Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 36ee72f2 by Moritz Muehlenhoff at 2023-11-15T14:44:11+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -517,7 +517,7 @@ CVE-2023-32278 (Path transversal in some Intel(R) NUC Uniwill Service Driver for CVE-2023-32204 (Improper access control in some Intel(R) OFU software before version 1 ...) NOT-FOR-US: Intel CVE-2023-31320 (Improper input validation in the AMD RadeonTM Graphics display driver ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-31273 (Protection mechanism failure in some Intel DCM software before version ...) NOT-FOR-US: Intel CVE-2023-31247 (A memory corruption vulnerability exists in the HTTP Server Host heade ...) @@ -27224,7 +27224,7 @@ CVE-2023-31102 (7-Zip through 22.01 on Linux allows an integer underflow and cod CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in Apache So ...) NOT-FOR-US: Apache InLong CVE-2023-31100 (Improper Access Control in SMI handler vulnerability in Phoenix Secure ...) - TODO: check + NOT-FOR-US: Phoenix CVE-2023-31099 (Zoho ManageEngine OPManager through 126323 allows an authenticated use ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-31098 (Weak Password Requirements vulnerability in Apache Software Foundation ...) @@ -70281,7 +70281,7 @@ CVE-2023-20598 (An improper privilege management in the AMD Radeon\u2122Graphics CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...) NOT-FOR-US: AMD CVE-2023-20596 (Improper input validation in the SMM Supervisor may allow an attacker ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20595 RESERVED CVE-2023-20594 (Improper initialization of variables in the DXE driver may allow a pri ...) @@ -70358,7 +70358,7 @@ CVE-2023-20573 CVE-2023-20572 RESERVED CVE-2023-20571 (A race condition in System Management Mode (SMM) code may allow an att ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20570 RESERVED CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow an atta ...) @@ -70384,17 +70384,17 @@ CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow a NOTE: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/4 CVE-2023-20568 (Improper signature verification of RadeonTM RX Vega M Graphics driver ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20567 (Improper signature verification of RadeonTM RX Vega M Graphics driver ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20566 (Improper address validation in ASP with SNP enabled may potentially al ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20565 (Insufficient protections in System Management Mode (SMM) code may allo ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20564 (Insufficient validation in the IOCTL (Input Output Control) input buff ...) NOT-FOR-US: AMD CVE-2023-20563 (Insufficient protections in System Management Mode (SMM) code may allo ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20562 (Insufficient validation in the IOCTL (Input Output Control) input buff ...) NOT-FOR-US: AMD CVE-2023-20561 (Insufficient validation of the IOCTL (Input Output Control) input buff ...) @@ -70454,7 +70454,7 @@ CVE-2023-20535 CVE-2023-20534 RESERVED CVE-2023-20533 (Insufficient DRAM address validation in System Management Unit (SMU) m ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20532 (Insufficient input validation in the SMU may allow an attacker to impr ...) NOT-FOR-US: AMD CVE-2023-20531 (Insufficient bound checks in the SMU may allow an attacker to update t ...) @@ -70468,7 +70468,7 @@ CVE-2023-20528 (Insufficient input validation in the SMU may allow a physical at CVE-2023-20527 (Improper syscall input validation in the ASP Bootloader may allow a pr ...) NOT-FOR-US: AMD CVE-2023-20526 (Insufficient input validation in the ASP Bootloader may enable a privi ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20525 (Insufficient syscall input validation in the ASP Bootloader may allow ...) NOT-FOR-US: AMD CVE-2023-20524 (An attacker with a compromised ASP could possibly send malformed comma ...) @@ -70478,11 +70478,11 @@ CVE-2023-20523 (TOCTOU in the ASP may allow a physical attacker to write beyond CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker with a mali ...) NOT-FOR-US: AMD CVE-2023-20521 (TOCTOU in the ASP Bootloader may allow an attacker with physical acces ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20520 (Improper access control settings in ASP Bootloader may allow an attack ...) NOT-FOR-US: AMD CVE-2023-20519 (A Use-After-Free vulnerability in the management of an SNP guest conte ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20518 RESERVED CVE-2023-20517 @@ -115543,7 +115543,7 @@ CVE-2021-46776 CVE-2021-46775 (Improper input validation in ABL may enable an attacker with physical ...) NOT-FOR-US: AMD CVE-2021-46774 (Insufficient DRAM address validation in System Management Unit (SMU) m ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged attacker ...) NOT-FOR-US: AMD CVE-2021-46772 @@ -115559,7 +115559,7 @@ CVE-2021-46768 (Insufficient input validation in SEV firmware may allow an attac CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker with ph ...) NOT-FOR-US: AMD CVE-2021-46766 (Improper clearing of sensitive data in the ASP Bootloader may expose s ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-46765 (Insufficient input validation in ASP may allow an attacker with a comp ...) NOT-FOR-US: AMD CVE-2021-46764 (Improper validation of DRAM addresses in SMU may allow an attacker to ...) @@ -115575,7 +115575,7 @@ CVE-2021-46760 (A malicious or compromised UApp or ABL can send a malformed syst CVE-2021-46759 (Improper syscall input validation in AMD TEE (Trusted Execution Enviro ...) NOT-FOR-US: AMD CVE-2021-46758 (Insufficient validation of SPI flash addresses in the ASP (AMD Secure ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-46757 RESERVED CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AM ...) @@ -115595,7 +115595,7 @@ CVE-2021-46750 CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...) NOT-FOR-US: AMD CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) may all ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-46747 RESERVED CVE-2021-46746 @@ -129695,7 +129695,7 @@ CVE-2022-23832 CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD \u03bcProf ma ...) NOT-FOR-US: AMD CVE-2022-23830 (SMM configuration may not be immutable, as intended, when SNP is enabl ...) - TODO: check + NOT-FOR-US: AMD CVE-2022-23829 RESERVED CVE-2022-23828 @@ -129729,9 +129729,9 @@ CVE-2022-23823 (A potential vulnerability in some AMD processors using frequency CVE-2022-23822 (In this physical attack, an attacker may potentially exploit the Zynq- ...) NOT-FOR-US: Zynq-7000 SoC First Stage Boot Loader (FSBL) CVE-2022-23821 (Improper access control in System Management Mode (SMM) may allow an a ...) - TODO: check + NOT-FOR-US: AMD CVE-2022-23820 (Failure to validate the AMD SMM communication buffer may allow an atta ...) - TODO: check + NOT-FOR-US: AMD CVE-2022-23819 RESERVED CVE-2022-23818 (Insufficient input validation on the model specific register: VM_HSAVE ...) @@ -191732,7 +191732,7 @@ CVE-2021-26346 (Failure to validate the integer operand in ASP (AMD Secure Proce NOT-FOR-US: AMD NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031 CVE-2021-26345 (Failure to validate the value in APCB may allow a privileged attacker ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26344 RESERVED CVE-2021-26343 (Insufficient validation in ASP BIOS and DRTM commands may allow malici ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36ee72f2f5f4b3494439ccc7bdd193e4991b6c33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36ee72f2f5f4b3494439ccc7bdd193e4991b6c33 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits