[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 13 21:12:53 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
00a4ba72 by security tracker role at 2024-08-13T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,313 @@
+CVE-2024-7746 (Use of Default Credentials vulnerability in Tananaev Solutions Traccar ...)
+ TODO: check
+CVE-2024-7741 (A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as ...)
+ TODO: check
+CVE-2024-7740 (A vulnerability has been found in wanglongcn ltcms 1.0.20 and classifi ...)
+ TODO: check
+CVE-2024-7739 (A vulnerability, which was classified as problematic, was found in yza ...)
+ TODO: check
+CVE-2024-7738 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-7733 (A vulnerability, which was classified as problematic, was found in Fas ...)
+ TODO: check
+CVE-2024-7593 (Incorrect implementation of an authentication algorithm in Ivanti vTM ...)
+ TODO: check
+CVE-2024-7570 (Improper certificate validation in Ivanti ITSM on-prem and Neurons for ...)
+ TODO: check
+CVE-2024-7569 (An information disclosure vulnerability in Ivanti ITSM on-prem and Neu ...)
+ TODO: check
+CVE-2024-7567 (A denial-of-service vulnerability exists via the CIP/Modbus port in th ...)
+ TODO: check
+CVE-2024-7113 (If exploited, this vulnerability could cause a SuiteLink server to con ...)
+ TODO: check
+CVE-2024-6788 (A remote unauthenticated attacker can use the firmware update feature ...)
+ TODO: check
+CVE-2024-6619 (In Ocean Data Systems Dream Report, an incorrect permission vulnerabil ...)
+ TODO: check
+CVE-2024-6618 (In Ocean Data Systems Dream Report, a path traversal vulnerability cou ...)
+ TODO: check
+CVE-2024-6384 ("Hot" backup files may be downloaded by underprivileged users, if they ...)
+ TODO: check
+CVE-2024-6079 (A vulnerability exists in the Rockwell Automation Emulate3D\u2122,whic ...)
+ TODO: check
+CVE-2024-5849 (An unauthenticated remote attacker may use a reflected XSS vulnerabili ...)
+ TODO: check
+CVE-2024-43165 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-43160 (Unrestricted Upload of File with Dangerous Type vulnerability in BerqW ...)
+ TODO: check
+CVE-2024-43153 (Improper Privilege Management vulnerability in WofficeIO Woffice allow ...)
+ TODO: check
+CVE-2024-43141 (Deserialization of Untrusted Data vulnerability in Roland Barker, xnau ...)
+ TODO: check
+CVE-2024-43140 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-43138 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-43135 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-43131 (Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Col ...)
+ TODO: check
+CVE-2024-43129 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-43128 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-43121 (Improper Privilege Management vulnerability in realmag777 HUSKY allows ...)
+ TODO: check
+CVE-2024-42740 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
+ TODO: check
+CVE-2024-42739 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
+ TODO: check
+CVE-2024-42738 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
+ TODO: check
+CVE-2024-42737 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
+ TODO: check
+CVE-2024-42736 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
+ TODO: check
+CVE-2024-42368 (OpenTelemetry, also known as OTel, is a vendor-neutral open source Obs ...)
+ TODO: check
+CVE-2024-41774 (IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. ...)
+ TODO: check
+CVE-2024-41711 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Serie ...)
+ TODO: check
+CVE-2024-41623 (An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 ...)
+ TODO: check
+CVE-2024-41614 (symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in th ...)
+ TODO: check
+CVE-2024-41613 (A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allo ...)
+ TODO: check
+CVE-2024-40697 (IBM Common Licensing 9.0 does not require that users should have stron ...)
+ TODO: check
+CVE-2024-3913 (An unauthenticated remote attacker can use this vulnerability to chang ...)
+ TODO: check
+CVE-2024-39651 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-39642 (Authorization Bypass Through User-Controlled Key vulnerability in Thim ...)
