Process some NFUs

author: Salvatore Bonaccorso <carnil@debian.org> 2021-02-19 09:24:28 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-02-19 09:24:28 +0100
commit: 90e46e963be30295cbecc177ed7f10f18043209c (patch)
tree: dda944f5d4ee2a7b4fc674fe8679c12a19dbb9a9 /data/CVE
parent: 8572a1da794ab41301effc366d1a202dfe553fac (diff)
3 files changed, 12 insertions, 12 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 2f4231fb3d..1706cfa17f 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,5 +1,5 @@
 CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...)
-	TODO: check
+	NOT-FOR-US: OpenRepeater (ORP)
 CVE-2019-25023
 	RESERVED
 CVE-2019-25022
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index bd05219c7b..52bf9cd149 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -9,9 +9,9 @@ CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not prop
 CVE-2020-36248 (The ownCloud application before 2.15 for Android allows attackers to u ...)
 	TODO: check
 CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. ...)
-	TODO: check
+	NOT-FOR-US: Open OnDemand
 CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain root privil ...)
-	TODO: check
+	NOT-FOR-US: Amaze File Manager
 CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbitrary  ...)
 	NOT-FOR-US: GramAddict
 CVE-2020-36244 (The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has  ...)
@@ -1559,9 +1559,9 @@ CVE-2020-35594
 CVE-2020-35593
 	RESERVED
 CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the a ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application d ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin bef ...)
 	NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
 CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress a ...)
@@ -2752,7 +2752,7 @@ CVE-2020-29666 (In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a direc
 CVE-2020-29665
 	RESERVED
 CVE-2020-29664 (A command injection issue in dji_sys in DJI Mavic 2 Remote Controller  ...)
-	TODO: check
+	NOT-FOR-US: DJI Mavic 2 Remote Controller firmware
 CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked ...)
 	- icinga2 2.12.3-1
 	[buster] - icinga2 <no-dsa> (Minor issue)
@@ -24860,7 +24860,7 @@ CVE-2020-19515
 CVE-2020-19514
 	RESERVED
 CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows atta ...)
-	TODO: check
+	NOT-FOR-US: FinalWire Ltd AIDA64 Engineer
 CVE-2020-19512
 	RESERVED
 CVE-2020-19511
@@ -52772,7 +52772,7 @@ CVE-2020-7851
 CVE-2020-7850
 	RESERVED
 CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...)
-	TODO: check
+	NOT-FOR-US: uPrism.io CURIX
 CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...)
 	NOT-FOR-US: EFM ipTIME C200 IP Camera
 CVE-2020-7847
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index ce1b3692af..9708fcc32c 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,9 +1,9 @@
 CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...)
 	TODO: check
 CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...)
-	TODO: check
+	NOT-FOR-US: Askey devices
 CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...)
-	TODO: check
+	NOT-FOR-US: Askey devices
 CVE-2021-27402
 	RESERVED
 CVE-2021-27401
@@ -1413,7 +1413,7 @@ CVE-2021-26749
 CVE-2021-26748
 	RESERVED
 CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...)
-	TODO: check
+	NOT-FOR-US: Netis devices
 CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...)
 	TODO: check
 CVE-2021-26745
@@ -2454,7 +2454,7 @@ CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH
 CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...)
 	NOT-FOR-US: Wikindx
 CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access to mem ...)
-	TODO: check
+	NOT-FOR-US: ModernFlow
 CVE-2021-3338
 	RESERVED
 CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-02-19 09:24:28 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-02-19 09:24:28 +0100
commit	90e46e963be30295cbecc177ed7f10f18043209c (patch)
tree	dda944f5d4ee2a7b4fc674fe8679c12a19dbb9a9 /data/CVE
parent	8572a1da794ab41301effc366d1a202dfe553fac (diff)