[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 3 12:49:46 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f73e5fbb by Salvatore Bonaccorso at 2026-06-03T13:49:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -93,7 +93,7 @@ CVE-2026-34993 (AIOHTTP is an asynchronous HTTP client/server framework for asyn
CVE-2026-34077 (React Router is a router for React. In versions 7.7.0 through 7.13.1, ...)
NOT-FOR-US: React Router
CVE-2026-33553 (Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 befo ...)
- TODO: check
+ NOT-FOR-US: Northern.tech CFEngine Enterprise
CVE-2026-33245 (React Router is a router for React. In versions 7.7.0 through 7.13.1, ...)
NOT-FOR-US: React Router
CVE-2026-32625 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
@@ -119,23 +119,23 @@ CVE-2026-10705 (A flaw has been found in dask up to 3.0. Affected by this issue
CVE-2026-10704 (A vulnerability was detected in SourceCodester Pizzafy E-Commerce Syst ...)
NOT-FOR-US: SourceCodester
CVE-2026-10703 (A security vulnerability has been detected in EIPStackGroup OpENer up ...)
- TODO: check
+ NOT-FOR-US: EIPStackGroup OpENer
CVE-2026-10694 (A vulnerability was detected in SourceCodester Online Food Ordering Sy ...)
NOT-FOR-US: SourceCodester
CVE-2026-10693 (A security vulnerability has been detected in SourceCodester Online Bo ...)
NOT-FOR-US: SourceCodester
CVE-2026-10692 (A weakness has been identified in johnhuang316 code-index-mcp up to 2. ...)
- TODO: check
+ NOT-FOR-US: johnhuang316 code-index-mcp
CVE-2026-10691 (A security flaw has been discovered in wonderwhy-er DesktopCommanderMC ...)
- TODO: check
+ NOT-FOR-US: wonderwhy-er DesktopCommanderMCP
CVE-2026-10690 (A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2 ...)
- TODO: check
+ NOT-FOR-US: wonderwhy-er DesktopCommanderMCP
CVE-2026-10688 (A vulnerability was determined in ahujasid blender-mcp up to 7636d13bd ...)
- TODO: check
+ NOT-FOR-US: ahujasid blender-mcp
CVE-2026-10662 (A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82e ...)
- TODO: check
+ NOT-FOR-US: ahujasid blender-mcp
CVE-2026-10661 (A vulnerability has been found in ahujasid blender-mcp up to 7636d13bd ...)
- TODO: check
+ NOT-FOR-US: ahujasid blender-mcp
CVE-2026-10650 (A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue ...)
TODO: check
CVE-2026-10624 (A vulnerability has been found in SourceCodester Human Resource Manage ...)
@@ -143,11 +143,11 @@ CVE-2026-10624 (A vulnerability has been found in SourceCodester Human Resource
CVE-2026-10620 (A flaw has been found in code-projects Student Admission System 1.0. A ...)
NOT-FOR-US: code-projects
CVE-2026-10619 (A vulnerability was detected in sayan365 student-management-system up ...)
- TODO: check
+ NOT-FOR-US: sayan365 student-management-system
CVE-2026-10617 (A security vulnerability has been detected in nextlevelbuilder GoClaw ...)
- TODO: check
+ NOT-FOR-US: nextlevelbuilder GoClaw
CVE-2026-10616 (A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3 ...)
- TODO: check
+ NOT-FOR-US: nextlevelbuilder GoClaw
CVE-2026-10608 (A security flaw has been discovered in DedeCMS 5.7.88. This affects th ...)
NOT-FOR-US: DedeCMS
CVE-2026-10607 (A vulnerability was identified in DedeCMS 5.7.88. The impacted element ...)
@@ -155,29 +155,29 @@ CVE-2026-10607 (A vulnerability was identified in DedeCMS 5.7.88. The impacted e
CVE-2026-10584 (Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when ce ...)
NOT-FOR-US: Amazon
CVE-2025-64390 (A privilege escalation vulnerability exists in PlayStation 4 firmware ...)
