[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 10 14:36:40 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de8f6ff0 by Moritz Muehlenhoff at 2023-05-10T15:02:16+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,23 +3,23 @@ CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.
CVE-2023-32570 (VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that ca ...)
TODO: check
CVE-2023-32569 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
- TODO: check
+ NOT-FOR-US: Veritas InfoScale Operations Manager
CVE-2023-32568 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
- TODO: check
+ NOT-FOR-US: Veritas InfoScale Operations Manager
CVE-2023-31478 (An issue was discovered on GL.iNet devices before 3.216. An API endpoi ...)
- TODO: check
+ NOT-FOR-US: GL.iNet devices
CVE-2023-2619 (A vulnerability, which was classified as critical, was found in Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-2618 (A vulnerability, which was classified as problematic, has been found i ...)
TODO: check
CVE-2023-2617 (A vulnerability classified as problematic was found in OpenCV wechat_q ...)
TODO: check
CVE-2023-2616 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2023-2615 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2023-2614 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
TODO: check
CVE-2023-32216
@@ -79,7 +79,7 @@ CVE-2023-32071 (XWiki Platform is a generic wiki platform. Starting in versions
CVE-2023-32069 (XWiki Platform is a generic wiki platform. Starting in version 3.3-mil ...)
NOT-FOR-US: XWiki
CVE-2023-32066 (Time Tracker is an open source time tracking system. The week view plu ...)
- TODO: check
+ NOT-FOR-US: Time Tracker
CVE-2023-32060 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...)
NOT-FOR-US: DHIS2
CVE-2023-31982 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the ...)
@@ -914,7 +914,7 @@ CVE-2023-31145
CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3.0.0 an ...)
NOT-FOR-US: Craft CMS
CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming and inte ...)
- TODO: check
+ NOT-FOR-US: mage-ai
CVE-2023-31142
RESERVED
CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...)
@@ -928,11 +928,11 @@ CVE-2023-31138 (DHIS2 Core contains the service layer and Web API for DHIS2, an
CVE-2023-31137 (MaraDNS is open-source software that implements the Domain Name System ...)
TODO: check
CVE-2023-31136 (PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO ...)
- TODO: check
+ NOT-FOR-US: PostgresNIO
CVE-2023-31135
RESERVED
CVE-2023-31134 (Tauri is software for building applications for multi-platform deploym ...)
- TODO: check
+ NOT-FOR-US: Tauri
CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a website, ...)
NOT-FOR-US: Ghost CMS
CVE-2023-31132
@@ -948,7 +948,7 @@ CVE-2023-31128
CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM specific ...)
NOT-FOR-US: libspdm
CVE-2023-31126 (`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the op ...)
- TODO: check
+ NOT-FOR-US: org.xwiki.commons:xwiki-commons-xml
CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
NOT-FOR-US: Engine.IO
CVE-2023-31124
@@ -2054,7 +2054,7 @@ CVE-2023-30779
CVE-2023-30778
RESERVED
CVE-2023-30777 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30776 (An authenticated user with specific data permissions could access data ...)
NOT-FOR-US: Apache Superset
CVE-2023-2129
@@ -4070,9 +4070,9 @@ CVE-2023-30059
CVE-2023-30058
RESERVED
CVE-2023-30057 (Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Ori ...)
- TODO: check
+ NOT-FOR-US: FICO
CVE-2023-30056 (A session takeover vulnerability exists in FICO Origination Manager De ...)
- TODO: check
+ NOT-FOR-US: FICO
CVE-2023-30055
RESERVED
CVE-2023-30054 (TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnera ...)
@@ -6667,7 +6667,7 @@ CVE-2023-29103 (A vulnerability has been identified in SIMATIC Cloud Connect 7 C
CVE-2023-29102
RESERVED
CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingr ...)
- TODO: check
+ NOT-FOR-US: Muffingroup
CVE-2023-29100
RESERVED
CVE-2023-29099
@@ -7305,7 +7305,7 @@ CVE-2023-28934
CVE-2023-28933
RESERVED
CVE-2023-28932 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28931
RESERVED
CVE-2023-28930
@@ -9162,15 +9162,15 @@ CVE-2023-27921
CVE-2023-27920
RESERVED
CVE-2023-27919 (Authentication bypass vulnerability in NEXT ENGINE Integration Plugin ...)
- TODO: check
+ NOT-FOR-US: NEXT ENGINE Integration Plugin
CVE-2023-27918 (Cross-site scripting vulnerability in Appointment and Event Booking Ca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27889 (Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLO ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27888 (Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier ...)
- TODO: check
+ NOT-FOR-US: Joruri Gw
CVE-2023-27527 (Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML extern ...)
- TODO: check
+ NOT-FOR-US: Shinseiyo Sogo Soft
CVE-2023-27521
RESERVED
CVE-2023-27518
@@ -9180,7 +9180,7 @@ CVE-2023-27514
CVE-2023-27512
RESERVED
CVE-2023-27510 (JB Inquiry form contains an exposure of private personal information t ...)
