[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Aug 17 09:59:56 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd59e8e6 by Salvatore Bonaccorso at 2024-08-17T10:59:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -323,9 +323,9 @@ CVE-2024-42677 (An issue in Huizhi enterprise resource management system v.1.0 a
 CVE-2024-42676 (File Upload vulnerability in Huizhi enterprise resource management sys ...)
 	NOT-FOR-US: Huizhi enterprise resource management system
 CVE-2024-42476 (In the OAuth library for nim prior to version 0.11, the Authorization  ...)
-	TODO: check
+	NOT-FOR-US: OAuth library for nim
 CVE-2024-42475 (In the OAuth library for nim prior to version 0.11, the `state` values ...)
-	TODO: check
+	NOT-FOR-US: OAuth library for nim
 CVE-2024-40705 (IBM InfoSphere Information Server could allow an authenticated user to ...)
 	NOT-FOR-US: IBM
 CVE-2024-40704 (IBM InfoSphere Information Server 11.7 could allow a privileged user t ...)
@@ -1143,29 +1143,29 @@ CVE-2024-2259 (This vulnerability exists in InstaRISPACS software due to insuffi
 CVE-2024-29995 (Windows Kerberos Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-21981 (Improper key usage control in AMD Secure Processor (ASP) may allow an  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-21757 (A unverified password change in Fortinet FortiManager versions 7.0.0 t ...)
 	NOT-FOR-US: FortiGuard
 CVE-2023-31366 (Improper input validation in AMD \u03bcProf could allow an attacker to ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31356 (Incomplete system memory cleanup in SEV firmware could allow a privile ...)
 	TODO: check
 CVE-2023-31349 (Incorrect default permissions in the AMD \u03bcProf installation direc ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31348 (A DLL hijacking vulnerability in AMD \u03bcProf could allow an attacke ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31341 (Insufficient validation of the Input Output Control (IOCTL) input buff ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31339 (Improper input validation in ARM\xae Trusted Firmware used in AMD\u201 ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31310 (Improper input validation in Power Management Firmware (PMFW) may allo ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31307 (Improper validation of array index in Power Management Firmware (PMFW) ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31305 (Generation of weak and predictable Initialization Vector (IV) in PMFW  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31304 (Improper input validation in SMU may allow an attacker with privileges ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-7715 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DN ...)
 	NOT-FOR-US: D-Link
 CVE-2024-7709 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -143063,7 +143063,7 @@ CVE-2023-20592 (Improper or unexpected behavior of the INVD instruction in some
 	NOTE: https://cachewarpattack.com/
 	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html
 CVE-2023-20591 (Improper re-initialization of IOMMU during the DRTM event may permit a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20590
 	RESERVED
 CVE-2023-20589 (An attacker with specialized hardware and physical access to an impact ...)
@@ -143088,7 +143088,7 @@ CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122 Software
 CVE-2023-20585
 	RESERVED
 CVE-2023-20584 (IOMMU improperly handles certain special address ranges with invalid d ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors may all ...)
 	NOT-FOR-US: AMD
 CVE-2023-20582
@@ -143100,7 +143100,7 @@ CVE-2023-20580
 CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may allow a  ...)
 	NOT-FOR-US: AMD
 CVE-2023-20578 (A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20577
 	NOT-FOR-US: AMD
 CVE-2023-20576
@@ -143241,7 +143241,7 @@ CVE-2023-20520 (Improper access control settings in ASP Bootloader may allow an
 CVE-2023-20519 (A Use-After-Free vulnerability in the management of an SNP guest conte ...)
 	NOT-FOR-US: AMD
 CVE-2023-20518 (Incomplete cleanup in the ASP may expose the Master Encryption Key (ME ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20517
 	RESERVED
 CVE-2023-20516
@@ -143251,15 +143251,15 @@ CVE-2023-20515
 CVE-2023-20514
 	RESERVED
 CVE-2023-20513 (An insufficient bounds check in PMFW (Power Management Firmware) may a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20512 (A hardcoded AES   key in PMFW may result in a privileged attacker gain ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20511
 	RESERVED
 CVE-2023-20510 (An insufficient DRAM address validation in PMFW may allow a privileged ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20509 (An insufficient DRAM address validation in PMFW may allow a privileged ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20508
 	RESERVED
 CVE-2023-20507
@@ -188385,7 +188385,7 @@ CVE-2021-46774 (Insufficient DRAM address validation in System Management Unit (
 CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged attacker  ...)
 	NOT-FOR-US: AMD
 CVE-2021-46772 (Insufficient input validation in the ABL may allow a privileged attack ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor (ASP) fir ...)
 	NOT-FOR-US: AMD
 CVE-2021-46770
@@ -188437,7 +188437,7 @@ CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) m
 CVE-2021-46747
 	RESERVED
 CVE-2021-46746 (Lack of stack protection exploit mechanisms in ASP Secure OS Trusted E ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46745
 	RESERVED
 CVE-2021-46744 (An attacker with access to a malicious hypervisor may be able to infer ...)
@@ -202628,11 +202628,11 @@ CVE-2022-23819
 CVE-2022-23818 (Insufficient input validation on the model specific register: VM_HSAVE ...)
 	NOT-FOR-US: AMD
 CVE-2022-23817 (Insufficient checking of memory buffer in ASP Secure OS may allow an a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2022-23816
 	REJECTED
 CVE-2022-23815 (Improper bounds checking in APCB firmware may allow an attacker to per ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2022-23814 (Failure to validate addresses provided by software to BIOS commands ma ...)
 	NOT-FOR-US: AMD
 CVE-2022-23813 (The software interfaces to ASP and SMU may not enforce the SNP memory  ...)
@@ -264560,7 +264560,7 @@ CVE-2021-26389
 CVE-2021-26388 (Improper validation of the BIOS directory may allow for searches to re ...)
 	NOT-FOR-US: AMD
 CVE-2021-26387 (Insufficient access controls in ASP kernel may allow a privileged atta ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26386 (A malicious or compromised UApp or ABL may be used by an attacker to i ...)
 	NOT-FOR-US: AMD
 CVE-2021-26385
@@ -264600,7 +264600,7 @@ CVE-2021-26369 (A malicious or compromised UApp or ABL may be used by an attacke
 CVE-2021-26368 (Insufficient check of the process type in Trusted OS (TOS) may allow a ...)
 	NOT-FOR-US: AMD
 CVE-2021-26367 (A malicious attacker in x86 can misconfigure the Trusted Memory Region ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26366 (An attacker, who gained elevated privileges via some other vulnerabili ...)
 	NOT-FOR-US: AMD
 CVE-2021-26365 (Certain size values in firmware binary headers could trigger out of bo ...)
@@ -264647,7 +264647,7 @@ CVE-2021-26346 (Failure to validate the integer operand in ASP (AMD Secure Proce
 CVE-2021-26345 (Failure to validate the value in APCB may allow a privileged attacker  ...)
 	NOT-FOR-US: AMD
 CVE-2021-26344 (An out of bounds memory write when processing the AMD PSP1 Configurati ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26343 (Insufficient validation in ASP BIOS and DRTM commands may allow malici ...)
 	NOT-FOR-US: AMD
 CVE-2021-26342 (In SEV guest VMs, the CPU may fail to flush the Translation Lookaside  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd59e8e652436b436155dfcdc61cacd126588081

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd59e8e652436b436155dfcdc61cacd126588081
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240817/c68bd831/attachment.htm>

More information about the debian-security-tracker-commits mailing list