- TODO: check
+ NOT-FOR-US: PlayStation 4 firmware
CVE-2025-15653 (Dr\xe4ger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesi ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2024-14036 (Dr\xe4ger Core 1.0.5 and Dr\xe4ger M540 Converter Service 1.0.9 contai ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2022-4992 (Dr\xe4ger Infinity Acute Care System and Standalone Infinity M540 pati ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2021-4481 (Dr\xe4ger Protector Software prior to version 6.4.2 contains a local p ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2021-4480 (Dr\xe4ger Protector Software prior to version 6.4.2 contains a local p ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2021-4479 (Dr\xe4ger Atlan A350 software versions 1.00 through 1.01 contains an i ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2021-4478 (Dr\xe4ger CC-Vision Basic before 7.5.3 and Dr\xe4ger CC-Vision E-Cal b ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2019-25724 (Dr\xe4ger Infinity M300 patient worn monitors with software version VG ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2019-25723 (Dr\xe4ger Perseus A500 software versions 2.00 through 2.02 contains an ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2019-25722 (Dr\xe4ger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 800 ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2019-25721 (Dr\xe4ger Infinity M300 patient worn monitors with software version VG ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2026-27145 ((*x509.Certificate).VerifyHostname previously called matchHostnames in ...)
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
@@ -404,31 +404,31 @@ CVE-2026-24221 (NVIDIA NVTabular contains a vulnerability where an attacker coul
CVE-2026-1871 (TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RT ...)
NOT-FOR-US: TPLink
CVE-2026-1784 (The Route OpenShift resource allows to define routes to make pods reac ...)
- TODO: check
+ NOT-FOR-US: Red Hat OpenShift
CVE-2026-1451 (The rognone plugin for WordPress is vulnerable to Reflected Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1450 (The rognone plugin for WordPress is vulnerable to Reflected Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10629 (SIP signaling stack in Verizon IMS (unspecified version) implements SI ...)
- TODO: check
+ NOT-FOR-US: Verizon IMS
CVE-2026-10622 (Improper Authentication in REST API in Collibra Agent, allows a remote ...)
- TODO: check
+ NOT-FOR-US: Collibra Agent
CVE-2026-10621 (Path traversal in restore handler in Collibra Agent, allows an attacke ...)
- TODO: check
+ NOT-FOR-US: Collibra Agent
CVE-2026-10611 (An authentication bypass vulnerability exists in MISP when LDAP mixed ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-10606 (A vulnerability was determined in DedeCMS 5.7.88. The affected element ...)
NOT-FOR-US: DedeCMS
CVE-2026-10591 (Insufficient access control restrictions in the file write tool in Ama ...)
NOT-FOR-US: Amazon
CVE-2026-10549 (LDAP filter injection vulnerability in Yandex Database prior to 25.3.1 ...)
- TODO: check
+ NOT-FOR-US: Yandex Database
CVE-2026-10047 (The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds ...)
NOT-FOR-US: Bitdefender
CVE-2026-10046 (Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds wri ...)
NOT-FOR-US: Bitdefender
CVE-2026-0611 (Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x be ...)
- TODO: check
+ NOT-FOR-US: Spacelabs Healthcare Sentinel
CVE-2025-69369 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-68886 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -460,9 +460,9 @@ CVE-2025-52759 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-42206 (HCL iReflection Third party vulnerable and outdated components issue w ...)
NOT-FOR-US: HCL
CVE-2019-25719 (Dr\xe4ger Infinity Acute Care System and Standalone Infinity M540 pati ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2019-25717 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors contain ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2026-41115 (An improper authorization vulnerability has been identified in Apache ...)
- kafka <itp> (bug #786460)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/5
@@ -9980,7 +9980,7 @@ CVE-2025-15369 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for Wor
CVE-2025-14575 (An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS b ...)
TODO: check
CVE-2024-36343 (Improper input validation in the System Management Mode (SMM) communic ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-7345 (Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6 ...)
NOT-FOR-US: Ledger
CVE-2026-29518 (Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TO ...)
@@ -11303,77 +11303,77 @@ CVE-2026-24662 (Cross-site scripting vulnerability exists in Musetheque V4 Infor
CVE-2026-24000 (Fleet is open source device management software. Prior to version 4.80 ...)
NOT-FOR-US: Fleet
CVE-2026-0481 (Unrestricted IP address binding in the AMD Device Metrics Exporter (RO ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-0438 (A System Management Mode (SMM) handler could perform a callout to code ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-0432 (Incorrect default permissions in the installation directory for the AM ...)
NOT-FOR-US: AMD
CVE-2026-0428 (Insufficient parameter sanitization in TEE SOC Driver could allow an a ...)
