[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 17 Aug 2024 02:00:07 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dd59e8e6 by Salvatore Bonaccorso at 2024-08-17T10:59:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -323,9 +323,9 @@ CVE-2024-42677 (An issue in Huizhi enterprise resource 
management system v.1.0 a
 CVE-2024-42676 (File Upload vulnerability in Huizhi enterprise resource 
management sys ...)
        NOT-FOR-US: Huizhi enterprise resource management system
 CVE-2024-42476 (In the OAuth library for nim prior to version 0.11, the 
Authorization  ...)
-       TODO: check
+       NOT-FOR-US: OAuth library for nim
 CVE-2024-42475 (In the OAuth library for nim prior to version 0.11, the 
`state` values ...)
-       TODO: check
+       NOT-FOR-US: OAuth library for nim
 CVE-2024-40705 (IBM InfoSphere Information Server could allow an authenticated 
user to ...)
        NOT-FOR-US: IBM
 CVE-2024-40704 (IBM InfoSphere Information Server 11.7 could allow a 
privileged user t ...)
@@ -1143,29 +1143,29 @@ CVE-2024-2259 (This vulnerability exists in 
InstaRISPACS software due to insuffi
 CVE-2024-29995 (Windows Kerberos Elevation of Privilege Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2024-21981 (Improper key usage control in AMD Secure Processor (ASP) may 
allow an  ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2024-21757 (A unverified password change in Fortinet FortiManager versions 
7.0.0 t ...)
        NOT-FOR-US: FortiGuard
 CVE-2023-31366 (Improper input validation in AMD \u03bcProf could allow an 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-31356 (Incomplete system memory cleanup in SEV firmware could allow a 
privile ...)
        TODO: check
 CVE-2023-31349 (Incorrect default permissions in the AMD \u03bcProf 
installation direc ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-31348 (A DLL hijacking vulnerability in AMD \u03bcProf could allow an 
attacke ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-31341 (Insufficient validation of the Input Output Control (IOCTL) 
input buff ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-31339 (Improper input validation in ARM\xae Trusted Firmware used in 
AMD\u201 ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-31310 (Improper input validation in Power Management Firmware (PMFW) 
may allo ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-31307 (Improper validation of array index in Power Management 
Firmware (PMFW) ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-31305 (Generation of weak and predictable Initialization Vector (IV) 
in PMFW  ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-31304 (Improper input validation in SMU may allow an attacker with 
privileges ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2024-7715 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 
D-Link DN ...)
        NOT-FOR-US: D-Link
 CVE-2024-7709 (A vulnerability, which was classified as problematic, has been 
found i ...)
@@ -143063,7 +143063,7 @@ CVE-2023-20592 (Improper or unexpected behavior of 
the INVD instruction in some
        NOTE: https://cachewarpattack.com/
        NOTE: 
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html
 CVE-2023-20591 (Improper re-initialization of IOMMU during the DRTM event may 
permit a ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20590
        RESERVED
 CVE-2023-20589 (An attacker with specialized hardware and physical access to 
an impact ...)
@@ -143088,7 +143088,7 @@ CVE-2023-20586 (A potential vulnerability was 
reported in Radeon\u2122 Software
 CVE-2023-20585
        RESERVED
 CVE-2023-20584 (IOMMU improperly handles certain special address ranges with 
invalid d ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors 
may all ...)
        NOT-FOR-US: AMD
 CVE-2023-20582
@@ -143100,7 +143100,7 @@ CVE-2023-20580
 CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may 
allow a  ...)
        NOT-FOR-US: AMD
 CVE-2023-20578 (A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an 
attacker with ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20577
        NOT-FOR-US: AMD
 CVE-2023-20576
@@ -143241,7 +143241,7 @@ CVE-2023-20520 (Improper access control settings in 
ASP Bootloader may allow an
 CVE-2023-20519 (A Use-After-Free vulnerability in the management of an SNP 
guest conte ...)