+ TODO: check
+CVE-2024-38787 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-38760 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-38756 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-38752 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-38749 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-38747 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-38742 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-38724 (Cross-Site Request Forgery (CSRF), Improper Neutralization of Input Du ...)
+ TODO: check
+CVE-2024-38699 (Missing Authorization vulnerability in WP Swings Wallet System for Woo ...)
+ TODO: check
+CVE-2024-38688 (Missing Authorization vulnerability in Igor Beni\u0107 Recipe Maker Fo ...)
+ TODO: check
+CVE-2024-38502 (An unauthenticated remote attacker may use stored XSS vulnerability to ...)
+ TODO: check
+CVE-2024-38501 (An unauthenticated remote attacker may use a HTML injection vulnerabil ...)
+ TODO: check
+CVE-2024-38223 (Windows Initial Machine Configuration Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2024-38215 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2024-38214 (Windows Routing and Remote Access Service (RRAS) Information Disclosur ...)
+ TODO: check
+CVE-2024-38213 (Windows Mark of the Web Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38211 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2024-38201 (Azure Stack Hub Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38199 (Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2024-38198 (Windows Print Spooler Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38197 (Microsoft Teams for iOS Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38196 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2024-38195 (Azure CycleCloud Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38193 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ TODO: check
+CVE-2024-38191 (Kernel Streaming Service Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38189 (Microsoft Project Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38187 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38186 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38185 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38184 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38180 (Windows SmartScreen Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38178 (Scripting Engine Memory Corruption Vulnerability)
+ TODO: check
+CVE-2024-38177 (Windows App Installer Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38173 (Microsoft Outlook Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38172 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38171 (Microsoft PowerPoint Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38170 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38169 (Microsoft Office Visio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38168 (.NET and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38167 (.NET and Visual Studio Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38165 (Windows Compressed Folder Tampering Vulnerability)
+ TODO: check
+CVE-2024-38162 (Azure Connected Machine Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38161 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38160 (Windows Network Virtualization Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38159 (Windows Network Virtualization Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38158 (Azure IoT SDK Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38157 (Azure IoT SDK Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38155 (Security Center Broker Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38154 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-38153 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38152 (Windows OLE Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38151 (Windows Kernel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38150 (Windows DWM Core Library Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38148 (Windows Secure Channel Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38147 (Microsoft DWM Core Library Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38146 (Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38145 (Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38144 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2024-38143 (Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38142 (Windows Secure Kernel Mode Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38141 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ TODO: check
+CVE-2024-38140 (Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execu ...)
+ TODO: check
+CVE-2024-38138 (Windows Deployment Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38137 (Windows Resource Manager PSM Service Extension Elevation of Privilege ...)
+ TODO: check
+CVE-2024-38136 (Windows Resource Manager PSM Service Extension Elevation of Privilege ...)
+ TODO: check
+CVE-2024-38135 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2024-38134 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2024-38133 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38132 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...)
+ TODO: check
+CVE-2024-38131 (Clipboard Virtual Channel Extension Remote Code Execution Vulnerabilit ...)
+ TODO: check
+CVE-2024-38130 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-38128 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-38127 (Windows Hyper-V Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38126 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...)
+ TODO: check
+CVE-2024-38125 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2024-38123 (Windows Bluetooth Driver Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38122 (Microsoft Local Security Authority (LSA) Server Information Disclosure ...)
+ TODO: check
+CVE-2024-38121 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-38120 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-38118 (Microsoft Local Security Authority (LSA) Server Information Disclosure ...)
+ TODO: check
+CVE-2024-38117 (NTFS Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38116 (Windows IP Routing Management Snapin Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2024-38115 (Windows IP Routing Management Snapin Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2024-38114 (Windows IP Routing Management Snapin Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2024-38109 (An authenticated attacker can exploit an Server-Side Request Forgery ( ...)
+ TODO: check
+CVE-2024-38108 (Azure Stack Hub Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38107 (Windows Power Dependency Coordinator Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2024-38106 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38098 (Azure Connected Machine Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38084 (Microsoft OfficePlus Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38063 (Windows TCP/IP Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-37968 (Windows DNS Spoofing Vulnerability)
+ TODO: check
+CVE-2024-37935 (Missing Authorization vulnerability in anhvnit Woocommerce OpenPos all ...)
