Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
00a4ba72 by security tracker role at 2024-08-13T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,313 @@
+CVE-2024-7746 (Use of Default Credentials vulnerability in Tananaev Solutions
Traccar ...)
+ TODO: check
+CVE-2024-7741 (A vulnerability was found in wanglongcn ltcms 1.0.20 and
classified as ...)
+ TODO: check
+CVE-2024-7740 (A vulnerability has been found in wanglongcn ltcms 1.0.20 and
classifi ...)
+ TODO: check
+CVE-2024-7739 (A vulnerability, which was classified as problematic, was found
in yza ...)
+ TODO: check
+CVE-2024-7738 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-7733 (A vulnerability, which was classified as problematic, was found
in Fas ...)
+ TODO: check
+CVE-2024-7593 (Incorrect implementation of an authentication algorithm in
Ivanti vTM ...)
+ TODO: check
+CVE-2024-7570 (Improper certificate validation in Ivanti ITSM on-prem and
Neurons for ...)
+ TODO: check
+CVE-2024-7569 (An information disclosure vulnerability in Ivanti ITSM on-prem
and Neu ...)
+ TODO: check
+CVE-2024-7567 (A denial-of-service vulnerability exists via the CIP/Modbus
port in th ...)
+ TODO: check
+CVE-2024-7113 (If exploited, this vulnerability could cause a SuiteLink server
to con ...)
+ TODO: check
+CVE-2024-6788 (A remote unauthenticated attacker can use the firmware update
feature ...)
+ TODO: check
+CVE-2024-6619 (In Ocean Data Systems Dream Report, an incorrect permission
vulnerabil ...)
+ TODO: check
+CVE-2024-6618 (In Ocean Data Systems Dream Report, a path traversal
vulnerability cou ...)
+ TODO: check
+CVE-2024-6384 ("Hot" backup files may be downloaded by underprivileged users,
if they ...)
+ TODO: check
+CVE-2024-6079 (A vulnerability exists in the Rockwell Automation
Emulate3D\u2122,whic ...)
+ TODO: check
+CVE-2024-5849 (An unauthenticated remote attacker may use a reflected XSS
vulnerabili ...)
+ TODO: check
+CVE-2024-43165 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43160 (Unrestricted Upload of File with Dangerous Type vulnerability
in BerqW ...)
+ TODO: check
+CVE-2024-43153 (Improper Privilege Management vulnerability in WofficeIO
Woffice allow ...)
+ TODO: check
+CVE-2024-43141 (Deserialization of Untrusted Data vulnerability in Roland
Barker, xnau ...)
+ TODO: check
+CVE-2024-43140 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43138 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43135 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43131 (Incorrect Authorization vulnerability in WPWeb Docket
(WooCommerce Col ...)
+ TODO: check
+CVE-2024-43129 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43128 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-43121 (Improper Privilege Management vulnerability in realmag777
HUSKY allows ...)
+ TODO: check
+CVE-2024-42740 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file
/cgi-bin/cstecgi. ...)
+ TODO: check
+CVE-2024-42739 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file
/cgi-bin/cstecgi. ...)
+ TODO: check
+CVE-2024-42738 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file
/cgi-bin/cstecgi. ...)
+ TODO: check
+CVE-2024-42737 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file
/cgi-bin/cstecgi. ...)
+ TODO: check
+CVE-2024-42736 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file
/cgi-bin/cstecgi. ...)
+ TODO: check
+CVE-2024-42368 (OpenTelemetry, also known as OTel, is a vendor-neutral open
source Obs ...)
+ TODO: check
+CVE-2024-41774 (IBM Common Licensing 9.0 is vulnerable to stored cross-site
scripting. ...)
+ TODO: check
+CVE-2024-41711 (A vulnerability in the Mitel 6800 Series, 6900 Series, and
6900w Serie ...)
+ TODO: check
+CVE-2024-41623 (An issue in D3D Security D3D IP Camera (D8801)
v.V9.1.17.1.4-20180428 ...)
+ TODO: check
+CVE-2024-41614 (symphonycms <=2.7.10 is vulnerable to Cross Site Scripting
(XSS) in th ...)
+ TODO: check
+CVE-2024-41613 (A Cross Site Scripting (XSS) vulnerability in Symphony CMS
2.7.10 allo ...)
+ TODO: check
+CVE-2024-40697 (IBM Common Licensing 9.0 does not require that users should
have stron ...)
+ TODO: check
+CVE-2024-3913 (An unauthenticated remote attacker can use this vulnerability
to chang ...)
+ TODO: check
+CVE-2024-39651 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-39642 (Authorization Bypass Through User-Controlled Key vulnerability
in Thim ...)
