Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e114ac9 by security tracker role at 2025-09-06T20:12:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2025-58446 (xgrammar is an open-source library for efficient, flexible,
and portab ...)
+ TODO: check
+CVE-2025-58445 (Atlantis is a self-hosted golang application that listens for
Terrafor ...)
+ TODO: check
+CVE-2025-58443 (FOG is a free open-source cloning/imaging/rescue
suite/inventory manag ...)
+ TODO: check
+CVE-2025-58438 (internetarchive is a Python and Command-Line Interface to
Archive.org ...)
+ TODO: check
+CVE-2025-10034 (A vulnerability was found in D-Link DIR-825 1.08.01. This
impacts the ...)
+ TODO: check
+CVE-2025-10033 (A vulnerability has been found in itsourcecode Online
Discussion Forum ...)
+ TODO: check
+CVE-2025-10032 (A vulnerability was detected in Campcodes Grocery Sales and
Inventory ...)
+ TODO: check
+CVE-2025-10031 (A security vulnerability has been detected in Campcodes
Grocery Sales ...)
+ TODO: check
+CVE-2025-10030 (A weakness has been identified in Campcodes Grocery Sales and
Inventor ...)
+ TODO: check
+CVE-2025-10029 (A security flaw has been discovered in itsourcecode POS Point
of Sale ...)
+ TODO: check
+CVE-2025-0034 (Insufficient parameter sanitization in TEE SOC Driver could
allow an a ...)
+ TODO: check
+CVE-2025-0032 (Improper cleanup in AMD CPU microcode patch loading could allow
an att ...)
+ TODO: check
+CVE-2025-0011 (Improper removal of sensitive information before storage or
transfer i ...)
+ TODO: check
+CVE-2025-0010 (An out of bounds write in the Linux graphics driver could allow
an att ...)
+ TODO: check
+CVE-2025-0009 (A NULL pointer dereference in AMD Crash Defender could allow an
attack ...)
+ TODO: check
+CVE-2024-36354 (Improper input validation for DIMM serial presence detect
(SPD) metada ...)
+ TODO: check
+CVE-2024-36352 (Improper input validation in the AMD Graphics Driver could
allow an at ...)
+ TODO: check
+CVE-2024-36346 (Improper input validation in AMD Power Management Firmware
(PMFW) coul ...)
+ TODO: check
+CVE-2024-36342 (Improper input validation in the GPU driver could allow an
attacker to ...)
+ TODO: check
+CVE-2024-36326 (Missing authorization in AMD RomArmor could allow an attacker
to bypas ...)
+ TODO: check
+CVE-2024-21970 (Improper validation of an array index in the AND power
Management Firm ...)
+ TODO: check
+CVE-2024-21947 (Improper input validation in the system management mode (SMM)
could al ...)
+ TODO: check
+CVE-2023-31365 (An integer overflow in the SMU could allow a privileged
attacker to po ...)
+ TODO: check
+CVE-2023-31351 (Improper restriction of operations in the IOMMU could allow a
maliciou ...)
+ TODO: check
+CVE-2023-31330 (An out-of-bounds read in the ASP could allow a privileged
attacker wit ...)
+ TODO: check
+CVE-2023-31326 (Use of an uninitialized variable in the ASP could allow an
attacker to ...)
+ TODO: check
+CVE-2023-31325 (Improper isolation of shared resources on System-on-a-chip
(SOC) could ...)
+ TODO: check
+CVE-2023-31322 (Type confusion in the ASP could allow an attacker to pass a
malformed ...)
+ TODO: check
+CVE-2023-31306 (Improper validation of an array index in the AMD graphics
driver softw ...)
+ TODO: check
CVE-2025-XXXX [SQL injection vulnerability in Service Provider ODBC plugin]
- shibboleth-sp <unfixed> (bug #1114506)
NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-1014
@@ -7966,7 +8024,7 @@ CVE-2025-53859 (NGINX Open Source and NGINX Plus have a
vulnerability in the ngx
NOTE: https://nginx.org/download/patch.2025.smtp.txt
CVE-2025-54472 (Unlimited memory allocation in redis protocol parser in Apache
bRPC (a ...)
- brpc <itp> (bug #1060006)
-CVE-2024-36331 [x86/sev: Evict cache lines during SNP memory validation]
+CVE-2024-36331 (Improper initialization of CPU cache memory could allow a
privileged a ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
[bookworm] - linux 6.1.148-1
@@ -260756,8 +260814,8 @@ CVE-2023-20518 (Incomplete cleanup in the ASP may
expose the Master Encryption K
NOT-FOR-US: AMD
CVE-2023-20517
RESERVED
-CVE-2023-20516
- RESERVED
+CVE-2023-20516 (Improper handling of insufficiency privileges in the ASP could
allow a ...)
+ TODO: check
CVE-2023-20515 (Improper access control in the fTPM driver in the trusted OS
could all ...)
NOT-FOR-US: AMD
CVE-2023-20514
@@ -306000,8 +306058,8 @@ CVE-2021-46752
RESERVED
CVE-2021-46751
RESERVED
-CVE-2021-46750
- RESERVED
+CVE-2021-46750 (Failure to validate the address and size in TEE (Trusted
Execution Env ...)
+ TODO: check
CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may
allow f ...)
NOT-FOR-US: AMD
CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor)
may all ...)
@@ -382171,8 +382229,8 @@ CVE-2021-26379 (Insufficient input validation of
mailbox data in the SMU may all
NOT-FOR-US: AMD
CVE-2021-26378 (Insufficient bound checks in the System Management Unit (SMU)
may resu ...)
NOT-FOR-US: AMD
-CVE-2021-26377
- RESERVED
+CVE-2021-26377 (Insufficient parameter validation while allocating process
space in th ...)
+ TODO: check
CVE-2021-26376 (Insufficient checks in System Management Unit (SMU)
FeatureConfig may ...)
NOT-FOR-US: AMD
CVE-2021-26375 (Insufficient General Purpose IO (GPIO) bounds check in System
Manageme ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e114ac9d006353a72016b1f8b106b9fbb2a458a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e114ac9d006353a72016b1f8b106b9fbb2a458a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