NOT-FOR-US: AMD
CVE-2026-0427 (Improper cleanup of shared register resources in GPU firmware could al ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-66664 (Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-66660 (Insufficient parameter sanitization in TEE SOC Driver could allow an a ...)
NOT-FOR-US: AMD
CVE-2025-54517 (Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could ...)
NOT-FOR-US: AMD
CVE-2025-54511 (Improper handling of insufficient privileges in the AMD Secure Process ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-52540 (An improper input validation vulnerability within the AMD Platform Man ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-52532 (A race condition in the MxGPU-Virtualization driver\u2019s ioctl path ...)
NOT-FOR-US: AMD
CVE-2025-48521 (Improper input validation in the AMD Secure Processor (ASP) PCI driver ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-48520 (An improper input validation vulnerability within the AMD Platform Man ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-48519 (An improper input validation vulnerability within the AMD Platform Man ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-48516 (Insecure default configuration state of DDR5 memory module by AGESA Bo ...)
NOT-FOR-US: AMD
CVE-2025-48513 (Use of uninitialized resource within the AMD Platform Management Frame ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-48512 (Incorrect default permissions in the installation directory for the AM ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29944 (A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver ca ...)
NOT-FOR-US: AMD
CVE-2025-29938 (An unchecked return value within the AMD Platform Management Framework ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29937 (An out of bounds read within the AMD Platform Management Framework (PM ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29936 (Improper input validation within the AMD Platform Management Framework ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29935 (An out of bounds write within the AMD Platform Management Framework (P ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0045 (Improper Input validation in the AMD Secure Processor (ASP) PCI driver ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0044 (An out-of-bounds read in power management firmware by a malicious loca ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0040 (Improper access control between the Joint Test Action Group (JTAG) and ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0028 (An unchecked return value within the AMD Platform Management Framework ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36345 (Improper input validation in the AMD OverDrive (AOD) System Management ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36334 (Improper verification of cryptographic signature in the Radeon RGB too ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36333 (A DLL hijacking vulnerability in the AMD Cleanup Utility could allow a ...)
NOT-FOR-US: AMD
CVE-2024-36332 (Improper isolation of GPU HW register space could allow a privileged a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36323 (Improper isolation of VCN-JPEG HW register space could allow a malicio ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21962 (Improper Input Validation in the AMD RAID driver could allow an attack ...)
NOT-FOR-US: AMD
CVE-2024-21950 (An out of bounds read in the remote management firmware could allow a ...)
NOT-FOR-US: AMD
CVE-2023-31317 (Improper restriction of operations within the bounds of a memory buffe ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-31316 (Improperly preserved integrity of hardware configuration state during ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-31309 (Improper validation in Power Management Firmware (PMFW) may allow an a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-44068 (Incomplete sanitization of extended attribute (EA) path components in ...)
{DSA-6280-1}
- netatalk 4.4.3~ds-1 (bug #1137121)
@@ -13474,7 +13474,7 @@ CVE-2025-62623 (A heap-based buffer overflow in the ionic cloud driver for VMwar
CVE-2025-61972 (Missing lock bit protection for NBIO registers could allow a local adm ...)
NOT-FOR-US: AMD
CVE-2025-61971 (Missing lock bit protection for NBIO registers could allow a local adm ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-15463 (The The Advanced Custom Fields: Extended plugin for WordPress is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14755 (The Cost Calculator Builder plugin for WordPress is vulnerable to Unau ...)
@@ -14208,7 +14208,7 @@ CVE-2026-31223 (The snorkel library thru v0.10.0 contains a critical insecure de
CVE-2026-31222 (The snorkel library thru v0.10.0 contains an insecure deserialization ...)
NOT-FOR-US: snorkel
CVE-2026-31221 (PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deser ...)
- TODO: check
+ NOT-FOR-US: PyTorch-Lightning
CVE-2026-31220 (PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerabl ...)
NOT-FOR-US: PySyft (Syft Datasite/Server)
CVE-2026-31219 (The _load_model() function in the neural_magic_training.py script of t ...)
@@ -14364,7 +14364,7 @@ CVE-2025-35979 (Exposure of sensitive information caused by shared microarchitec
CVE-2025-35969 (Uncontrolled search path for some Intel(R) Server Firmware Update Util ...)