+ TODO: check
+CVE-2024-38787 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-38760 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-38756 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-38752 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-38749 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-38747 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-38742 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-38724 (Cross-Site Request Forgery (CSRF), Improper Neutralization of
Input Du ...)
+ TODO: check
+CVE-2024-38699 (Missing Authorization vulnerability in WP Swings Wallet System
for Woo ...)
+ TODO: check
+CVE-2024-38688 (Missing Authorization vulnerability in Igor Beni\u0107 Recipe
Maker Fo ...)
+ TODO: check
+CVE-2024-38502 (An unauthenticated remote attacker may use stored XSS
vulnerability to ...)
+ TODO: check
+CVE-2024-38501 (An unauthenticated remote attacker may use a HTML injection
vulnerabil ...)
+ TODO: check
+CVE-2024-38223 (Windows Initial Machine Configuration Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2024-38215 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
+ TODO: check
+CVE-2024-38214 (Windows Routing and Remote Access Service (RRAS) Information
Disclosur ...)
+ TODO: check
+CVE-2024-38213 (Windows Mark of the Web Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38211 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
+ TODO: check
+CVE-2024-38201 (Azure Stack Hub Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38199 (Windows Line Printer Daemon (LPD) Service Remote Code
Execution Vulner ...)
+ TODO: check
+CVE-2024-38198 (Windows Print Spooler Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38197 (Microsoft Teams for iOS Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38196 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2024-38195 (Azure CycleCloud Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38193 (Windows Ancillary Function Driver for WinSock Elevation of
Privilege V ...)
+ TODO: check
+CVE-2024-38191 (Kernel Streaming Service Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38189 (Microsoft Project Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38187 (Windows Kernel-Mode Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38186 (Windows Kernel-Mode Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38185 (Windows Kernel-Mode Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38184 (Windows Kernel-Mode Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38180 (Windows SmartScreen Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38178 (Scripting Engine Memory Corruption Vulnerability)
+ TODO: check
+CVE-2024-38177 (Windows App Installer Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38173 (Microsoft Outlook Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38172 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38171 (Microsoft PowerPoint Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38170 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38169 (Microsoft Office Visio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38168 (.NET and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38167 (.NET and Visual Studio Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38165 (Windows Compressed Folder Tampering Vulnerability)
+ TODO: check
+CVE-2024-38162 (Azure Connected Machine Agent Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38161 (Windows Mobile Broadband Driver Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-38160 (Windows Network Virtualization Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-38159 (Windows Network Virtualization Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-38158 (Azure IoT SDK Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38157 (Azure IoT SDK Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38155 (Security Center Broker Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38154 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-38153 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38152 (Windows OLE Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38151 (Windows Kernel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38150 (Windows DWM Core Library Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38148 (Windows Secure Channel Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38147 (Microsoft DWM Core Library Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38146 (Windows Layer-2 Bridge Network Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-38145 (Windows Layer-2 Bridge Network Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-38144 (Kernel Streaming WOW Thunk Service Driver Elevation of
Privilege Vulne ...)
+ TODO: check
+CVE-2024-38143 (Windows WLAN AutoConfig Service Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38142 (Windows Secure Kernel Mode Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38141 (Windows Ancillary Function Driver for WinSock Elevation of
Privilege V ...)
+ TODO: check
+CVE-2024-38140 (Windows Reliable Multicast Transport Driver (RMCAST) Remote
Code Execu ...)
+ TODO: check
+CVE-2024-38138 (Windows Deployment Services Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-38137 (Windows Resource Manager PSM Service Extension Elevation of
Privilege ...)
+ TODO: check
+CVE-2024-38136 (Windows Resource Manager PSM Service Extension Elevation of
Privilege ...)
+ TODO: check
+CVE-2024-38135 (Windows Resilient File System (ReFS) Elevation of Privilege
Vulnerabil ...)
+ TODO: check
+CVE-2024-38134 (Kernel Streaming WOW Thunk Service Driver Elevation of
Privilege Vulne ...)
+ TODO: check
+CVE-2024-38133 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38132 (Windows Network Address Translation (NAT) Denial of Service
Vulnerabil ...)
+ TODO: check
+CVE-2024-38131 (Clipboard Virtual Channel Extension Remote Code Execution
Vulnerabilit ...)
+ TODO: check
+CVE-2024-38130 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-38128 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-38127 (Windows Hyper-V Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38126 (Windows Network Address Translation (NAT) Denial of Service
Vulnerabil ...)
+ TODO: check
+CVE-2024-38125 (Kernel Streaming WOW Thunk Service Driver Elevation of
Privilege Vulne ...)
