in the P ...)
+	TODO: check
+CVE-2023-39385 (Vulnerability of configuration defects in the media module of certain  ...)
+	TODO: check
+CVE-2023-39384 (Vulnerability of incomplete permission verification in the input metho ...)
+	TODO: check
+CVE-2023-39383 (Vulnerability of input parameters being not strictly verified in the A ...)
+	TODO: check
+CVE-2023-39382 (Input verification vulnerability in the audio module. Successful explo ...)
+	TODO: check
+CVE-2023-39381 (Input verification vulnerability in the storage module. Successful exp ...)
+	TODO: check
+CVE-2023-39380 (Permission control vulnerability in the audio module. Successful explo ...)
+	TODO: check
+CVE-2021-46895 (Vulnerability of defects introduced in the design process in the Multi ...)
+	TODO: check
 CVE-2023-4265 (Potential buffer overflow vulnerabilities in the following locations:  ...)
 	NOT-FOR-US: zephyr-rtos
 CVE-2023-4293 (The Premium Packages - Sell Digital Products Securely plugin for WordP ...)
@@ -4922,6 +4978,7 @@ CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the st
 CVE-2023-34316 (An attacker could bypass the latest Delta Electronics InfraSuite Devic ...)
 	NOT-FOR-US: Delta Electronics InfraSuite Device Master
 CVE-2023-32627 (A floating point exception vulnerability was found in sox, in the read ...)
+	{DLA-3527-1}
 	- sox <unfixed> (bug #1041112)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212282
 	NOTE: https://sourceforge.net/p/sox/bugs/369/
@@ -12243,7 +12300,7 @@ CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions
 CVE-2023-2256 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2255 (Improper access control in editor components of The Document Foundatio ...)
-	{DSA-5415-1}
+	{DSA-5415-1 DLA-3526-1}
 	- libreoffice 4:7.4.5-3
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
 CVE-2023-2254
@@ -26781,7 +26838,7 @@ CVE-2023-0952 (Improper access controls on entries in Devolutions Server  2022.3
 CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions Server 2 ...)
 	NOT-FOR-US: Devolutions Server
 CVE-2023-0950 (Improper Validation of Array Index vulnerability in the spreadsheet co ...)
-	{DSA-5415-1}
+	{DSA-5415-1 DLA-3526-1}
 	- libreoffice 4:7.4.5-3
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/
 CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/mo ...)
@@ -70465,6 +70522,7 @@ CVE-2022-38747
 CVE-2022-38746
 	RESERVED
 CVE-2022-38745 (Apache OpenOffice versions before 4.1.14 may be configured to add an e ...)
+	{DLA-3526-1}
 	- libreoffice 1:7.3.1-1
 	[bullseye] - libreoffice 1:7.0.4-4+deb11u6
 	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=5e8f64e50f97d39e83a3358697be14db03566878
@@ -141393,7 +141451,7 @@ CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800 V200R0
 	NOT-FOR-US: Huawei
 CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD V100R005C10SP ...)
 	NOT-FOR-US: Huawei
-CVE-2021-40006 (The fingerprint module has a security risk of brute force cracking. Su ...)
+CVE-2021-40006 (Vulnerability of design defects in the security algorithm component. S ...)
 	NOT-FOR-US: Huawei
 CVE-2021-40005 (The distributed data service component has a vulnerability in data acc ...)
 	NOT-FOR-US: Huawei



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0de458a16578bb5f589cacca0d04485e3dfd331f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0de458a16578bb5f589cacca0d04485e3dfd331f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230813/a0a31e11/attachment.htm>

More information about the debian-security-tracker-commits mailing list