NFUs

author: Moritz Muehlenhoff <jmm@debian.org> 2020-03-02 22:42:25 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2020-03-02 22:42:25 +0100
commit: e2476e1e59423ef6ca8dbd9692e1ef7edf3c791a (patch)
tree: c6a5b9f6b3423f63dace44ea28c40ec102c5fad0 /data/CVE
parent: 847b6204b175c6c7b57fd0b0386fa280241108da (diff)
5 files changed, 14 insertions, 14 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 9a155c969c..c9aa3e76ab 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -2813,7 +2813,7 @@ CVE-2014-9532
 CVE-2014-9531
 	RESERVED
 CVE-2014-9530 (A vulnerability exists in nw.js before 0.11.3 when calling nw methods  ...)
-	TODO: check
+	NOT-FOR-US: nw.js
 CVE-2014-9528 (SQL injection vulnerability in the actionIndex function in protected/m ...)
 	NOT-FOR-US: HumHub
 CVE-2014-9527 (HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cau ...)
@@ -7280,7 +7280,7 @@ CVE-2014-7916 (Integer overflow in SampleTable.cpp in libstagefright in Android
 CVE-2014-7915 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...)
 	NOT-FOR-US: libstagefright in Android
 CVE-2014-7914 (btif/src/btif_dm.c in Android before 5.1 does not properly enforce the ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...)
 	{DLA-506-1}
 	- dhcpcd5 7.0.8-0.1 (unimportant; bug #846938)
@@ -18740,7 +18740,7 @@ CVE-2014-3211 (Publify before 8.0.1 is vulnerable to a Denial of Service attack
 CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking  ...)
 	NOT-FOR-US: WordPress plugin Booking System
 CVE-2014-3208 (A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (ps ...)
-	TODO: check
+	NOT-FOR-US: askpop3d
 CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary co ...)
 	NOT-FOR-US: Seagate
 CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a h ...)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 8102d864c5..5168434708 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -11069,7 +11069,7 @@ CVE-2015-5688 (Directory traversal vulnerability in lib/app/index.js in Geddy be
 CVE-2015-5687 (system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote at ...)
 	NOT-FOR-US: Anchor CMS
 CVE-2015-5686 (Parts of the Puppet Enterprise Console 3.x were found to be susceptibl ...)
-	TODO: check
+	NOT-FOR-US: Puppet Enterprise Console
 CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstra ...)
 	{DLA-312-1}
 	- libtorrent-rasterbar 1.0.6-1 (bug #797046)
@@ -11892,7 +11892,7 @@ CVE-2015-5363 (The SRX Network Security Daemon (nsd) in Juniper SRX Series servi
 CVE-2015-5362 (The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 ...)
 	NOT-FOR-US: Juniper
 CVE-2015-5361 (Background For regular, unencrypted FTP traffic, the FTP ALG can inspe ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2015-5360 (IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before ...)
 	NOT-FOR-US: Juniper
 CVE-2015-5359 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D3 ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 6c2241f590..79ad9a32cb 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -17651,7 +17651,7 @@ CVE-2017-12582 (Unprivileged user can access all functions in the Surveillance S
 CVE-2017-12581 (GitHub Electron before 1.6.8 allows remote command execution because o ...)
 	- electron <itp> (bug #842420)
 CVE-2017-12580 (An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploi ...)
-	TODO: check
+	NOT-FOR-US: IDM UltraEdit
 CVE-2017-12579 (An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion ...)
 	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
 CVE-2017-12578
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index b3853f838b..43d346bad7 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -10788,7 +10788,7 @@ CVE-2018-17060 (Telerik Extensions for ASP.NET MVC (all versions) does not white
 CVE-2018-17059
 	RESERVED
 CVE-2018-17058 (An issue was discovered in JABA XPress Online Shop through 2018-09-14. ...)
-	TODO: check
+	NOT-FOR-US: JABA
 CVE-2018-17057 (An issue was discovered in TCPDF before 6.2.22. Attackers can trigger  ...)
 	- tcpdf 6.2.26+dfsg-1 (bug #908866)
 	[stretch] - tcpdf <no-dsa> (Minor issue)
@@ -14131,9 +14131,9 @@ CVE-2018-15822 (The flv_write_packet function in libavformat/flvenc.c in FFmpeg
 CVE-2018-15821
 	RESERVED
 CVE-2018-15820 (EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GD ...)
-	TODO: check
+	NOT-FOR-US: EasyIO
 CVE-2018-15819 (EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Contro ...)
-	TODO: check
+	NOT-FOR-US: EasyIO
 CVE-2018-15818 (An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker ...)
 	NOT-FOR-US: Repute ARForms
 CVE-2018-15817 (FastStone Image Viewer 6.5 has a Read Access Violation on Block Data M ...)
@@ -17936,7 +17936,7 @@ CVE-2018-14386
 CVE-2018-14385
 	RESERVED
 CVE-2018-14384 (The Website Manager module in SEO Panel 3.13.0 and earlier is affected ...)
-	TODO: check
+	NOT-FOR-US: SEO Panel
 CVE-2018-14383 (The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows  ...)
 	NOT-FOR-US: Transition Technologies "The Scheduler" app for Jira
 CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...)
@@ -22668,7 +22668,7 @@ CVE-2018-12477 (A Improper Neutralization of CRLF Sequences vulnerability in Ope
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108189
 	NOTE: https://github.com/openSUSE/obs-service-refresh_patches/commit/d6244245dda5367767efc989446fe4b5e4609cce
 CVE-2018-12476 (Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE L ...)
-	TODO: check
+	NOT-FOR-US: obs-service-tar_scm
 CVE-2018-12475
 	RESERVED
 CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 0aebb3c33f..9cc1201f5c 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -21474,7 +21474,7 @@ CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /a
 CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...)
 	NOT-FOR-US: Boostnote
 CVE-2019-12183 (Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 serie ...)
-	TODO: check
+	NOT-FOR-US: Safescan Timemoto
 CVE-2019-12182
 	RESERVED
 CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...)
@@ -36208,7 +36208,7 @@ CVE-2019-7009
 CVE-2019-7008
 	RESERVED
 CVE-2019-7007 (A directory traversal vulnerability has been found in the Avaya Equino ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the cli ...)
 	NOT-FOR-US: Avaya
 CVE-2019-7005
@@ -42376,7 +42376,7 @@ CVE-2019-4303 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scrip
 CVE-2019-4302
 	RESERVED
 CVE-2019-4301 (BigFix Self-Service Application (SSA) is vulnerable to arbitrary code  ...)
-	TODO: check
+	NOT-FOR-US: BigFix Self-Service Application
 CVE-2019-4300
 	RESERVED
 CVE-2019-4299 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
author	Moritz Muehlenhoff <jmm@debian.org>	2020-03-02 22:42:25 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2020-03-02 22:42:25 +0100
commit	e2476e1e59423ef6ca8dbd9692e1ef7edf3c791a (patch)
tree	c6a5b9f6b3423f63dace44ea28c40ec102c5fad0 /data/CVE
parent	847b6204b175c6c7b57fd0b0386fa280241108da (diff)