+ TODO: check
+CVE-2024-37287 (A flaw allowing arbitrary code execution was discovered in Kibana. An ...)
+ TODO: check
+CVE-2024-37015 (An issue was discovered in Ada Web Server 20.0. When configured to use ...)
+ TODO: check
+CVE-2024-36505 (An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 th ...)
+ TODO: check
+CVE-2024-36446 (The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 ...)
+ TODO: check
+CVE-2024-35124 (A vulnerability in the combination of the OpenBMC's FW1050.00 through ...)
+ TODO: check
+CVE-2024-2259 (This vulnerability exists in InstaRISPACS software due to insufficient ...)
+ TODO: check
+CVE-2024-29995 (Windows Kerberos Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21981 (Improper key usage control in AMD Secure Processor (ASP) may allow an ...)
+ TODO: check
+CVE-2024-21757 (A unverified password change in Fortinet FortiManager versions 7.0.0 t ...)
+ TODO: check
+CVE-2023-31366 (Improper input validation in AMD \u03bcProf could allow an attacker to ...)
+ TODO: check
+CVE-2023-31356 (Incomplete system memory cleanup in SEV firmware could allow a privile ...)
+ TODO: check
+CVE-2023-31349 (Incorrect default permissions in the AMD \u03bcProf installation direc ...)
+ TODO: check
+CVE-2023-31348 (A DLL hijacking vulnerability in AMD \u03bcProf could allow an attacke ...)
+ TODO: check
+CVE-2023-31341 (Insufficient validation of the Input Output Control (IOCTL) input buff ...)
+ TODO: check
+CVE-2023-31339 (Improper input validation in ARM\xae Trusted Firmware used in AMD\u201 ...)
+ TODO: check
+CVE-2023-31310 (Improper input validation in Power Management Firmware (PMFW) may allo ...)
+ TODO: check
+CVE-2023-31307 (Improper validation of array index in Power Management Firmware (PMFW) ...)
+ TODO: check
+CVE-2023-31305 (Generation of weak and predictable Initialization Vector (IV) in PMFW ...)
+ TODO: check
+CVE-2023-31304 (Improper input validation in SMU may allow an attacker with privileges ...)
+ TODO: check
CVE-2024-7715 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DN ...)
NOT-FOR-US: D-Link
CVE-2024-7709 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -1716,16 +2026,16 @@ CVE-2024-6472 (Certificate Validation user interface in LibreOffice allows poten
NOTE: https://github.com/LibreOffice/core/commit/2587dbff640e2443f0800f9c1a865723500de1c5 (distro/mimo/7-0)
NOTE: https://github.com/LibreOffice/core/commit/b8c9ba427e23e45ef782d6a144f4415cae3c9b13 (distro/mimo/6-2)
CVE-2024-42010 (mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insu ...)
- {DSA-5743-1}
+ {DSA-5743-2 DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE: https://github.com/roundcube/roundcubemail/commit/602d0f566eb39b6dcb739ad78323ec434a3b92ce
CVE-2024-42009 (A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1. ...)
- {DSA-5743-1}
+ {DSA-5743-2 DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE: https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
NOTE: https://github.com/roundcube/roundcubemail/commit/68af7c864a36e1941764238dac440ab0d99a8d26
CVE-2024-42008 (A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() ...)
- {DSA-5743-1}
+ {DSA-5743-2 DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE: https://github.com/roundcube/roundcubemail/commit/89c8fe9ae9318c015807fbcbf7e39555fb30885d
NOTE: Regression/follow-up: https://github.com/roundcube/roundcubemail/commit/32fed15346e5b842042e5dd1001d6878225c5367
@@ -113607,8 +113917,8 @@ CVE-2023-26213 (On Barracuda CloudGen WAN Private Edge Gateway devices before 8
NOT-FOR-US: Barracuda
CVE-2023-26212
RESERVED
-CVE-2023-26211
- RESERVED
+CVE-2023-26211 (An improper neutralization of input during web page generation ('cross ...)
