NFUs

4 files changed, 37 insertions, 35 deletions

diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 5041588822..93fab11d2f 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,5 +1,5 @@
 CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x be ...)
-	TODO: check
+	NOT-FOR-US: Integard
 CVE-2010-5332 (In the Linux kernel before 2.6.37, an out of bounds array access happe ...)
 	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
 	NOTE: https://git.kernel.org/linus/0926f91083f34d047abc74f1ca4fa6a9c161f7db
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 91d7bb07ec..cb787e1ecc 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -35,41 +35,41 @@ CVE-2016-10957
 CVE-2016-10956
 	RESERVED
 CVE-2016-10955 (The cysteme-finder plugin before 1.4 for WordPress has unrestricted fi ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10954 (The Neosense theme before 1.8 for WordPress has qquploader unrestricte ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10953 (The Headway theme before 3.8.9 for WordPress has XSS via the license k ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10952 (The quotes-collection plugin before 2.0.6 for WordPress has XSS via th ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10951 (The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection vi ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10950 (The sirv plugin before 1.3.2 for WordPress has SQL injection via the i ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10949 (The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL in ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10948 (The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect han ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10947 (The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10946 (The wp-d3 plugin before 2.4.1 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10945 (The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?pa ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10944 (The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10943 (The zx-csv-upload plugin 1 for WordPress has SQL injection via the id  ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10942 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10941 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10940 (The zm-gallery plugin 1.0 for WordPress has SQL injection via the orde ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via the i ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an SSL cer ...)
 	- imapfilter <unfixed> (bug #939702)
 	[buster] - imapfilter <no-dsa> (Minor issue)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 1d8ec31b84..05fdbc2718 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -37,13 +37,13 @@ CVE-2017-18617
 CVE-2017-18616
 	RESERVED
 CVE-2017-18615 (The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-18614 (The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-18613 (The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-18612 (The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/f ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
 	NOT-FOR-US: magic-fields plugin for WordPress
 CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index c39d4dae0d..68ca661423 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -5,7 +5,7 @@ CVE-2019-16295
 CVE-2019-16294
 	RESERVED
 CVE-2019-16293 (The Create Discoveries feature of Open-AudIT before 3.2.0 allows an au ...)
-	TODO: check
+	NOT-FOR-US: Open-AudIT
 CVE-2019-16292
 	RESERVED
 CVE-2019-16291
@@ -13,9 +13,9 @@ CVE-2019-16291
 CVE-2019-16290
 	RESERVED
 CVE-2019-16289 (The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPre ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID paramete ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2019-16287
 	RESERVED
 CVE-2019-16286
@@ -98,7 +98,7 @@ CVE-2019-16250 (includes/wizard/wizard.php in the Ocean Extra plugin through 1.5
 CVE-2019-16249 (OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core ...)
 	TODO: check
 CVE-2019-16248 (The "delete for" feature in Telegram before 5.11 on Android does not d ...)
-	TODO: check
+	NOT-FOR-US: Telegram for Android
 CVE-2019-16247 (Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommL ...)
 	NOT-FOR-US: Delta DCISoft
 CVE-2019-16246
@@ -2238,7 +2238,7 @@ CVE-2019-15304 (Lierda Grill Temperature Monitor V1.00_50006 has a default passw
 CVE-2019-15303
 	RESERVED
 CVE-2019-15302 (The pad management logic in XWiki labs CryptPad before 3.0.0 allows a  ...)
-	TODO: check
+	NOT-FOR-US: CryptPad
 CVE-2019-15301
 	RESERVED
 CVE-2019-15300
@@ -5581,17 +5581,17 @@ CVE-2019-13925
 CVE-2019-13924
 	RESERVED
 CVE-2019-13923 (A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gat ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-13921
 	RESERVED
 CVE-2019-13920 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-13919 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-13918 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution  ...)
 	{DSA-4488-1}
 	- exim4 4.92-10
@@ -6417,7 +6417,7 @@ CVE-2019-13550
 CVE-2019-13549
 	RESERVED
 CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2019-13547
 	RESERVED
 CVE-2019-13546
@@ -6449,7 +6449,7 @@ CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version
 CVE-2019-13533
 	RESERVED
 CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2019-13531
 	RESERVED
 CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
@@ -39192,6 +39192,7 @@ CVE-2019-0208
 	REJECTED
 CVE-2019-0207
 	RESERVED
+	NOT-FOR-US: Apache Tapestry
 CVE-2019-0206
 	REJECTED
 CVE-2019-0205
@@ -39234,6 +39235,7 @@ CVE-2019-0196 (A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38.
 	NOTE: https://svn.apache.org/r1852989
 CVE-2019-0195
 	RESERVED
+	NOT-FOR-US: Apache Tapestry
 CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 ...)
 	NOT-FOR-US: Apache Camel
 CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module  ...)