Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f73e5fbb by Salvatore Bonaccorso at 2026-06-03T13:49:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -93,7 +93,7 @@ CVE-2026-34993 (AIOHTTP is an asynchronous HTTP client/server
framework for asyn
CVE-2026-34077 (React Router is a router for React. In versions 7.7.0 through
7.13.1, ...)
NOT-FOR-US: React Router
CVE-2026-33553 (Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and
3.27.0 befo ...)
- TODO: check
+ NOT-FOR-US: Northern.tech CFEngine Enterprise
CVE-2026-33245 (React Router is a router for React. In versions 7.7.0 through
7.13.1, ...)
NOT-FOR-US: React Router
CVE-2026-32625 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
@@ -119,23 +119,23 @@ CVE-2026-10705 (A flaw has been found in dask up to 3.0.
Affected by this issue
CVE-2026-10704 (A vulnerability was detected in SourceCodester Pizzafy
E-Commerce Syst ...)
NOT-FOR-US: SourceCodester
CVE-2026-10703 (A security vulnerability has been detected in EIPStackGroup
OpENer up ...)
- TODO: check
+ NOT-FOR-US: EIPStackGroup OpENer
CVE-2026-10694 (A vulnerability was detected in SourceCodester Online Food
Ordering Sy ...)
NOT-FOR-US: SourceCodester
CVE-2026-10693 (A security vulnerability has been detected in SourceCodester
Online Bo ...)
NOT-FOR-US: SourceCodester
CVE-2026-10692 (A weakness has been identified in johnhuang316 code-index-mcp
up to 2. ...)
- TODO: check
+ NOT-FOR-US: johnhuang316 code-index-mcp
CVE-2026-10691 (A security flaw has been discovered in wonderwhy-er
DesktopCommanderMC ...)
- TODO: check
+ NOT-FOR-US: wonderwhy-er DesktopCommanderMCP
CVE-2026-10690 (A vulnerability was identified in wonderwhy-er
DesktopCommanderMCP 0.2 ...)
- TODO: check
+ NOT-FOR-US: wonderwhy-er DesktopCommanderMCP
CVE-2026-10688 (A vulnerability was determined in ahujasid blender-mcp up to
7636d13bd ...)
- TODO: check
+ NOT-FOR-US: ahujasid blender-mcp
CVE-2026-10662 (A vulnerability was found in ahujasid blender-mcp up to
7636d13bded82e ...)
- TODO: check
+ NOT-FOR-US: ahujasid blender-mcp
CVE-2026-10661 (A vulnerability has been found in ahujasid blender-mcp up to
7636d13bd ...)
- TODO: check
+ NOT-FOR-US: ahujasid blender-mcp
CVE-2026-10650 (A flaw has been found in warmcat libwebsockets up to 4.5.8.
This issue ...)
TODO: check
CVE-2026-10624 (A vulnerability has been found in SourceCodester Human
Resource Manage ...)
@@ -143,11 +143,11 @@ CVE-2026-10624 (A vulnerability has been found in
SourceCodester Human Resource
CVE-2026-10620 (A flaw has been found in code-projects Student Admission
System 1.0. A ...)
NOT-FOR-US: code-projects
CVE-2026-10619 (A vulnerability was detected in sayan365
student-management-system up ...)
- TODO: check
+ NOT-FOR-US: sayan365 student-management-system
CVE-2026-10617 (A security vulnerability has been detected in nextlevelbuilder
GoClaw ...)
- TODO: check
+ NOT-FOR-US: nextlevelbuilder GoClaw
CVE-2026-10616 (A weakness has been identified in nextlevelbuilder GoClaw up
to 3.11.3 ...)
- TODO: check
+ NOT-FOR-US: nextlevelbuilder GoClaw
CVE-2026-10608 (A security flaw has been discovered in DedeCMS 5.7.88. This
affects th ...)
NOT-FOR-US: DedeCMS
CVE-2026-10607 (A vulnerability was identified in DedeCMS 5.7.88. The impacted
element ...)
