diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-17 14:37:42 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-17 14:37:42 +0100 |
commit | 8450267c819518220cd8f0fc149d6783c65511ac (patch) | |
tree | 64c97ac3e2ed1cdf8a7c96b7b600e09a8e3623c9 /data/CVE/2021.list | |
parent | 814dfe39fcced236ee55d47014c22efd4df74955 (diff) |
NFUs
Diffstat (limited to 'data/CVE/2021.list')
-rw-r--r-- | data/CVE/2021.list | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index f07cdda9d3..d6c51129be 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -41915,13 +41915,13 @@ CVE-2021-26340 CVE-2021-26339 RESERVED CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (SMU) m ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may cause ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26334 RESERVED CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...) @@ -41929,29 +41929,29 @@ CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform S CVE-2021-26332 RESERVED CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue where a ma ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based overflow ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26328 RESERVED CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command may lea ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26324 RESERVED CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may result in a p ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26322 (Persistent platform private key may not be protected with a random IV ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may allow a loc ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_S ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26319 RESERVED CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...) @@ -41962,7 +41962,7 @@ CVE-2021-26317 CVE-2021-26316 RESERVED CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...) NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in @@ -41975,7 +41975,7 @@ CVE-2021-26313 (Potential speculative code store bypass in all supported CPU pro NOTE: https://xenbits.xen.org/xsa/advisory-375.html NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 CVE-2021-26312 (PSP protection against improperly configured side channels may lead to ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...) NOT-FOR-US: AMD CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...) @@ -42968,7 +42968,7 @@ CVE-2021-25942 CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...) NOT-FOR-US: Node deep-override CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...) - TODO: check + - arangodb <itp> (bug #761817) CVE-2021-25939 RESERVED CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...) |