NOT-FOR-US: Intel
CVE-2025-27723 (Use after free for some Linux kernel driver for the Intel(R) Ethernet ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-12659 (The affected applications contains a memory corruption vulnerability w ...)
NOT-FOR-US: Siemens
CVE-2024-54017 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
@@ -55816,7 +55816,7 @@ CVE-2025-14040 (The Automotive Car Dealership Business WordPress Theme for WordP
CVE-2025-12981 (The Listee theme for WordPress is vulnerable to privilege escalation i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31364 (Improper handling of direct memory writes in the input-output memory m ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-71264 (Mumble before 1.6.870 is prone to an out-of-bounds array access, which ...)
- mumble 1.5.735-7 (bug #1129178)
[trixie] - mumble 1.5.735-5+deb13u1
@@ -62309,7 +62309,7 @@ CVE-2024-36319 (Debug code left active in AMD's Video Decoder Engine Firmware (V
CVE-2023-31323 (Type confusion in the AMD Secure Processor (ASP) could allow an attack ...)
NOT-FOR-US: AMD
CVE-2023-31313 (An unintended proxy or intermediary in the AMD power management firmwa ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2019-25348
REJECTED
CVE-2019-25347 (thesystem App 1.0 contains a SQL injection vulnerability that allows a ...)
@@ -63106,11 +63106,11 @@ CVE-2024-56807 (An out-of-bounds read vulnerability has been reported to affect
CVE-2024-50618 (A Use of Single-factor Authentication vulnerability in the Authenticat ...)
NOT-FOR-US: CIPPlanner CIPAce
CVE-2024-36324 (Improper input validation in AMD Graphics Driver could allow an attack ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36320 (Integer Overflow within atihdwt6.sys can allow a local attacker to cau ...)
NOT-FOR-US: AMD
CVE-2024-36316 (The integer overflow vulnerability within AMD Graphics driver could al ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-26480 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...)
NOT-FOR-US: Statping-ng
CVE-2024-26479 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...)
@@ -63120,7 +63120,7 @@ CVE-2024-26478 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain se
CVE-2024-26477 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...)
NOT-FOR-US: Statping-ng
CVE-2023-31324 (A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2019-25317 (Kimai 2 contains a persistent cross-site scripting vulnerability that ...)
NOT-FOR-US: Kimai
CVE-2019-25316 (GOautodial 4.0 contains a persistent cross-site scripting vulnerabilit ...)
@@ -63684,7 +63684,7 @@ CVE-2025-30513 (Race condition for some TDX Module within Ring 0: Hypervisor may
CVE-2025-30508 (Improper authorization in the Intel(R) Quick Assist Technology for som ...)
NOT-FOR-US: Intel
CVE-2025-29952 (Improper Initialization within the AMD Secure Encrypted Virtualization ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29951 (A buffer overflow in the AMD Secure Processor (ASP) bootloader could a ...)
NOT-FOR-US: AMD
CVE-2025-29950 (Improper input validation in system management mode (SMM) could allow ...)
@@ -63692,11 +63692,11 @@ CVE-2025-29950 (Improper input validation in system management mode (SMM) could
CVE-2025-29949 (Insufficient input parameter sanitization in AMD Secure Processor (ASP ...)
NOT-FOR-US: AMD
CVE-2025-29948 (Improper access control in AMD Secure Encrypted Virtualization (SEV) f ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29946 (Insufficient or Incomplete Data Removal in Hardware Component in SEV f ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29939 (Improper access control in secure encrypted virtualization (SEV) could ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-27940 (Out-of-bounds read for some TDX Module before version tdx1.5 within Ri ...)
NOT-FOR-US: Intel
CVE-2025-27708 (Out-of-bounds read in the firmware for some Intel(R) Converged Securit ...)
@@ -63749,11 +63749,11 @@ CVE-2025-11242 (Server-Side Request Forgery (SSRF) vulnerability in Teknolist Co
CVE-2025-11004 (The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scr ...)
NOT-FOR-US: Silicon Labs
CVE-2025-0031 (A use after free in the SEV firmware could allow a malicous hypervisor ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0029 (Improper handling of error condition during host-induced faults can al ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0012 (Improper handling of overlap between the segmented reverse map table ( ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-54192 (An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ...)