@@ -155,29 +155,29 @@ CVE-2026-10607 (A vulnerability was identified in DedeCMS
5.7.88. The impacted e
CVE-2026-10584 (Proxy server in Graph Explorer before 3.0.1 falls back to HTTP
when ce ...)
NOT-FOR-US: Amazon
CVE-2025-64390 (A privilege escalation vulnerability exists in PlayStation 4
firmware ...)
- TODO: check
+ NOT-FOR-US: PlayStation 4 firmware
CVE-2025-15653 (Dr\xe4ger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500
anesthesi ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2024-14036 (Dr\xe4ger Core 1.0.5 and Dr\xe4ger M540 Converter Service
1.0.9 contai ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2022-4992 (Dr\xe4ger Infinity Acute Care System and Standalone Infinity
M540 pati ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2021-4481 (Dr\xe4ger Protector Software prior to version 6.4.2 contains a
local p ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2021-4480 (Dr\xe4ger Protector Software prior to version 6.4.2 contains a
local p ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2021-4479 (Dr\xe4ger Atlan A350 software versions 1.00 through 1.01
contains an i ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2021-4478 (Dr\xe4ger CC-Vision Basic before 7.5.3 and Dr\xe4ger CC-Vision
E-Cal b ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2019-25724 (Dr\xe4ger Infinity M300 patient worn monitors with software
version VG ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2019-25723 (Dr\xe4ger Perseus A500 software versions 2.00 through 2.02
contains an ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2019-25722 (Dr\xe4ger SC Monitoring devices (SC 6002XL, SC 6802XL, SC
7000, SC 800 ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2019-25721 (Dr\xe4ger Infinity M300 patient worn monitors with software
version VG ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2026-27145 ((*x509.Certificate).VerifyHostname previously called
matchHostnames in ...)
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
@@ -404,31 +404,31 @@ CVE-2026-24221 (NVIDIA NVTabular contains a vulnerability
where an attacker coul
CVE-2026-1871 (TP-Link Tapo C200 v5 contains a stack-based buffer overflow
flaw in RT ...)
NOT-FOR-US: TPLink
CVE-2026-1784 (The Route OpenShift resource allows to define routes to make
pods reac ...)
- TODO: check
+ NOT-FOR-US: Red Hat OpenShift
CVE-2026-1451 (The rognone plugin for WordPress is vulnerable to Reflected
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1450 (The rognone plugin for WordPress is vulnerable to Reflected
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10629 (SIP signaling stack in Verizon IMS (unspecified version)
implements SI ...)
- TODO: check
+ NOT-FOR-US: Verizon IMS
CVE-2026-10622 (Improper Authentication in REST API in Collibra Agent, allows
a remote ...)
- TODO: check
+ NOT-FOR-US: Collibra Agent
CVE-2026-10621 (Path traversal in restore handler in Collibra Agent, allows an
attacke ...)
- TODO: check
+ NOT-FOR-US: Collibra Agent
CVE-2026-10611 (An authentication bypass vulnerability exists in MISP when
LDAP mixed ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-10606 (A vulnerability was determined in DedeCMS 5.7.88. The affected
element ...)
NOT-FOR-US: DedeCMS
CVE-2026-10591 (Insufficient access control restrictions in the file write
tool in Ama ...)
NOT-FOR-US: Amazon
CVE-2026-10549 (LDAP filter injection vulnerability in Yandex Database prior
to 25.3.1 ...)
- TODO: check
+ NOT-FOR-US: Yandex Database
CVE-2026-10047 (The Bitdefender Napoca bare-metal hypervisor contains an
out-of-bounds ...)
NOT-FOR-US: Bitdefender
CVE-2026-10046 (Bitdefender Napoca bare-metal hypervisor contains an
out-of-bounds wri ...)
NOT-FOR-US: Bitdefender
CVE-2026-0611 (Spacelabs Healthcare Sentinel versions 10.5.x and higher and
11.x.x be ...)