+ TODO: check
CVE-2023-26210 (Multiple improper neutralization of special elements used in an os com ...)
NOT-FOR-US: Fortinet
CVE-2023-26209 (A improper restriction of excessive authentication attempts vulnerabil ...)
@@ -134820,8 +135130,8 @@ CVE-2022-45864
RESERVED
CVE-2022-45863
RESERVED
-CVE-2022-45862
- RESERVED
+CVE-2022-45862 (An insufficient session expiration vulnerability [CWE-613] vulnerabili ...)
+ TODO: check
CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in the SSL ...)
NOT-FOR-US: Fortinet
CVE-2022-45860 (A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7 ...)
@@ -141821,8 +142131,8 @@ CVE-2023-20592 (Improper or unexpected behavior of the INVD instruction in some
[buster] - amd64-microcode 3.20230719.1~deb10u1
NOTE: https://cachewarpattack.com/
NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html
-CVE-2023-20591
- RESERVED
+CVE-2023-20591 (Improper re-initialization of IOMMU during the DRTM event may permit a ...)
+ TODO: check
CVE-2023-20590
RESERVED
CVE-2023-20589 (An attacker with specialized hardware and physical access to an impact ...)
@@ -141846,8 +142156,8 @@ CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122 Software
NOT-FOR-US: AMD
CVE-2023-20585
RESERVED
-CVE-2023-20584
- RESERVED
+CVE-2023-20584 (IOMMU improperly handles certain special address ranges with invalid d ...)
+ TODO: check
CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors may all ...)
NOT-FOR-US: AMD
CVE-2023-20582
@@ -141858,8 +142168,8 @@ CVE-2023-20580
RESERVED
CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may allow a ...)
NOT-FOR-US: AMD
-CVE-2023-20578
- RESERVED
+CVE-2023-20578 (A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ...)
+ TODO: check
CVE-2023-20577
NOT-FOR-US: AMD
CVE-2023-20576
@@ -141999,8 +142309,8 @@ CVE-2023-20520 (Improper access control settings in ASP Bootloader may allow an
NOT-FOR-US: AMD
CVE-2023-20519 (A Use-After-Free vulnerability in the management of an SNP guest conte ...)
NOT-FOR-US: AMD
-CVE-2023-20518
- RESERVED
+CVE-2023-20518 (Incomplete cleanup in the ASP may expose the Master Encryption Key (ME ...)
+ TODO: check
CVE-2023-20517
RESERVED
CVE-2023-20516
@@ -142009,16 +142319,16 @@ CVE-2023-20515
RESERVED
CVE-2023-20514
RESERVED
-CVE-2023-20513
- RESERVED
-CVE-2023-20512
- RESERVED
+CVE-2023-20513 (An insufficient bounds check in PMFW (Power Management Firmware) may a ...)
+ TODO: check
+CVE-2023-20512 (A hardcoded AES key in PMFW may result in a privileged attacker gain ...)
+ TODO: check
CVE-2023-20511
RESERVED
-CVE-2023-20510
- RESERVED
-CVE-2023-20509
- RESERVED
+CVE-2023-20510 (An insufficient DRAM address validation in PMFW may allow a privileged ...)
+ TODO: check
+CVE-2023-20509 (An insufficient DRAM address validation in PMFW may allow a privileged ...)
+ TODO: check
CVE-2023-20508
RESERVED
CVE-2023-20507
@@ -187141,8 +187451,8 @@ CVE-2021-46774 (Insufficient DRAM address validation in System Management Unit (
NOT-FOR-US: AMD
CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged attacker ...)
NOT-FOR-US: AMD
-CVE-2021-46772
- RESERVED
+CVE-2021-46772 (Insufficient input validation in the ABL may allow a privileged attack ...)