TODO: check
CVE-2024-52334 (A vulnerability has been identified in syngo.plaza VB30E (All versions ...)
@@ -63761,11 +63761,11 @@ CVE-2024-52334 (A vulnerability has been identified in syngo.plaza VB30E (All ve
CVE-2024-36355 (Improper input validation in the SMM handler could allow an attacker w ...)
NOT-FOR-US: AMD
CVE-2024-36311 (A Time-of-check time-of-use (TOCTOU) race condition in the SMM communi ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36310 (Improper input validation in the SMM communications buffer could allow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21953 (Improper input validation in IOMMU could allow a malicious hypervisor ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-25506 (MUNGE is an authentication service for creating and validating user cr ...)
{DSA-6129-1 DLA-4477-1}
- munge 0.5.16-1.1
@@ -385271,7 +385271,7 @@ CVE-2022-3729 (A vulnerability, which was classified as critical, has been found
CVE-2022-3728 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that ...)
NOT-FOR-US: Lenovo
CVE-2023-20601 (Improper input validation within RAS TA Driver can allow a local attac ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20600
RESERVED
CVE-2023-20599 (Improper register access control in ASP may allow a privileged attacke ...)
@@ -385330,7 +385330,7 @@ CVE-2023-20587 (Improper Access Control in System Management Mode (SMM) may allo
CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122 Software Crimso ...)
NOT-FOR-US: AMD
CVE-2023-20585 (Insufficient checks of the RMP on host buffer access in IOMMU may allo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20584 (IOMMU improperly handles certain special address ranges with invalid d ...)
- amd64-microcode 3.20240820.1
[bookworm] - amd64-microcode 3.20240820.1~deb12u1
@@ -385430,7 +385430,7 @@ CVE-2023-20550
CVE-2023-20549
RESERVED
CVE-2023-20548 (A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20547
RESERVED
CVE-2023-20546
@@ -385499,7 +385499,7 @@ CVE-2023-20516 (Improper handling of insufficiency privileges in the ASP could a
CVE-2023-20515 (Improper access control in the fTPM driver in the trusted OS could all ...)
NOT-FOR-US: AMD
CVE-2023-20514 (Improper handling of parameters in the AMD Secure Processor (ASP) coul ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20513 (An insufficient bounds check in PMFW (Power Management Firmware) may a ...)
NOT-FOR-US: AMD
CVE-2023-20512 (A hardcoded AES key in PMFW may result in a privileged attacker gain ...)
@@ -430773,7 +430773,7 @@ CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may a
CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) may all ...)
NOT-FOR-US: AMD
CVE-2021-46747 (Insufficient granularity of access control in ASP (AMD Secure Processo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46746 (Lack of stack protection exploit mechanisms in ASP Secure OS Trusted E ...)
NOT-FOR-US: AMD
CVE-2021-46745
@@ -444962,7 +444962,7 @@ CVE-2022-23828
CVE-2022-23827
REJECTED
CVE-2022-23826 (A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors to predi ...)
{DSA-5184-1}
- xen 4.16.2-1
@@ -506875,7 +506875,7 @@ CVE-2021-26412 (Microsoft Exchange Server Remote Code Execution Vulnerability)
CVE-2021-26411 (Internet Explorer Memory Corruption Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-26410 (Improper syscall input validation in ASP (AMD Secure Processor) may fo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26409 (Insufficient bounds checking in SEV-ES may allow an attacker to corrup ...)
NOT-FOR-US: AMD
CVE-2021-26408 (Insufficient validation of elliptic curve points in SEV-legacy firmwar ...)
@@ -506938,9 +506938,9 @@ CVE-2021-26383 (Insufficient bounds checking in AMD TEE (Trusted Execution Envir
CVE-2021-26382 (An attacker with root account privileges can load any legitimately sig ...)
NOT-FOR-US: AMD
CVE-2021-26381 (Improper system call parameter validation in the Trusted OS may allow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26380 (A compromised Trusted OS (TOS) driver could issue a malformed call tha ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26379 (Insufficient input validation of mailbox data in the SMU may allow an ...)
NOT-FOR-US: AMD
CVE-2021-26378 (Insufficient bound checks in the System Management Unit (SMU) may resu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f73e5fbbc279035743b0b7003291ebc833ecd409
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f73e5fbbc279035743b0b7003291ebc833ecd409
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260603/69565c26/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list