- TODO: check
+ NOT-FOR-US: Spacelabs Healthcare Sentinel
CVE-2025-69369 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-68886 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -460,9 +460,9 @@ CVE-2025-52759 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2024-42206 (HCL iReflection Third party vulnerable and outdated components
issue w ...)
NOT-FOR-US: HCL
CVE-2019-25719 (Dr\xe4ger Infinity Acute Care System and Standalone Infinity
M540 pati ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2019-25717 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors
contain ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2026-41115 (An improper authorization vulnerability has been identified in
Apache ...)
- kafka <itp> (bug #786460)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/5
@@ -9980,7 +9980,7 @@ CVE-2025-15369 (The Xpro Addons \u2014 140+ Widgets for
Elementor plugin for Wor
CVE-2025-14575 (An Uncontrolled Search Path Element vulnerability in the
OpenSSL TLS b ...)
TODO: check
CVE-2024-36343 (Improper input validation in the System Management Mode (SMM)
communic ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-7345 (Ledger Live with vulnerable versions of ledgerhq/hw-app-eth
prior to 6 ...)
NOT-FOR-US: Ledger
CVE-2026-29518 (Rsync versions before 3.4.3 contain a time-of-check to
time-of-use (TO ...)
@@ -11303,77 +11303,77 @@ CVE-2026-24662 (Cross-site scripting vulnerability
exists in Musetheque V4 Infor
CVE-2026-24000 (Fleet is open source device management software. Prior to
version 4.80 ...)
NOT-FOR-US: Fleet
CVE-2026-0481 (Unrestricted IP address binding in the AMD Device Metrics
Exporter (RO ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-0438 (A System Management Mode (SMM) handler could perform a callout
to code ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-0432 (Incorrect default permissions in the installation directory for
the AM ...)
NOT-FOR-US: AMD
CVE-2026-0428 (Insufficient parameter sanitization in TEE SOC Driver could
allow an a ...)
NOT-FOR-US: AMD
CVE-2026-0427 (Improper cleanup of shared register resources in GPU firmware
could al ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-66664 (Insufficient parameter sanitization in AMD Secure Processor
(ASP) TEE ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-66660 (Insufficient parameter sanitization in TEE SOC Driver could
allow an a ...)
NOT-FOR-US: AMD
CVE-2025-54517 (Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl
handler could ...)
NOT-FOR-US: AMD
CVE-2025-54511 (Improper handling of insufficient privileges in the AMD Secure
Process ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-52540 (An improper input validation vulnerability within the AMD
Platform Man ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-52532 (A race condition in the MxGPU-Virtualization driver\u2019s
ioctl path ...)
NOT-FOR-US: AMD
CVE-2025-48521 (Improper input validation in the AMD Secure Processor (ASP)
PCI driver ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-48520 (An improper input validation vulnerability within the AMD
Platform Man ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-48519 (An improper input validation vulnerability within the AMD
Platform Man ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-48516 (Insecure default configuration state of DDR5 memory module by
AGESA Bo ...)
NOT-FOR-US: AMD
CVE-2025-48513 (Use of uninitialized resource within the AMD Platform
Management Frame ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-48512 (Incorrect default permissions in the installation directory
for the AM ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29944 (A buffer overflow vulnerability within AMD Sensor Fusion Hub
Driver ca ...)
NOT-FOR-US: AMD
CVE-2025-29938 (An unchecked return value within the AMD Platform Management
Framework ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29937 (An out of bounds read within the AMD Platform Management
Framework (PM ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29936 (Improper input validation within the AMD Platform Management
Framework ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29935 (An out of bounds write within the AMD Platform Management
Framework (P ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0045 (Improper Input validation in the AMD Secure Processor (ASP) PCI
driver ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0044 (An out-of-bounds read in power management firmware by a
malicious loca ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0040 (Improper access control between the Joint Test Action Group
(JTAG) and ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0028 (An unchecked return value within the AMD Platform Management
Framework ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36345 (Improper input validation in the AMD OverDrive (AOD) System
Management ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36334 (Improper verification of cryptographic signature in the Radeon
RGB too ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36333 (A DLL hijacking vulnerability in the AMD Cleanup Utility could
allow a ...)
