Process some NFUs

author: Salvatore Bonaccorso <carnil@debian.org> 2021-02-16 21:28:48 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-02-16 21:28:48 +0100
commit: 76ad741f29a00c7b7b730a22e94d17fc22588418 (patch)
tree: cf14c1cecb1dbe7f8c7d917e73576f13244c9ae9 /data/CVE/2020.list
parent: 34a6a5274c7df3581842ef7a8ed8103b46462eea (diff)
1 files changed, 57 insertions, 57 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 9338c99a91..0d83f025bf 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1594,33 +1594,33 @@ CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause
 	[buster] - postsrsd 1.5-2+deb10u1
 	NOTE: https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac (1.10)
 CVE-2020-35570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35567 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35566 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35565 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35564 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35563 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35562
 	RESERVED
 CVE-2020-35561 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35560 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35559 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35558 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35557 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT
 CVE-2020-35556
 	RESERVED
 CVE-2020-35555 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
@@ -4232,17 +4232,17 @@ CVE-2020-29029
 CVE-2020-29028
 	RESERVED
 CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...)
-	TODO: check
+	NOT-FOR-US: Secomea
 CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...)
 	NOT-FOR-US: GateManager
 CVE-2020-29025 (A vulnerability in SiteManager-Embedded (SM-E) Web server which may al ...)
-	TODO: check
+	NOT-FOR-US: Secomea
 CVE-2020-29024 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Secomea
 CVE-2020-29023 (Improper Encoding or Escaping of Output from CSV Report Generator of S ...)
-	TODO: check
+	NOT-FOR-US: Secomea
 CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManager Web ...)
-	TODO: check
+	NOT-FOR-US: Secomea
 CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...)
 	NOT-FOR-US: GateManager
 CVE-2020-29020
@@ -12578,7 +12578,7 @@ CVE-2020-25495 (A reflected Cross-site scripting (XSS) vulnerability in Xinuo (f
 CVE-2020-25494 (Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute ...)
 	NOT-FOR-US: Xinuo SCO Openserver
 CVE-2020-25493 (Oclean Mobile Application 2.1.2 communicates with an external website  ...)
-	TODO: check
+	NOT-FOR-US: Oclean Mobile Application
 CVE-2020-25492
 	RESERVED
 CVE-2020-25491
@@ -14008,7 +14008,7 @@ CVE-2020-24843
 CVE-2020-24842 (PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can e ...)
 	NOT-FOR-US: PNPSCADA
 CVE-2020-24841 (PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in ...)
-	TODO: check
+	NOT-FOR-US: PNPSCADA
 CVE-2020-24840
 	RESERVED
 CVE-2020-24839
@@ -26450,13 +26450,13 @@ CVE-2020-18718
 CVE-2020-18717 (SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execut ...)
 	NOT-FOR-US: ZZZCMS
 CVE-2020-18716 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...)
-	TODO: check
+	NOT-FOR-US: Rockoa
 CVE-2020-18715
 	REJECTED
 CVE-2020-18714 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...)
-	TODO: check
+	NOT-FOR-US: Rockoa
 CVE-2020-18713 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...)
-	TODO: check
+	NOT-FOR-US: Rockoa
 CVE-2020-18712
 	RESERVED
 CVE-2020-18711
@@ -27452,7 +27452,7 @@ CVE-2020-18217
 CVE-2020-18216
 	RESERVED
 CVE-2020-18215 (Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.p ...)
-	TODO: check
+	NOT-FOR-US: PHPSHE
 CVE-2020-18214
 	RESERVED
 CVE-2020-18213
@@ -29084,43 +29084,43 @@ CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and o
 	NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
 	NOTE: Adressed upstream in 2.1.3 release
 CVE-2020-17436 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17435 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17434 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17433 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17432 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17431 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17430 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17429 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17428 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17427 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17426 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17425 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17424 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17423 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17422 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17421 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17420 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17419 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17418 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2020-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -30727,7 +30727,7 @@ CVE-2020-16631
 CVE-2020-16630
 	RESERVED
 CVE-2020-16629 (PhpOK 5.4.137 contains a SQL injection vulnerability that can inject a ...)
-	TODO: check
+	NOT-FOR-US: PhpOK
 CVE-2020-16628
 	RESERVED
 CVE-2020-16627
@@ -31709,7 +31709,7 @@ CVE-2020-16196
 CVE-2020-16195
 	RESERVED
 CVE-2020-16194 (An Insecure Direct Object Reference (IDOR) vulnerability was found in  ...)