+ TODO: check
+CVE-2024-38123 (Windows Bluetooth Driver Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38122 (Microsoft Local Security Authority (LSA) Server Information
Disclosure ...)
+ TODO: check
+CVE-2024-38121 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-38120 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-38118 (Microsoft Local Security Authority (LSA) Server Information
Disclosure ...)
+ TODO: check
+CVE-2024-38117 (NTFS Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38116 (Windows IP Routing Management Snapin Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2024-38115 (Windows IP Routing Management Snapin Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2024-38114 (Windows IP Routing Management Snapin Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2024-38109 (An authenticated attacker can exploit an Server-Side Request
Forgery ( ...)
+ TODO: check
+CVE-2024-38108 (Azure Stack Hub Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38107 (Windows Power Dependency Coordinator Elevation of Privilege
Vulnerabil ...)
+ TODO: check
+CVE-2024-38106 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38098 (Azure Connected Machine Agent Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38084 (Microsoft OfficePlus Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38063 (Windows TCP/IP Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-37968 (Windows DNS Spoofing Vulnerability)
+ TODO: check
+CVE-2024-37935 (Missing Authorization vulnerability in anhvnit Woocommerce
OpenPos all ...)
+ TODO: check
+CVE-2024-37287 (A flaw allowing arbitrary code execution was discovered in
Kibana. An ...)
+ TODO: check
+CVE-2024-37015 (An issue was discovered in Ada Web Server 20.0. When
configured to use ...)
+ TODO: check
+CVE-2024-36505 (An improper access control vulnerability [CWE-284] in FortiOS
7.4.0 th ...)
+ TODO: check
+CVE-2024-36446 (The provisioning manager component of Mitel MiVoice MX-ONE
through 7.6 ...)
+ TODO: check
+CVE-2024-35124 (A vulnerability in the combination of the OpenBMC's FW1050.00
through ...)
+ TODO: check
+CVE-2024-2259 (This vulnerability exists in InstaRISPACS software due to
insufficient ...)
+ TODO: check
+CVE-2024-29995 (Windows Kerberos Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21981 (Improper key usage control in AMD Secure Processor (ASP) may
allow an ...)
+ TODO: check
+CVE-2024-21757 (A unverified password change in Fortinet FortiManager versions
7.0.0 t ...)
+ TODO: check
+CVE-2023-31366 (Improper input validation in AMD \u03bcProf could allow an
attacker to ...)
+ TODO: check
+CVE-2023-31356 (Incomplete system memory cleanup in SEV firmware could allow a
privile ...)
+ TODO: check
+CVE-2023-31349 (Incorrect default permissions in the AMD \u03bcProf
installation direc ...)
+ TODO: check
+CVE-2023-31348 (A DLL hijacking vulnerability in AMD \u03bcProf could allow an
attacke ...)
+ TODO: check
+CVE-2023-31341 (Insufficient validation of the Input Output Control (IOCTL)
input buff ...)
+ TODO: check
+CVE-2023-31339 (Improper input validation in ARM\xae Trusted Firmware used in
AMD\u201 ...)
+ TODO: check
+CVE-2023-31310 (Improper input validation in Power Management Firmware (PMFW)
may allo ...)
+ TODO: check
+CVE-2023-31307 (Improper validation of array index in Power Management
Firmware (PMFW) ...)
+ TODO: check
+CVE-2023-31305 (Generation of weak and predictable Initialization Vector (IV)
in PMFW ...)
+ TODO: check
+CVE-2023-31304 (Improper input validation in SMU may allow an attacker with
privileges ...)
+ TODO: check
CVE-2024-7715 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
D-Link DN ...)
NOT-FOR-US: D-Link
CVE-2024-7709 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -1716,16 +2026,16 @@ CVE-2024-6472 (Certificate Validation user interface in
LibreOffice allows poten
NOTE:
https://github.com/LibreOffice/core/commit/2587dbff640e2443f0800f9c1a865723500de1c5
(distro/mimo/7-0)
NOTE:
https://github.com/LibreOffice/core/commit/b8c9ba427e23e45ef782d6a144f4415cae3c9b13
(distro/mimo/6-2)
CVE-2024-42010 (mod_css_styles in Roundcube through 1.5.7 and 1.6.x through
1.6.7 insu ...)
- {DSA-5743-1}
+ {DSA-5743-2 DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE:
https://github.com/roundcube/roundcubemail/commit/602d0f566eb39b6dcb739ad78323ec434a3b92ce
CVE-2024-42009 (A Cross-Site Scripting vulnerability in Roundcube through
1.5.7 and 1. ...)