NOT-FOR-US: AMD
CVE-2024-36332 (Improper isolation of GPU HW register space could allow a
privileged a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36323 (Improper isolation of VCN-JPEG HW register space could allow a
malicio ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21962 (Improper Input Validation in the AMD RAID driver could allow
an attack ...)
NOT-FOR-US: AMD
CVE-2024-21950 (An out of bounds read in the remote management firmware could
allow a ...)
NOT-FOR-US: AMD
CVE-2023-31317 (Improper restriction of operations within the bounds of a
memory buffe ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-31316 (Improperly preserved integrity of hardware configuration state
during ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-31309 (Improper validation in Power Management Firmware (PMFW) may
allow an a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-44068 (Incomplete sanitization of extended attribute (EA) path
components in ...)
{DSA-6280-1}
- netatalk 4.4.3~ds-1 (bug #1137121)
@@ -13474,7 +13474,7 @@ CVE-2025-62623 (A heap-based buffer overflow in the
ionic cloud driver for VMwar
CVE-2025-61972 (Missing lock bit protection for NBIO registers could allow a
local adm ...)
NOT-FOR-US: AMD
CVE-2025-61971 (Missing lock bit protection for NBIO registers could allow a
local adm ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-15463 (The The Advanced Custom Fields: Extended plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14755 (The Cost Calculator Builder plugin for WordPress is vulnerable
to Unau ...)
@@ -14208,7 +14208,7 @@ CVE-2026-31223 (The snorkel library thru v0.10.0
contains a critical insecure de
CVE-2026-31222 (The snorkel library thru v0.10.0 contains an insecure
deserialization ...)
NOT-FOR-US: snorkel
CVE-2026-31221 (PyTorch-Lightning versions 2.6.0 and earlier contain an
insecure deser ...)
- TODO: check
+ NOT-FOR-US: PyTorch-Lightning
CVE-2026-31220 (PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are
vulnerabl ...)
NOT-FOR-US: PySyft (Syft Datasite/Server)
CVE-2026-31219 (The _load_model() function in the neural_magic_training.py
script of t ...)
@@ -14364,7 +14364,7 @@ CVE-2025-35979 (Exposure of sensitive information
caused by shared microarchitec
CVE-2025-35969 (Uncontrolled search path for some Intel(R) Server Firmware
Update Util ...)
NOT-FOR-US: Intel
CVE-2025-27723 (Use after free for some Linux kernel driver for the Intel(R)
Ethernet ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-12659 (The affected applications contains a memory corruption
vulnerability w ...)
NOT-FOR-US: Siemens
CVE-2024-54017 (A vulnerability has been identified in SIPROTEC 5 6MD84
(CP300) (All v ...)
@@ -55816,7 +55816,7 @@ CVE-2025-14040 (The Automotive Car Dealership Business
WordPress Theme for WordP
CVE-2025-12981 (The Listee theme for WordPress is vulnerable to privilege
escalation i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31364 (Improper handling of direct memory writes in the input-output
memory m ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-71264 (Mumble before 1.6.870 is prone to an out-of-bounds array
access, which ...)
- mumble 1.5.735-7 (bug #1129178)
[trixie] - mumble 1.5.735-5+deb13u1
@@ -62309,7 +62309,7 @@ CVE-2024-36319 (Debug code left active in AMD's Video
Decoder Engine Firmware (V
CVE-2023-31323 (Type confusion in the AMD Secure Processor (ASP) could allow
an attack ...)
NOT-FOR-US: AMD
CVE-2023-31313 (An unintended proxy or intermediary in the AMD power
management firmwa ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2019-25348
REJECTED
CVE-2019-25347 (thesystem App 1.0 contains a SQL injection vulnerability that
allows a ...)