        NOT-FOR-US: AMD
 CVE-2023-20518 (Incomplete cleanup in the ASP may expose the Master Encryption 
Key (ME ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20517
        RESERVED
 CVE-2023-20516
@@ -143251,15 +143251,15 @@ CVE-2023-20515
 CVE-2023-20514
        RESERVED
 CVE-2023-20513 (An insufficient bounds check in PMFW (Power Management 
Firmware) may a ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20512 (A hardcoded AES   key in PMFW may result in a privileged 
attacker gain ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20511
        RESERVED
 CVE-2023-20510 (An insufficient DRAM address validation in PMFW may allow a 
privileged ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20509 (An insufficient DRAM address validation in PMFW may allow a 
privileged ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20508
        RESERVED
 CVE-2023-20507
@@ -188385,7 +188385,7 @@ CVE-2021-46774 (Insufficient DRAM address validation 
in System Management Unit (
 CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged 
attacker  ...)
        NOT-FOR-US: AMD
 CVE-2021-46772 (Insufficient input validation in the ABL may allow a 
privileged attack ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor 
(ASP) fir ...)
        NOT-FOR-US: AMD
 CVE-2021-46770
@@ -188437,7 +188437,7 @@ CVE-2021-46748 (Insufficient bounds checking in the 
ASP (AMD Secure Processor) m
 CVE-2021-46747
        RESERVED
 CVE-2021-46746 (Lack of stack protection exploit mechanisms in ASP Secure OS 
Trusted E ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-46745
        RESERVED
 CVE-2021-46744 (An attacker with access to a malicious hypervisor may be able 
to infer ...)
@@ -202628,11 +202628,11 @@ CVE-2022-23819
 CVE-2022-23818 (Insufficient input validation on the model specific register: 
VM_HSAVE ...)
        NOT-FOR-US: AMD
 CVE-2022-23817 (Insufficient checking of memory buffer in ASP Secure OS may 
allow an a ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2022-23816
        REJECTED
 CVE-2022-23815 (Improper bounds checking in APCB firmware may allow an 
attacker to per ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2022-23814 (Failure to validate addresses provided by software to BIOS 
commands ma ...)
        NOT-FOR-US: AMD
 CVE-2022-23813 (The software interfaces to ASP and SMU may not enforce the SNP 
memory  ...)
@@ -264560,7 +264560,7 @@ CVE-2021-26389
 CVE-2021-26388 (Improper validation of the BIOS directory may allow for 
searches to re ...)
        NOT-FOR-US: AMD
 CVE-2021-26387 (Insufficient access controls in ASP kernel may allow a 
privileged atta ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-26386 (A malicious or compromised UApp or ABL may be used by an 
attacker to i ...)
        NOT-FOR-US: AMD
 CVE-2021-26385
@@ -264600,7 +264600,7 @@ CVE-2021-26369 (A malicious or compromised UApp or 
ABL may be used by an attacke
 CVE-2021-26368 (Insufficient check of the process type in Trusted OS (TOS) may 
allow a ...)
        NOT-FOR-US: AMD
 CVE-2021-26367 (A malicious attacker in x86 can misconfigure the Trusted 
Memory Region ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-26366 (An attacker, who gained elevated privileges via some other 
vulnerabili ...)
        NOT-FOR-US: AMD
 CVE-2021-26365 (Certain size values in firmware binary headers could trigger 
out of bo ...)
@@ -264647,7 +264647,7 @@ CVE-2021-26346 (Failure to validate the integer 
operand in ASP (AMD Secure Proce
 CVE-2021-26345 (Failure to validate the value in APCB may allow a privileged 
attacker  ...)
        NOT-FOR-US: AMD
 CVE-2021-26344 (An out of bounds memory write when processing the AMD PSP1 
Configurati ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-26343 (Insufficient validation in ASP BIOS and DRTM commands may 
allow malici ...)
        NOT-FOR-US: AMD
 CVE-2021-26342 (In SEV guest VMs, the CPU may fail to flush the Translation 
Lookaside  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd59e8e652436b436155dfcdc61cacd126588081

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd59e8e652436b436155dfcdc61cacd126588081
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to