- {DSA-5743-1}
+ {DSA-5743-2 DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE:
https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
NOTE:
https://github.com/roundcube/roundcubemail/commit/68af7c864a36e1941764238dac440ab0d99a8d26
CVE-2024-42008 (A Cross-Site Scripting vulnerability in
rcmail_action_mail_get->run() ...)
- {DSA-5743-1}
+ {DSA-5743-2 DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE:
https://github.com/roundcube/roundcubemail/commit/89c8fe9ae9318c015807fbcbf7e39555fb30885d
NOTE: Regression/follow-up:
https://github.com/roundcube/roundcubemail/commit/32fed15346e5b842042e5dd1001d6878225c5367
@@ -113607,8 +113917,8 @@ CVE-2023-26213 (On Barracuda CloudGen WAN Private
Edge Gateway devices before 8
NOT-FOR-US: Barracuda
CVE-2023-26212
RESERVED
-CVE-2023-26211
- RESERVED
+CVE-2023-26211 (An improper neutralization of input during web page generation
('cross ...)
+ TODO: check
CVE-2023-26210 (Multiple improper neutralization of special elements used in
an os com ...)
NOT-FOR-US: Fortinet
CVE-2023-26209 (A improper restriction of excessive authentication attempts
vulnerabil ...)
@@ -134820,8 +135130,8 @@ CVE-2022-45864
RESERVED
CVE-2022-45863
RESERVED
-CVE-2022-45862
- RESERVED
+CVE-2022-45862 (An insufficient session expiration vulnerability [CWE-613]
vulnerabili ...)
+ TODO: check
CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in
the SSL ...)
NOT-FOR-US: Fortinet
CVE-2022-45860 (A weak authentication vulnerability [CWE-1390] in FortiNAC-F
version 7 ...)
@@ -141821,8 +142131,8 @@ CVE-2023-20592 (Improper or unexpected behavior of
the INVD instruction in some
[buster] - amd64-microcode 3.20230719.1~deb10u1
NOTE: https://cachewarpattack.com/
NOTE:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html
-CVE-2023-20591
- RESERVED
+CVE-2023-20591 (Improper re-initialization of IOMMU during the DRTM event may
permit a ...)
+ TODO: check
CVE-2023-20590
RESERVED
CVE-2023-20589 (An attacker with specialized hardware and physical access to
an impact ...)
@@ -141846,8 +142156,8 @@ CVE-2023-20586 (A potential vulnerability was
reported in Radeon\u2122 Software
NOT-FOR-US: AMD
CVE-2023-20585
RESERVED
-CVE-2023-20584
- RESERVED
+CVE-2023-20584 (IOMMU improperly handles certain special address ranges with
invalid d ...)
+ TODO: check
CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors
may all ...)
NOT-FOR-US: AMD
CVE-2023-20582
@@ -141858,8 +142168,8 @@ CVE-2023-20580
RESERVED
CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may
allow a ...)
NOT-FOR-US: AMD
-CVE-2023-20578
- RESERVED
+CVE-2023-20578 (A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an
attacker with ...)
+ TODO: check
CVE-2023-20577
NOT-FOR-US: AMD
CVE-2023-20576
@@ -141999,8 +142309,8 @@ CVE-2023-20520 (Improper access control settings in
ASP Bootloader may allow an
NOT-FOR-US: AMD
CVE-2023-20519 (A Use-After-Free vulnerability in the management of an SNP
guest conte ...)
NOT-FOR-US: AMD
-CVE-2023-20518
- RESERVED
+CVE-2023-20518 (Incomplete cleanup in the ASP may expose the Master Encryption
Key (ME ...)
+ TODO: check
CVE-2023-20517
RESERVED
CVE-2023-20516
@@ -142009,16 +142319,16 @@ CVE-2023-20515
RESERVED
CVE-2023-20514
RESERVED
-CVE-2023-20513
- RESERVED
-CVE-2023-20512
- RESERVED
+CVE-2023-20513 (An insufficient bounds check in PMFW (Power Management
Firmware) may a ...)
+ TODO: check
+CVE-2023-20512 (A hardcoded AES key in PMFW may result in a privileged
attacker gain ...)
+ TODO: check
CVE-2023-20511
RESERVED
-CVE-2023-20510
- RESERVED
-CVE-2023-20509
- RESERVED
+CVE-2023-20510 (An insufficient DRAM address validation in PMFW may allow a
privileged ...)
+ TODO: check
+CVE-2023-20509 (An insufficient DRAM address validation in PMFW may allow a
privileged ...)
+ TODO: check
CVE-2023-20508
RESERVED
CVE-2023-20507
@@ -187141,8 +187451,8 @@ CVE-2021-46774 (Insufficient DRAM address validation
in System Management Unit (
NOT-FOR-US: AMD
CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged
attacker ...)
NOT-FOR-US: AMD
-CVE-2021-46772
- RESERVED
+CVE-2021-46772 (Insufficient input validation in the ABL may allow a
privileged attack ...)
+ TODO: check
CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor
(ASP) fir ...)
NOT-FOR-US: AMD
CVE-2021-46770
@@ -187193,8 +187503,8 @@ CVE-2021-46748 (Insufficient bounds checking in the
ASP (AMD Secure Processor) m
NOT-FOR-US: AMD
CVE-2021-46747
RESERVED
-CVE-2021-46746
- RESERVED
+CVE-2021-46746 (Lack of stack protection exploit mechanisms in ASP Secure OS
Trusted E ...)
+ TODO: check
CVE-2021-46745
RESERVED
CVE-2021-46744 (An attacker with access to a malicious hypervisor may be able
to infer ...)
@@ -189537,8 +189847,8 @@ CVE-2022-27488 (A cross-site request forgery (CSRF)
in Fortinet FortiVoiceEnterp
NOT-FOR-US: FortiGuard
CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox
version 4.2.0 ...)
NOT-FOR-US: Fortinet
-CVE-2022-27486
- RESERVED
+CVE-2022-27486 (A improper neutralization of special elements used in an os
command (' ...)
+ TODO: check
CVE-2022-27485 (A improper neutralization of special elements used in an sql
command ( ...)
NOT-FOR-US: Fortinet
CVE-2022-27484 (A unverified password change in Fortinet FortiADC version
6.2.0 throug ...)
@@ -201367,12 +201677,12 @@ CVE-2022-23819
RESERVED
CVE-2022-23818 (Insufficient input validation on the model specific register:
VM_HSAVE ...)
NOT-FOR-US: AMD
-CVE-2022-23817
- RESERVED
+CVE-2022-23817 (Insufficient checking of memory buffer in ASP Secure OS may
allow an a ...)
+ TODO: check
CVE-2022-23816
REJECTED
-CVE-2022-23815
- RESERVED
+CVE-2022-23815 (Improper bounds checking in APCB firmware may allow an
attacker to per ...)
+ TODO: check
CVE-2022-23814 (Failure to validate addresses provided by software to BIOS
commands ma ...)
NOT-FOR-US: AMD
CVE-2022-23813 (The software interfaces to ASP and SMU may not enforce the SNP
memory ...)
@@ -263299,8 +263609,8 @@ CVE-2021-26389
RESERVED
CVE-2021-26388 (Improper validation of the BIOS directory may allow for
searches to re ...)
NOT-FOR-US: AMD
-CVE-2021-26387
- RESERVED
+CVE-2021-26387 (Insufficient access controls in ASP kernel may allow a
privileged atta ...)
+ TODO: check
CVE-2021-26386 (A malicious or compromised UApp or ABL may be used by an
attacker to i ...)
NOT-FOR-US: AMD
CVE-2021-26385
@@ -263339,8 +263649,8 @@ CVE-2021-26369 (A malicious or compromised UApp or
ABL may be used by an attacke
NOT-FOR-US: AMD
CVE-2021-26368 (Insufficient check of the process type in Trusted OS (TOS) may
allow a ...)
NOT-FOR-US: AMD
-CVE-2021-26367
- RESERVED
+CVE-2021-26367 (A malicious attacker in x86 can misconfigure the Trusted
Memory Region ...)
+ TODO: check
CVE-2021-26366 (An attacker, who gained elevated privileges via some other
vulnerabili ...)
NOT-FOR-US: AMD
CVE-2021-26365 (Certain size values in firmware binary headers could trigger
out of bo ...)
@@ -263386,8 +263696,8 @@ CVE-2021-26346 (Failure to validate the integer
operand in ASP (AMD Secure Proce
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031
CVE-2021-26345 (Failure to validate the value in APCB may allow a privileged
attacker ...)
NOT-FOR-US: AMD
-CVE-2021-26344
- RESERVED
+CVE-2021-26344 (An out of bounds memory write when processing the AMD PSP1
Configurati ...)
+ TODO: check
CVE-2021-26343 (Insufficient validation in ASP BIOS and DRTM commands may
allow malici ...)
NOT-FOR-US: AMD
CVE-2021-26342 (In SEV guest VMs, the CPU may fail to flush the Translation
Lookaside ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00a4ba725c779e84e1f3baf5bc967f491b96090c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00a4ba725c779e84e1f3baf5bc967f491b96090c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
