Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3cd9886d by Moritz Muehlenhoff at 2026-05-17T14:55:27+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2021-47955 (CouchCMS 2.2.1 contains a cross-site
scripting vulnerability tha
CVE-2021-47954 (LayerBB 1.1.4 contains an SQL injection vulnerability that
allows unau ...)
NOT-FOR-US: LayerBB
CVE-2021-47952 (python jsonpickle 2.0.0 contains a remote code execution
vulnerability ...)
- TODO: check
+ NOTE: Bogus CVE assignment for jsonpickle
CVE-2021-47942 (Home Assistant Community Store (HACS) 1.10.0 contains a path
traversal ...)
NOT-FOR-US: Home Assistant Community Store (HACS)
CVE-2021-47934 (MyBB Timeline Plugin 1.0 contains cross-site scripting
vulnerabilities ...)
@@ -57,7 +57,7 @@ CVE-2020-37241 (bloofoxCMS 0.5.2.1 contains a cross-site
request forgery vulnera
CVE-2020-37240 (Queue Management System 4.0.0 contains a stored cross-site
scripting v ...)
NOT-FOR-US: Queue Management System
CVE-2020-37239 (libbabl 0.1.62 contains a broken double free detection
vulnerability t ...)
- TODO: check
+ NOTE: Bogus CVE assignment for babl
CVE-2020-37238 (CMS Made Simple 2.2.15 contains a stored cross-site scripting
vulnerab ...)
NOT-FOR-US: CMS Made Simple
CVE-2020-37237 (Composr CMS 10.0.34 contains a persistent cross-site scripting
vulnera ...)
@@ -417,7 +417,7 @@ CVE-2026-35194 (Code injection in SQL code generation in
Apache Flink 1.15.0 thr
CVE-2026-34253 (A buffer underflow vulnerability has been identified in the
ogg123 uti ...)
TODO: check
CVE-2026-2031 (An Improper Access Controlvulnerability inseveral internal API
endpoin ...)
- TODO: check
+ NOT-FOR-US: Google Cloud
CVE-2026-23695 (Cockpit CMS through version 2.14.0, patched in commit 72a83fc,
contain ...)
NOT-FOR-US: Cockpit CMS
CVE-2025-67437 (Medical Management System
a81df1ce700a9662cb136b27af47f4cbde64156b is ...)
@@ -595,13 +595,13 @@ CVE-2026-0438 (A System Management Mode (SMM) handler
could perform a callout to
CVE-2026-0432 (Incorrect default permissions in the installation directory for
the AM ...)
TODO: check
CVE-2026-0428 (Insufficient parameter sanitization in TEE SOC Driver could
allow an a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-0427 (Improper cleanup of shared register resources in GPU firmware
could al ...)
TODO: check
CVE-2025-66664 (Insufficient parameter sanitization in AMD Secure Processor
(ASP) TEE ...)
TODO: check
CVE-2025-66660 (Insufficient parameter sanitization in TEE SOC Driver could
allow an a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-54517 (Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl
handler could ...)
TODO: check
CVE-2025-54511 (Improper handling of insufficient privileges in the AMD Secure
Process ...)
@@ -617,7 +617,7 @@ CVE-2025-48520 (An improper input validation vulnerability
within the AMD Platfo
CVE-2025-48519 (An improper input validation vulnerability within the AMD
Platform Man ...)
TODO: check
CVE-2025-48516 (Insecure default configuration state of DDR5 memory module by
AGESA Bo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-48513 (Use of uninitialized resource within the AMD Platform
Management Frame ...)
TODO: check
CVE-2025-48512 (Incorrect default permissions in the installation directory
for the AM ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cd9886da5d42a7403135475b303c35d4ee89b24
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cd9886da5d42a7403135475b303c35d4ee89b24
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