- TODO: check
+ NOT-FOR-US: JB Inquiry form
CVE-2023-27507
RESERVED
CVE-2023-27397
@@ -9188,7 +9188,7 @@ CVE-2023-27397
CVE-2023-27396
RESERVED
CVE-2023-27385 (Heap-based buffer overflow vulnerability exists in CX-Drive All models ...)
- TODO: check
+ NOT-FOR-US: CX-Drive All
CVE-2023-27384
RESERVED
CVE-2023-27304
@@ -9214,23 +9214,23 @@ CVE-2023-25946
CVE-2023-25755 (Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerabl ...)
NOT-FOR-US: Screen Creator Advance
CVE-2023-25184 (Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpi ...)
- TODO: check
+ NOT-FOR-US: Seiko
CVE-2023-25072 (Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. ...)
- TODO: check
+ NOT-FOR-US: SkyBridge
CVE-2023-25070 (Cleartext transmission of sensitive information exists in SkyBridge MB ...)
- TODO: check
+ NOT-FOR-US: SkyBridge
CVE-2023-24586 (Cleartext storage of sensitive information exists in SkyBridge MB-A100 ...)
- TODO: check
+ NOT-FOR-US: SkyBridge
CVE-2023-23906 (Missing authentication for critical function exists in SkyBridge MB-A1 ...)
- TODO: check
+ NOT-FOR-US: SkyBridge
CVE-2023-23901 (Improper following of a certificate's chain of trust exists in SkyBrid ...)
- TODO: check
+ NOT-FOR-US: SkyBridge
CVE-2023-23578 (Improper access control vulnerability in SkyBridge MB-A200 firmware Ve ...)
- TODO: check
+ NOT-FOR-US: SkyBridge
CVE-2023-22441 (Missing authentication for critical function exists in Seiko Solutions ...)
- TODO: check
+ NOT-FOR-US: Seiko
CVE-2023-22361 (Improper privilege management vulnerability in SkyBridge MB-A100/110 f ...)
- TODO: check
+ NOT-FOR-US: SkyBridge
CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquote ...)
NOT-FOR-US: WAB-MAT
CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro W ...)
@@ -9539,11 +9539,11 @@ CVE-2023-28320
CVE-2023-28319
RESERVED
CVE-2023-28318 (A vulnerability has been discovered in Rocket.Chat, where messages can ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2023-28317 (A vulnerability has been discovered in Rocket.Chat, where editing mess ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2023-28316 (A security vulnerability has been discovered in the implementation of ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2023-28315
RESERVED
CVE-2023-28314 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
@@ -10179,13 +10179,13 @@ CVE-2023-28130
CVE-2023-28129
RESERVED
CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-28127 (A path traversal vulnerability exists in Avalanche version 6.3.x and b ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-28126 (An authentication bypass vulnerability exists in Avalanche versions 6. ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-28125 (An improper authentication vulnerability exists in Avalanche Premise v ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-28124 (Improper usage of symmetric encryption in UI Desktop for Windows (Vers ...)
NOT-FOR-US: UI Desktop for Windows
CVE-2023-28123 (A permission misconfiguration in UI Desktop for Windows (Version 0.59. ...)
@@ -12362,7 +12362,7 @@ CVE-2023-27412
CVE-2023-27411
RESERVED
CVE-2023-27410 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-27409 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
NOT-FOR-US: Siemens
CVE-2023-27408 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
@@ -15688,7 +15688,7 @@ CVE-2023-26128
CVE-2023-26127
RESERVED
CVE-2023-26126 (All versions of the package m.static are vulnerable to Directory Trave ...)
- TODO: check
+ NOT-FOR-US: m.static
CVE-2023-26125 (Versions of the package github.com/gin-gonic/gin before 1.9.0 are vuln ...)
- golang-github-gin-gonic-gin <unfixed> (bug #1035498)
NOTE: https://github.com/gin-gonic/gin/pull/3500
@@ -16543,11 +16543,11 @@ CVE-2023-25835
CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and below are ...)
NOT-FOR-US: Esri
CVE-2023-25833 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2023-25832 (There is a cross-site-request forgery vulnerability in Esri Portal for ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2023-25831 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2023-25830 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
NOT-FOR-US: Esri
CVE-2023-25829 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
@@ -20989,7 +20989,7 @@ CVE-2023-24420
CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24417
RESERVED
CVE-2023-24416
@@ -21013,7 +21013,7 @@ CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-24407
RESERVED
CVE-2023-24406 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24405
RESERVED
CVE-2023-24404 (Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketi ...)
@@ -21041,7 +21041,7 @@ CVE-2023-24394
CVE-2023-24393
RESERVED
CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24391
RESERVED
CVE-2023-24390
@@ -22519,7 +22519,7 @@ CVE-2023-23814
CVE-2023-23813
RESERVED
CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23811
RESERVED
CVE-2023-23810
@@ -22565,13 +22565,13 @@ CVE-2023-23791
CVE-2023-23790 (Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23788 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23787
RESERVED
CVE-2023-23786 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Chr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23785 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23784 (A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7 ...)
@@ -22895,7 +22895,7 @@ CVE-2023-23703
CVE-2023-23702
RESERVED
CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23700
RESERVED
CVE-2023-23699
@@ -26274,7 +26274,7 @@ CVE-2023-22713 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22711 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidev ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22709
@@ -37257,7 +37257,7 @@ CVE-2022-4010 (The Image Hover Effects WordPress plugin before 5.5 does not sani
CVE-2022-4009 (In affected versions of Octopus Deploy it is possible for a user to in ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-4008 (In affected versions of Octopus Deploy it is possible to upload a zipb ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all versions fro ...)
- gitlab <unfixed>
CVE-2022-4006 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -43167,7 +43167,7 @@ CVE-2023-20526
CVE-2023-20525 (Insufficient syscall input validation in the ASP Bootloader may allow ...)
NOT-FOR-US: AMD
CVE-2023-20524 (An attacker with a compromised ASP could possibly send malformed comma ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20523 (TOCTOU in the ASP may allow a physical attacker to write beyond the bu ...)
NOT-FOR-US: AMD
CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker with a mali ...)
@@ -43175,7 +43175,7 @@ CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker with
CVE-2023-20521
RESERVED
CVE-2023-20520 (Improper access control settings in ASP Bootloader may allow an attack ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20519
RESERVED
CVE-2023-20518
@@ -44021,7 +44021,7 @@ CVE-2023-20100 (A vulnerability in the access point (AP) joining process of the
CVE-2023-20099
RESERVED
CVE-2023-20098 (A vulnerability in the CLI of Cisco SDWAN vManage Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20097 (A vulnerability in Cisco access points (AP) software could allow an au ...)
NOT-FOR-US: Cisco
CVE-2023-20096 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -44128,7 +44128,7 @@ CVE-2023-20048
CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...)
NOT-FOR-US: Cisco
CVE-2023-20046 (A vulnerability in the key-based SSH authentication feature of Cisco S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20045 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
CVE-2023-20044 (A vulnerability in Cisco CX Cloud Agent of could allow an authenticate ...)
@@ -50819,7 +50819,7 @@ CVE-2022-41647
CVE-2022-41643 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Acce ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41640 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41635
@@ -65019,7 +65019,7 @@ CVE-2022-36332
CVE-2022-36331
RESERVED
CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware version val ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-36329
RESERVED
CVE-2022-36328
@@ -82322,11 +82322,11 @@ CVE-2021-46796
CVE-2021-46795 (A TOCTOU (time-of-check to time-of-use) vulnerability exists where an ...)
NOT-FOR-US: AMD
CVE-2021-46794 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46793
REJECTED
CVE-2021-46792 (Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46791 (Insufficient input validation during parsing of the System Management ...)
NOT-FOR-US: AMD
CVE-2022-30227
@@ -87949,11 +87949,11 @@ CVE-2021-46777
CVE-2021-46776
RESERVED
CVE-2021-46775 (Improper input validation in ABL may enable an attacker with physical ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46774
RESERVED
CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged attacker ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46772
RESERVED
CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor (ASP) fir ...)
@@ -87961,7 +87961,7 @@ CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor (AS
CVE-2021-46770
RESERVED
CVE-2021-46769 (Insufficient syscall input validation in the ASP Bootloader may allow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46768 (Insufficient input validation in SEV firmware may allow an attacker to ...)
NOT-FOR-US: AMD
CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker with ph ...)
@@ -87969,31 +87969,31 @@ CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker w
CVE-2021-46766
RESERVED
CVE-2021-46765 (Insufficient input validation in ASP may allow an attacker with a comp ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46764 (Improper validation of DRAM addresses in SMU may allow an attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46763 (Insufficient input validation in the SMU may enable a privileged attac ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46762 (Insufficient input validation in the SMU may allow an attacker to corr ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46761
REJECTED
CVE-2021-46760 (A malicious or compromised UApp or ABL can send a malformed system cal ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46759 (Improper syscall input validation in AMD TEE (Trusted Execution Enviro ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46758
RESERVED
CVE-2021-46757
RESERVED
CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AM ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46755 (Failure to unmap certain SysHub mappings in error paths of the ASP (AM ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46754 (Insufficient input validation in the ASP (AMD Secure Processor) bootlo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46753 (Failure to validate the length fields of the ASP (AMD Secure Processor ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46752
RESERVED
CVE-2021-46751
@@ -88001,7 +88001,7 @@ CVE-2021-46751
CVE-2021-46750
RESERVED
CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46748
RESERVED
CVE-2021-46747
@@ -102082,7 +102082,7 @@ CVE-2022-23820
CVE-2022-23819
RESERVED
CVE-2022-23818 (Insufficient input validation on the model specific register: VM_HSAVE ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2022-23817
RESERVED
CVE-2022-23816
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de8f6ff03d90b83f0a3d0140f2d7eed8e2c206da
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de8f6ff03d90b83f0a3d0140f2d7eed8e2c206da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230510/db93db0e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list