[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Jan 9 20:37:27 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a5b518fb by Salvatore Bonaccorso at 2024-01-09T21:36:42+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,148 +1,148 @@
 CVE-2024-22370 (In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2024-22368 (The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter  ...)
 	- libspreadsheet-parsexlsx-perl 0.29-1
 	NOTE: https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
 	NOTE: Fixed by: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/39b25b91fcb939a9c8ea807fdc80386c1ae5be0c (0.28)
 	NOTE: Minor rewrite followup: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/47ff82d74fbd014b8ec3cab80fa4fd25db9e8242
 CVE-2024-22165 (In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attac ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise Security (ES)
 CVE-2024-22164 (In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker c ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise Security (ES)
 CVE-2024-21668 (react-native-mmkv is a library that allows easy use of MMKV inside Rea ...)
 	TODO: check
 CVE-2024-21664 (jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, othe ...)
 	TODO: check
 CVE-2024-21325 (Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution V ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21320 (Windows Themes Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21319 (Microsoft Identity Denial of service vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21318 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21316 (Windows Server Key Distribution Service Security Feature Bypass)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21314 (Microsoft Message Queuing Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21313 (Windows TCP/IP Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21312 (.NET Framework Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21311 (Windows Cryptographic Services Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21310 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21309 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21307 (Remote Desktop Client Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21306 (Microsoft Bluetooth Driver Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21305 (Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vul ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20700 (Windows Hyper-V Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20699 (Windows Hyper-V Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20698 (Windows Kernel Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20697 (Windows Libarchive Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20696 (Windows Libarchive Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20694 (Windows CoreMessaging Information Disclosure  Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20692 (Microsoft Local Security Authority Subsystem Service Information Discl ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20691 (Windows Themes Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20690 (Windows Nearby Sharing Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20687 (Microsoft AllJoyn API Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20686 (Win32k Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20683 (Win32k Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20682 (Windows Cryptographic Services Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20681 (Windows Subsystem for Linux Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20680 (Windows Message Queuing Client (MSMQC) Information Disclosure)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20677 (<p>A security vulnerability exists in FBX that could lead to remote co ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20676 (Azure Storage Mover Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20674 (Windows Kerberos Security Feature Bypass Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20672 (.NET Core and Visual Studio Denial of Service Vulnerability)
 	TODO: check
 CVE-2024-20666 (BitLocker Security Feature Bypass Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20664 (Microsoft Message Queuing Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20663 (Windows Message Queuing Client (MSMQC) Information Disclosure)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20662 (Windows Online Certificate Status Protocol (OCSP) Information Disclosu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20661 (Microsoft Message Queuing Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20660 (Microsoft Message Queuing Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20658 (Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20657 (Windows Group Policy Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20656 (Visual Studio Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20655 (Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20654 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20653 (Microsoft Common Log File System Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-20652 (Windows HTML Platforms Security Feature Bypass Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-0343 (A vulnerability classified as problematic was found in CodeAstro Simpl ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro Simple House Rental System
 CVE-2024-0342 (A vulnerability classified as critical has been found in Inis up to 2. ...)
-	TODO: check
+	NOT-FOR-US: Inis
 CVE-2024-0341 (A vulnerability was found in Inis up to 2.0.1. It has been rated as pr ...)
-	TODO: check
+	NOT-FOR-US: Inis
 CVE-2024-0340 (A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in ...)
 	TODO: check
 CVE-2024-0228
 	REJECTED
 CVE-2024-0226 (Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored ...)
-	TODO: check
+	NOT-FOR-US: Synopsys
 CVE-2024-0213 (A buffer overflow vulnerability in TA for Linux and TA for MacOS prior ...)
 	TODO: check
 CVE-2024-0206 (A symbolic link manipulation vulnerability in Trellix Anti-Malware Eng ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2024-0057 (NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnera ...)
 	TODO: check
 CVE-2024-0056 (Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider S ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-7223 (A vulnerability classified as problematic has been found in Totolink T ...)
-	TODO: check
+	NOT-FOR-US: Totolink
 CVE-2023-7222 (A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It  ...)
-	TODO: check
+	NOT-FOR-US: Totolink
 CVE-2023-7221 (A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It ha ...)
-	TODO: check
+	NOT-FOR-US: Totolink
 CVE-2023-7032 (A CWE-502: Deserialization of untrusted data vulnerability exists that ...)
-	TODO: check
+	NOT-FOR-US: Schneider-Electric
 CVE-2023-6149 (Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 wa ...)
-	TODO: check
+	NOT-FOR-US: Qualys Jenkins Plugin
 CVE-2023-6148 (Qualys Jenkins Plugin for Policy Compliance prior to version and inclu ...)
-	TODO: check
+	NOT-FOR-US: Qualys Jenkins Plugin
 CVE-2023-6147 (Qualys Jenkins Plugin for Policy Compliance prior to version and inclu ...)
-	TODO: check
+	NOT-FOR-US: Qualys Jenkins Plugin
 CVE-2023-5376 (An Improper Authentication vulnerability in Korenix JetNet TFTP allows ...)
-	TODO: check
+	NOT-FOR-US: Korenix JetNet TFTP
 CVE-2023-5347 (An Improper Verification of Cryptographic Signature vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: Korenix JetNet Series
 CVE-2023-51746 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...)
 	TODO: check
 CVE-2023-51745 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5b518fbfe1c693cdb4ed6841b1732af1933c84d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5b518fbfe1c693cdb4ed6841b1732af1933c84d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240109/3e09ae52/attachment.htm>