-	TODO: check
+	NOT-FOR-US: Prestashop Opart devis
 CVE-2020-16193 (osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.ph ...)
 	NOT-FOR-US: osTicket
 CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because application/controllers/ ...)
@@ -38551,7 +38551,7 @@ CVE-2020-13588
 CVE-2020-13587
 	RESERVED
 CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...)
-	TODO: check
+	NOT-FOR-US: SoftMaker
 CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header processi ...)
 	TODO: check
 CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
@@ -38566,11 +38566,11 @@ CVE-2020-13583 (A denial-of-service vulnerability exists in the HTTP Server func
 CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server functional ...)
 	TODO: check
 CVE-2020-13581 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...)
-	TODO: check
+	NOT-FOR-US: SoftMaker
 CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists in the  ...)
-	TODO: check
+	NOT-FOR-US: SoftMaker
 CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the PlanMaker  ...)
-	TODO: check
+	NOT-FOR-US: SoftMaker
 CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
 	TODO: check
 CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
@@ -38640,7 +38640,7 @@ CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document c
 CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...)
 	NOT-FOR-US: Foxit
 CVE-2020-13546 (In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1 ...)
-	TODO: check
+	NOT-FOR-US: SoftMaker
 CVE-2020-13545 (An exploitable signed conversion vulnerability exists in the TextMaker ...)
 	NOT-FOR-US: SoftMaker
 CVE-2020-13544 (An exploitable sign extension vulnerability exists in the TextMaker do ...)
@@ -39660,7 +39660,7 @@ CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking. ...)
 CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...)
 	NOT-FOR-US: Mikrotik-Router-Monitoring-System
 CVE-2020-13117 (Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthent ...)
-	TODO: check
+	NOT-FOR-US: Wavlink WN575A4 and WN579X3 devices
 CVE-2020-13116 (OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an  ...)
 	NOT-FOR-US: OpenText Carbonite Server Backup Portal
 CVE-2020-13115
@@ -42721,7 +42721,7 @@ CVE-2020-11922
 CVE-2020-11921
 	RESERVED
 CVE-2020-11920 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...)
-	TODO: check
+	NOT-FOR-US: Svakom Siime Eye
 CVE-2020-11919
 	RESERVED
 CVE-2020-11918
@@ -42731,7 +42731,7 @@ CVE-2020-11917
 CVE-2020-11916
 	RESERVED
 CVE-2020-11915 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...)
-	TODO: check
+	NOT-FOR-US: Svakom Siime Eye
 CVE-2020-11914 (The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. ...)
 	NOT-FOR-US: Treck TCP/IP stack / Cisco
 CVE-2020-11913 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...)
@@ -45924,7 +45924,7 @@ CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions
 CVE-2020-10735
 	RESERVED
 CVE-2020-10734 (A vulnerability was found in keycloak in the way that the OIDC logout  ...)
-	TODO: check
+	NOT-FOR-US: Keycloak
 CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided  ...)
 	- postgresql-12 <not-affected> (Windows-specific)
 	- postgresql-11 <not-affected> (Windows-specific)
@@ -49346,7 +49346,7 @@ CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 att
 	NOTE: https://github.com/libarchive/libarchive/pull/1326
 	NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a
 CVE-2020-9307 (Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a deni ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann OS2, RSP, and RSPE devices
 CVE-2020-9306
 	RESERVED
 CVE-2020-9305
@@ -51519,7 +51519,7 @@ CVE-2020-8357
 CVE-2020-8356
 	RESERVED
 CVE-2020-8355 (An internal product security audit of Lenovo XClarity Administrator (L ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2020-8354 (A potential vulnerability in the SMI callback function used in the Var ...)
 	NOT-FOR-US: Lenovo
 CVE-2020-8353 (Prior to August 10, 2020, some Lenovo Desktop and Workstation systems  ...)
@@ -66871,7 +66871,7 @@ CVE-2020-1719
 CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak versions ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-1717 (A flaw was found in Keycloak 7.0.1. A logged in user can do an account ...)
-	TODO: check
+	NOT-FOR-US: Keycloak
 CVE-2020-1716
 	RESERVED
 	NOT-FOR-US: ceph-ansible
author	Salvatore Bonaccorso <carnil@debian.org>	2021-02-16 21:28:48 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-02-16 21:28:48 +0100
commit	76ad741f29a00c7b7b730a22e94d17fc22588418 (patch)
tree	cf14c1cecb1dbe7f8c7d917e73576f13244c9ae9 /data/CVE/2020.list
parent	34a6a5274c7df3581842ef7a8ed8103b46462eea (diff)