+ TODO: check
CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor (ASP) fir ...)
NOT-FOR-US: AMD
CVE-2021-46770
@@ -187193,8 +187503,8 @@ CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) m
NOT-FOR-US: AMD
CVE-2021-46747
RESERVED
-CVE-2021-46746
- RESERVED
+CVE-2021-46746 (Lack of stack protection exploit mechanisms in ASP Secure OS Trusted E ...)
+ TODO: check
CVE-2021-46745
RESERVED
CVE-2021-46744 (An attacker with access to a malicious hypervisor may be able to infer ...)
@@ -189537,8 +189847,8 @@ CVE-2022-27488 (A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterp
NOT-FOR-US: FortiGuard
CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox version 4.2.0 ...)
NOT-FOR-US: Fortinet
-CVE-2022-27486
- RESERVED
+CVE-2022-27486 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
CVE-2022-27485 (A improper neutralization of special elements used in an sql command ( ...)
NOT-FOR-US: Fortinet
CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0 throug ...)
@@ -201367,12 +201677,12 @@ CVE-2022-23819
RESERVED
CVE-2022-23818 (Insufficient input validation on the model specific register: VM_HSAVE ...)
NOT-FOR-US: AMD
-CVE-2022-23817
- RESERVED
+CVE-2022-23817 (Insufficient checking of memory buffer in ASP Secure OS may allow an a ...)
+ TODO: check
CVE-2022-23816
REJECTED
-CVE-2022-23815
- RESERVED
+CVE-2022-23815 (Improper bounds checking in APCB firmware may allow an attacker to per ...)
+ TODO: check
CVE-2022-23814 (Failure to validate addresses provided by software to BIOS commands ma ...)
NOT-FOR-US: AMD
CVE-2022-23813 (The software interfaces to ASP and SMU may not enforce the SNP memory ...)
@@ -263299,8 +263609,8 @@ CVE-2021-26389
RESERVED
CVE-2021-26388 (Improper validation of the BIOS directory may allow for searches to re ...)
NOT-FOR-US: AMD
-CVE-2021-26387
- RESERVED
+CVE-2021-26387 (Insufficient access controls in ASP kernel may allow a privileged atta ...)
+ TODO: check
CVE-2021-26386 (A malicious or compromised UApp or ABL may be used by an attacker to i ...)
NOT-FOR-US: AMD
CVE-2021-26385
@@ -263339,8 +263649,8 @@ CVE-2021-26369 (A malicious or compromised UApp or ABL may be used by an attacke
NOT-FOR-US: AMD
CVE-2021-26368 (Insufficient check of the process type in Trusted OS (TOS) may allow a ...)
NOT-FOR-US: AMD
-CVE-2021-26367
- RESERVED
+CVE-2021-26367 (A malicious attacker in x86 can misconfigure the Trusted Memory Region ...)
+ TODO: check
CVE-2021-26366 (An attacker, who gained elevated privileges via some other vulnerabili ...)
NOT-FOR-US: AMD
CVE-2021-26365 (Certain size values in firmware binary headers could trigger out of bo ...)
@@ -263386,8 +263696,8 @@ CVE-2021-26346 (Failure to validate the integer operand in ASP (AMD Secure Proce
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031
CVE-2021-26345 (Failure to validate the value in APCB may allow a privileged attacker ...)
NOT-FOR-US: AMD
-CVE-2021-26344
- RESERVED
+CVE-2021-26344 (An out of bounds memory write when processing the AMD PSP1 Configurati ...)
+ TODO: check
CVE-2021-26343 (Insufficient validation in ASP BIOS and DRTM commands may allow malici ...)
NOT-FOR-US: AMD
CVE-2021-26342 (In SEV guest VMs, the CPU may fail to flush the Translation Lookaside ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00a4ba725c779e84e1f3baf5bc967f491b96090c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00a4ba725c779e84e1f3baf5bc967f491b96090c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240813/95fea8e7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list