[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Sep 6 21:13:06 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e114ac9 by security tracker role at 2025-09-06T20:12:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2025-58446 (xgrammar is an open-source library for efficient, flexible, and portab ...)
+	TODO: check
+CVE-2025-58445 (Atlantis is a self-hosted golang application that listens for Terrafor ...)
+	TODO: check
+CVE-2025-58443 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
+	TODO: check
+CVE-2025-58438 (internetarchive is a Python and Command-Line Interface to Archive.org  ...)
+	TODO: check
+CVE-2025-10034 (A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the  ...)
+	TODO: check
+CVE-2025-10033 (A vulnerability has been found in itsourcecode Online Discussion Forum ...)
+	TODO: check
+CVE-2025-10032 (A vulnerability was detected in Campcodes Grocery Sales and Inventory  ...)
+	TODO: check
+CVE-2025-10031 (A security vulnerability has been detected in Campcodes Grocery Sales  ...)
+	TODO: check
+CVE-2025-10030 (A weakness has been identified in Campcodes Grocery Sales and Inventor ...)
+	TODO: check
+CVE-2025-10029 (A security flaw has been discovered in itsourcecode POS Point of Sale  ...)
+	TODO: check
+CVE-2025-0034 (Insufficient parameter sanitization in TEE SOC Driver could allow an a ...)
+	TODO: check
+CVE-2025-0032 (Improper cleanup in AMD CPU microcode patch loading could allow an att ...)
+	TODO: check
+CVE-2025-0011 (Improper removal of sensitive information before storage or transfer i ...)
+	TODO: check
+CVE-2025-0010 (An out of bounds write in the Linux graphics driver could allow an att ...)
+	TODO: check
+CVE-2025-0009 (A NULL pointer dereference in AMD Crash Defender could allow an attack ...)
+	TODO: check
+CVE-2024-36354 (Improper input validation for DIMM serial presence detect (SPD) metada ...)
+	TODO: check
+CVE-2024-36352 (Improper input validation in the AMD Graphics Driver could allow an at ...)
+	TODO: check
+CVE-2024-36346 (Improper input validation in AMD Power Management Firmware (PMFW) coul ...)
+	TODO: check
+CVE-2024-36342 (Improper input validation in the GPU driver could allow an attacker to ...)
+	TODO: check
+CVE-2024-36326 (Missing authorization in AMD RomArmor could allow an attacker to bypas ...)
+	TODO: check
+CVE-2024-21970 (Improper validation of an array index in the AND power Management Firm ...)
+	TODO: check
+CVE-2024-21947 (Improper input validation in the system management mode (SMM) could al ...)
+	TODO: check
+CVE-2023-31365 (An integer overflow in the SMU could allow a privileged attacker to po ...)
+	TODO: check
+CVE-2023-31351 (Improper restriction of operations in the IOMMU could allow a maliciou ...)
+	TODO: check
+CVE-2023-31330 (An out-of-bounds read in the ASP could allow a privileged attacker wit ...)
+	TODO: check
+CVE-2023-31326 (Use of an uninitialized variable in the ASP could allow an attacker to ...)
+	TODO: check
+CVE-2023-31325 (Improper isolation of shared resources on System-on-a-chip (SOC) could ...)
+	TODO: check
+CVE-2023-31322 (Type confusion in the ASP could allow an attacker to pass a malformed  ...)
+	TODO: check
+CVE-2023-31306 (Improper validation of an array index in the AMD graphics driver softw ...)
+	TODO: check
 CVE-2025-XXXX [SQL injection vulnerability in Service Provider ODBC plugin]
 	- shibboleth-sp <unfixed> (bug #1114506)
 	NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-1014
@@ -7966,7 +8024,7 @@ CVE-2025-53859 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx
 	NOTE: https://nginx.org/download/patch.2025.smtp.txt
 CVE-2025-54472 (Unlimited memory allocation in redis protocol parser in Apache bRPC (a ...)
 	- brpc <itp> (bug #1060006)
-CVE-2024-36331 [x86/sev: Evict cache lines during SNP memory validation]
+CVE-2024-36331 (Improper initialization of CPU cache memory could allow a privileged a ...)
 	- linux 6.16.3-1
 	[trixie] - linux 6.12.43-1
 	[bookworm] - linux 6.1.148-1
@@ -260756,8 +260814,8 @@ CVE-2023-20518 (Incomplete cleanup in the ASP may expose the Master Encryption K
 	NOT-FOR-US: AMD
 CVE-2023-20517
 	RESERVED
-CVE-2023-20516
-	RESERVED
+CVE-2023-20516 (Improper handling of insufficiency privileges in the ASP could allow a ...)
+	TODO: check
 CVE-2023-20515 (Improper access control in the fTPM driver in the trusted OS could all ...)
 	NOT-FOR-US: AMD
 CVE-2023-20514
@@ -306000,8 +306058,8 @@ CVE-2021-46752
 	RESERVED
 CVE-2021-46751
 	RESERVED
-CVE-2021-46750
-	RESERVED
+CVE-2021-46750 (Failure to validate the address and size in TEE (Trusted Execution Env ...)
+	TODO: check
 CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...)
 	NOT-FOR-US: AMD
 CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) may all ...)
@@ -382171,8 +382229,8 @@ CVE-2021-26379 (Insufficient input validation of mailbox data in the SMU may all
 	NOT-FOR-US: AMD
 CVE-2021-26378 (Insufficient bound checks in the System Management Unit (SMU) may resu ...)
 	NOT-FOR-US: AMD
-CVE-2021-26377
-	RESERVED
+CVE-2021-26377 (Insufficient parameter validation while allocating process space in th ...)
+	TODO: check
 CVE-2021-26376 (Insufficient checks in System Management Unit (SMU) FeatureConfig may  ...)
 	NOT-FOR-US: AMD
 CVE-2021-26375 (Insufficient General Purpose IO (GPIO) bounds check in System Manageme ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e114ac9d006353a72016b1f8b106b9fbb2a458a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e114ac9d006353a72016b1f8b106b9fbb2a458a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250906/cff858ee/attachment.htm>

More information about the debian-security-tracker-commits mailing list