NFUs

author: Moritz Muehlenhoff <jmm@debian.org> 2021-02-17 11:21:22 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2021-02-17 11:21:22 +0100
commit: 4e8be58a004d1e1b2eae410d91744132fe9b8e49 (patch)
tree: 63a921006f42a43475a563000b9748e730210d5a /data/CVE/2020.list
parent: f70f63207f83d706025d822625a33480b2874e87 (diff)
1 files changed, 23 insertions, 23 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 7e2fcfe731..f7e1b40e62 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -3298,7 +3298,7 @@ CVE-2020-29459
 CVE-2020-29458 (Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. ...)
 	NOT-FOR-US: Textpattern CMS
 CVE-2020-29457 (A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4. ...)
-	TODO: check
+	NOT-FOR-US: OPC UA .NET
 CVE-2020-29456 (Multiple cross-site scripting (XSS) vulnerabilities in Papermerge befo ...)
 	NOT-FOR-US: Papermerge
 CVE-2020-29455 (A cross-Site Scripting (XSS) vulnerability in this.showInvalid and thi ...)
@@ -4525,7 +4525,7 @@ CVE-2020-28920
 CVE-2020-28919
 	RESERVED
 CVE-2020-28918 (DualShield 5.9.8.0821 allows username enumeration on its login form. A ...)
-	TODO: check
+	NOT-FOR-US: DualShield
 CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...)
 	NOT-FOR-US: TYPO3 extension
 CVE-2020-28916 (hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX desc ...)
@@ -11530,15 +11530,15 @@ CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior
 CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior ...)
 	NOT-FOR-US: Qualcomm QCMAP
 CVE-2020-25857 (The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Modul ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2020-25856 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2020-25855 (The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior t ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2020-25854 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2020-25853 (The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to  ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2020-25852
 	RESERVED
 CVE-2020-25851
@@ -12887,7 +12887,7 @@ CVE-2020-25342
 CVE-2020-25341
 	RESERVED
 CVE-2020-25340 (An issue was discovered in NFStream 5.2.0. Because some allocated modu ...)
-	TODO: check
+	NOT-FOR-US: NFStream (not src:ndpi)
 CVE-2020-25339
 	RESERVED
 CVE-2020-25338
@@ -13783,7 +13783,7 @@ CVE-2020-24946
 CVE-2020-24945
 	RESERVED
 CVE-2020-24944 (picoquic (before 3rd of July 2020) allows attackers to cause a denial  ...)
-	TODO: check
+	NOT-FOR-US: picoquic
 CVE-2020-24943
 	RESERVED
 CVE-2020-24942
@@ -14014,9 +14014,9 @@ CVE-2020-24840
 CVE-2020-24839
 	RESERVED
 CVE-2020-24838 (An integer overflow has been found in the the latest version of Issuer ...)
-	TODO: check
+	NOT-FOR-US: Issuer
 CVE-2020-24837 (An integer underflow has been found in the latest version of ZCFees. T ...)
-	TODO: check
+	NOT-FOR-US: ZCFees
 CVE-2020-24836
 	RESERVED
 CVE-2020-24835
@@ -16162,7 +16162,7 @@ CVE-2020-23851
 CVE-2020-23850
 	RESERVED
 CVE-2020-23849 (Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2  ...)
-	TODO: check
+	NOT-FOR-US: jsoneditor
 CVE-2020-23848
 	RESERVED
 CVE-2020-23847
@@ -19010,7 +19010,7 @@ CVE-2020-22427 (NagiosXI 5.6.11 is affected by a remote code execution (RCE) vul
 CVE-2020-22426
 	RESERVED
 CVE-2020-22425 (Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, whe ...)
-	TODO: check
+	- centreon-web <itp> (bug #913903)
 CVE-2020-22424
 	RESERVED
 CVE-2020-22423
@@ -21513,7 +21513,7 @@ CVE-2020-21178
 CVE-2020-21177
 	RESERVED
 CVE-2020-21176 (SQL injection vulnerability in the model.increment and model.decrement ...)
-	TODO: check
+	NOT-FOR-US: ThinkJS
 CVE-2020-21175
 	RESERVED
 CVE-2020-21174
@@ -26382,7 +26382,7 @@ CVE-2020-18752
 CVE-2020-18751
 	RESERVED
 CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows local users to execute arbitra ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
 CVE-2020-18749
 	RESERVED
 CVE-2020-18748
@@ -26408,7 +26408,7 @@ CVE-2020-18739
 CVE-2020-18738
 	RESERVED
 CVE-2020-18737 (An issue was discovered in Typora 0.9.67. There is an XSS vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Typora
 CVE-2020-18736
 	RESERVED
 CVE-2020-18735
@@ -32060,9 +32060,9 @@ CVE-2020-16048
 CVE-2020-16047
 	RESERVED
 CVE-2020-16046 (Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147. ...)
-	TODO: check
+	- chromium <not-affected> (Only affects Chrome on iOS)
 CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior to 87.0.4 ...)
-	TODO: check
+	- chromium <not-affected> (Only affects Chrome on Android)
 CVE-2020-16044 (Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ...)
 	{DSA-4846-1 DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1}
 	- firefox 84.0.2-1
@@ -32838,7 +32838,7 @@ CVE-2020-15800 (A vulnerability has been identified in SCALANCE X-200 switch fam
 CVE-2020-15799 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
 	NOT-FOR-US: Siemens
 CVE-2020-15798 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
 	NOT-FOR-US: DCA Vantage Analyzer
 CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
@@ -36176,7 +36176,7 @@ CVE-2020-14420
 CVE-2020-14419
 	RESERVED
 CVE-2020-14418 (A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that al ...)
-	TODO: check
+	NOT-FOR-US: madCodeHook
 CVE-2020-14417
 	RESERVED
 CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...)
@@ -37167,7 +37167,7 @@ CVE-2020-14099
 CVE-2020-14098 (The login verification can be bypassed by using the problem that the t ...)
 	NOT-FOR-US: Xiaomi
 CVE-2020-14097 (Wrong nginx configuration, causing specific paths to be downloaded wit ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2020-14096 (Memory overflow in Xiaomi AI speaker Rom version &lt;1.59.6 can happen ...)
 	NOT-FOR-US: Xiaomi
 CVE-2020-14095 (In Xiaomi router R3600, ROM version&lt;1.0.20, a connect service suffe ...)
@@ -37665,7 +37665,7 @@ CVE-2020-13924
 CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2020-13922 (Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary ...)
-	TODO: check
+	NOT-FOR-US: Apache DolphinScheduler
 CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...)
 	NOT-FOR-US: Apache SkyWalking
 CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...)
@@ -38553,7 +38553,7 @@ CVE-2020-13587
 CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...)
 	NOT-FOR-US: SoftMaker
 CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header processi ...)
-	TODO: check
+	NOT-FOR-US: AccuSoft
 CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
 	{DSA-4797-1}
 	- webkit2gtk 2.30.3-1
author	Moritz Muehlenhoff <jmm@debian.org>	2021-02-17 11:21:22 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2021-02-17 11:21:22 +0100
commit	4e8be58a004d1e1b2eae410d91744132fe9b8e49 (patch)
tree	63a921006f42a43475a563000b9748e730210d5a /data/CVE/2020.list
parent	f70f63207f83d706025d822625a33480b2874e87 (diff)