Process some NFUs

author: Salvatore Bonaccorso <carnil@debian.org> 2021-02-27 11:08:51 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-02-27 11:08:51 +0100
commit: 098d39a8b67eb3dec0bd0075bd37dcb6b3f1ce10 (patch)
tree: 29e76f2e77a256e800e5f9934f1c45d19efae69c /data/CVE
parent: 8b9cf6d22c6013edb1c4fbc325cab58fe2e3fba3 (diff)
2 files changed, 19 insertions, 19 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index ffdd56dddb..d8a976c9f7 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,15 +1,15 @@
 CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Ktor
 CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...)
 	NOT-FOR-US: OpenRepeater (ORP)
 CVE-2019-25023 (An issue was discovered in Scytl sVote 2.1. Because the IP address fro ...)
-	TODO: check
+	NOT-FOR-US: Scytl sVote
 CVE-2019-25022 (An issue was discovered in Scytl sVote 2.1. An attacker can inject cod ...)
-	TODO: check
+	NOT-FOR-US: Scytl sVote
 CVE-2019-25021 (An issue was discovered in Scytl sVote 2.1. Due to the implementation  ...)
-	TODO: check
+	NOT-FOR-US: Scytl sVote
 CVE-2019-25020 (An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest AP ...)
-	TODO: check
+	NOT-FOR-US: Scytl sVote
 CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant m ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2019-XXXX [zstd adds read permissions to files while being compressed or uncompressed]
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 7668bc468c..fe722aba89 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1272,7 +1272,7 @@ CVE-2021-27200
 CVE-2021-27199
 	RESERVED
 CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server through 11.0 ...)
-	TODO: check
+	NOT-FOR-US: Visualware MyConnection Server
 CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...)
 	NOT-FOR-US: Pelco Digital Sentry Server
 CVE-2021-27196
@@ -1409,7 +1409,7 @@ CVE-2021-27134
 CVE-2021-27133
 	RESERVED
 CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for H ...)
-	TODO: check
+	NOT-FOR-US: SerComm AG Combo VD625 AGSOT_2.1.0 devices
 CVE-2021-27131
 	RESERVED
 CVE-2021-27130
@@ -1930,9 +1930,9 @@ CVE-2021-3402
 CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...)
 	NOT-FOR-US: 1Password SCIM Bridge
 CVE-2021-26904 (LMA ISIDA Retriever 5.2 allows SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: LMA ISIDA Retriever
 CVE-2021-26903 (LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. ...)
-	TODO: check
+	NOT-FOR-US: LMA ISIDA Retriever
 CVE-2021-26902
 	RESERVED
 CVE-2021-26901
@@ -2683,21 +2683,21 @@ CVE-2021-26569
 CVE-2021-26568
 	RESERVED
 CVE-2021-26567 (Use of unmaintained third party components vulnerability in faad in Sy ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26566 (Insertion of sensitive information into sent data vulnerability in syn ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability in synor ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability in synor ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26563 (Improper access control vulnerability in synoagentregisterd in Synolog ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in Synology Di ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26561 (Stack-based buffer overflow vulnerability in synoagentregisterd in Syn ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26560 (Cleartext transmission of sensitive information vulnerability in synoa ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stable API  ...)
 	- airflow <itp> (bug #819700)
 CVE-2021-26558
@@ -5996,7 +5996,7 @@ CVE-2021-3153
 CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...)
 	NOT-FOR-US: Home Assistant
 CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: i-doit
 CVE-2021-3150
 	RESERVED
 CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...)
@@ -11309,7 +11309,7 @@ CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validatio
 CVE-2021-22662
 	RESERVED
 CVE-2021-22661 (Changing the password on the module webpage does not require the user  ...)
-	TODO: check
+	NOT-FOR-US: ProSoft Technology
 CVE-2021-22660
 	RESERVED
 CVE-2021-22659
author	Salvatore Bonaccorso <carnil@debian.org>	2021-02-27 11:08:51 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-02-27 11:08:51 +0100
commit	098d39a8b67eb3dec0bd0075bd37dcb6b3f1ce10 (patch)
tree	29e76f2e77a256e800e5f9934f1c45d19efae69c /data/CVE
parent	8b9cf6d22c6013edb1c4fbc325cab58fe2e3fba3 (diff)