@@ -63106,11 +63106,11 @@ CVE-2024-56807 (An out-of-bounds read vulnerability
has been reported to affect
CVE-2024-50618 (A Use of Single-factor Authentication vulnerability in the
Authenticat ...)
NOT-FOR-US: CIPPlanner CIPAce
CVE-2024-36324 (Improper input validation in AMD Graphics Driver could allow
an attack ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36320 (Integer Overflow within atihdwt6.sys can allow a local
attacker to cau ...)
NOT-FOR-US: AMD
CVE-2024-36316 (The integer overflow vulnerability within AMD Graphics driver
could al ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-26480 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain
sensitiv ...)
NOT-FOR-US: Statping-ng
CVE-2024-26479 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain
sensitiv ...)
@@ -63120,7 +63120,7 @@ CVE-2024-26478 (An issue in Statping-ng v.0.91.0 allows
an attacker to obtain se
CVE-2024-26477 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain
sensitiv ...)
NOT-FOR-US: Statping-ng
CVE-2023-31324 (A Time-of-check time-of-use (TOCTOU) race condition in the AMD
Secure ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2019-25317 (Kimai 2 contains a persistent cross-site scripting
vulnerability that ...)
NOT-FOR-US: Kimai
CVE-2019-25316 (GOautodial 4.0 contains a persistent cross-site scripting
vulnerabilit ...)
@@ -63684,7 +63684,7 @@ CVE-2025-30513 (Race condition for some TDX Module
within Ring 0: Hypervisor may
CVE-2025-30508 (Improper authorization in the Intel(R) Quick Assist Technology
for som ...)
NOT-FOR-US: Intel
CVE-2025-29952 (Improper Initialization within the AMD Secure Encrypted
Virtualization ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29951 (A buffer overflow in the AMD Secure Processor (ASP) bootloader
could a ...)
NOT-FOR-US: AMD
CVE-2025-29950 (Improper input validation in system management mode (SMM)
could allow ...)
@@ -63692,11 +63692,11 @@ CVE-2025-29950 (Improper input validation in system
management mode (SMM) could
CVE-2025-29949 (Insufficient input parameter sanitization in AMD Secure
Processor (ASP ...)
NOT-FOR-US: AMD
CVE-2025-29948 (Improper access control in AMD Secure Encrypted Virtualization
(SEV) f ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29946 (Insufficient or Incomplete Data Removal in Hardware Component
in SEV f ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29939 (Improper access control in secure encrypted virtualization
(SEV) could ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-27940 (Out-of-bounds read for some TDX Module before version tdx1.5
within Ri ...)
NOT-FOR-US: Intel
CVE-2025-27708 (Out-of-bounds read in the firmware for some Intel(R) Converged
Securit ...)
@@ -63749,11 +63749,11 @@ CVE-2025-11242 (Server-Side Request Forgery (SSRF)
vulnerability in Teknolist Co
CVE-2025-11004 (The Simplicity Device Manager Tool has a Reflected XSS
(Cross-site-scr ...)
NOT-FOR-US: Silicon Labs
CVE-2025-0031 (A use after free in the SEV firmware could allow a malicous
hypervisor ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0029 (Improper handling of error condition during host-induced faults
can al ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0012 (Improper handling of overlap between the segmented reverse map
table ( ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-54192 (An issue inTcpreplay v4.5.1 allows a local attacker to cause a
denial ...)
TODO: check
CVE-2024-52334 (A vulnerability has been identified in syngo.plaza VB30E (All
versions ...)
@@ -63761,11 +63761,11 @@ CVE-2024-52334 (A vulnerability has been identified
in syngo.plaza VB30E (All ve
CVE-2024-36355 (Improper input validation in the SMM handler could allow an
attacker w ...)
NOT-FOR-US: AMD
CVE-2024-36311 (A Time-of-check time-of-use (TOCTOU) race condition in the SMM
communi ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36310 (Improper input validation in the SMM communications buffer
could allow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21953 (Improper input validation in IOMMU could allow a malicious
hypervisor ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-25506 (MUNGE is an authentication service for creating and validating
user cr ...)
{DSA-6129-1 DLA-4477-1}
- munge 0.5.16-1.1
@@ -385271,7 +385271,7 @@ CVE-2022-3729 (A vulnerability, which was classified
as critical, has been found
CVE-2022-3728 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13
Gen3 that ...)
NOT-FOR-US: Lenovo
CVE-2023-20601 (Improper input validation within RAS TA Driver can allow a
local attac ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20600
RESERVED
CVE-2023-20599 (Improper register access control in ASP may allow a privileged
attacke ...)
@@ -385330,7 +385330,7 @@ CVE-2023-20587 (Improper Access Control in System
Management Mode (SMM) may allo
CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122
Software Crimso ...)
NOT-FOR-US: AMD
CVE-2023-20585 (Insufficient checks of the RMP on host buffer access in IOMMU
may allo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20584 (IOMMU improperly handles certain special address ranges with
invalid d ...)
- amd64-microcode 3.20240820.1
[bookworm] - amd64-microcode 3.20240820.1~deb12u1
@@ -385430,7 +385430,7 @@ CVE-2023-20550
CVE-2023-20549
RESERVED
CVE-2023-20548 (A Time-of-check time-of-use (TOCTOU) race condition in the AMD
Secure ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20547
RESERVED
CVE-2023-20546
@@ -385499,7 +385499,7 @@ CVE-2023-20516 (Improper handling of insufficiency
privileges in the ASP could a
CVE-2023-20515 (Improper access control in the fTPM driver in the trusted OS
could all ...)
NOT-FOR-US: AMD
CVE-2023-20514 (Improper handling of parameters in the AMD Secure Processor
(ASP) coul ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20513 (An insufficient bounds check in PMFW (Power Management
Firmware) may a ...)
NOT-FOR-US: AMD
CVE-2023-20512 (A hardcoded AES key in PMFW may result in a privileged
attacker gain ...)
@@ -430773,7 +430773,7 @@ CVE-2021-46749 (Insufficient bounds checking in ASP
(AMD Secure Processor) may a
CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor)
may all ...)
NOT-FOR-US: AMD
CVE-2021-46747 (Insufficient granularity of access control in ASP (AMD Secure
Processo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46746 (Lack of stack protection exploit mechanisms in ASP Secure OS
Trusted E ...)
NOT-FOR-US: AMD
CVE-2021-46745
@@ -444962,7 +444962,7 @@ CVE-2022-23828
CVE-2022-23827
REJECTED
CVE-2022-23826 (A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics
interface may ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors
to predi ...)
{DSA-5184-1}
- xen 4.16.2-1
@@ -506875,7 +506875,7 @@ CVE-2021-26412 (Microsoft Exchange Server Remote Code
Execution Vulnerability)
CVE-2021-26411 (Internet Explorer Memory Corruption Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-26410 (Improper syscall input validation in ASP (AMD Secure
Processor) may fo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26409 (Insufficient bounds checking in SEV-ES may allow an attacker
to corrup ...)
NOT-FOR-US: AMD
CVE-2021-26408 (Insufficient validation of elliptic curve points in SEV-legacy
firmwar ...)
@@ -506938,9 +506938,9 @@ CVE-2021-26383 (Insufficient bounds checking in AMD
TEE (Trusted Execution Envir
CVE-2021-26382 (An attacker with root account privileges can load any
legitimately sig ...)
NOT-FOR-US: AMD
CVE-2021-26381 (Improper system call parameter validation in the Trusted OS
may allow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26380 (A compromised Trusted OS (TOS) driver could issue a malformed
call tha ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26379 (Insufficient input validation of mailbox data in the SMU may
allow an ...)
NOT-FOR-US: AMD
CVE-2021-26378 (Insufficient bound checks in the System Management Unit (SMU)
may resu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f73e5fbbc279035743b0b7003291ebc833ecd409
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f73e5fbbc279035743b0b7003291ebc833ecd409
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
