new nim, dolibarr, ros-actionlib issues

node-ajv, crispy-doom fixed in sid
shiro bugnum
NFUs

3 files changed, 144 insertions, 142 deletions

diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 89511c3730..9690349fda 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -4721,9 +4721,9 @@ CVE-2015-8034 (The state.sls function in Salt before 2015.8.3 uses weak permissi
 CVE-2015-8075
 	REJECTED
 CVE-2015-8033 (In Textpattern 4.5.7, the password-reset feature does not securely tet ...)
-	TODO: check
+	NOT-FOR-US: Textpattern
 CVE-2015-8032 (In Textpattern 4.5.7, an unprivileged author can change an article's m ...)
-	TODO: check
+	NOT-FOR-US: Textpattern
 CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly d ...)
 	{DSA-3430-1}
 	- libxml2 2.9.3+dfsg1-1 (bug #803942)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index fb338f1662..83e230995c 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1298,7 +1298,7 @@ CVE-2019-20385 (The CSV upload feature in /supervisor/procesa_carga.php on Logar
 CVE-2019-20384 (Gentoo Portage through 2.3.84 allows local users to place a Trojan hor ...)
 	NOT-FOR-US: Portage
 CVE-2019-20383 (ABBYY network license server in ABBYY FineReader 15 before Release 4 ( ...)
-	TODO: check
+	NOT-FOR-US: ABBYY
 CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ...)
 	{DSA-4665-1 DLA-2288-1}
 	- qemu 1:4.2-1
@@ -1873,11 +1873,11 @@ CVE-2019-20154 (An issue was discovered in Determine (formerly Selectica) Contra
 CVE-2019-20153 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...)
 	NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
 CVE-2019-20152 (An XSS issue was discovered in TreasuryXpress 19191105. Due to the lac ...)
-	TODO: check
+	NOT-FOR-US: TreasuryXpress
 CVE-2019-20151 (An XSS issue was discovered in TreasuryXpress 19191105. Due to the lac ...)
-	TODO: check
+	NOT-FOR-US: TreasuryXpress
 CVE-2019-20150 (In TreasuryXpress 19191105, a logged-in user can discover saved creden ...)
-	TODO: check
+	NOT-FOR-US: TreasuryXpress
 CVE-2019-20149 (ctorName in index.js in kind-of v6.0.2 allows external user input to o ...)
 	- node-kind-of 6.0.3+dfsg-1 (bug #948095)
 	[buster] - node-kind-of 6.0.2+dfsg-1+deb10u1
@@ -3272,7 +3272,7 @@ CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger inf
 CVE-2019-19644
 	RESERVED
 CVE-2019-19643 (ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. ...)
-	TODO: check
+	NOT-FOR-US: ise smart connect KNX Vaillant
 CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02 ...)
 	NOT-FOR-US: SuperMicro
 CVE-2019-19641
@@ -6044,7 +6044,7 @@ CVE-2019-18621
 CVE-2019-18620
 	RESERVED
 CVE-2019-18619 (Incorrect parameter validation in the synaTee component of Synaptics W ...)
-	TODO: check
+	NOT-FOR-US: Synaptics
 CVE-2019-18618 (Incorrect access control in the firmware of Synaptics VFS75xx family f ...)
 	NOT-FOR-US: firmware of Synaptics VFS75xx family fingerprint sensors
 CVE-2019-18617
@@ -9027,7 +9027,7 @@ CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware vers
 CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vul ...)
 	NOT-FOR-US: JFinal
 CVE-2019-17339 (The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabr ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO Patterns - ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
@@ -11375,7 +11375,7 @@ CVE-2019-16391 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated vis
 	NOTE: https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79
 	NOTE: https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66
 CVE-2019-16374 (Pega Platform 8.2.1 allows LDAP injection because a username can conta ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2019-16373
 	RESERVED
 CVE-2019-16372
@@ -11681,7 +11681,7 @@ CVE-2019-16246 (Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a di
 CVE-2019-16245 (OMERO before 5.6.1 makes the details of each user available to all use ...)
 	NOT-FOR-US: OMERO
 CVE-2019-16244 (OMERO.server before 5.6.1 allows attackers to bypass the security filt ...)
-	TODO: check
+	NOT-FOR-US: OMERO
 CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...)
 	NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
 CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineerin ...)
@@ -23437,37 +23437,37 @@ CVE-2019-11864
 CVE-2019-11863
 	RESERVED
 CVE-2019-11862 (The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic pr ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11861
 	RESERVED
 CVE-2019-11860
 	RESERVED
 CVE-2019-11859 (A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0 ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11858 (Multiple buffer overflow vulnerabilities exist in the AceManager Web A ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11857 (Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11856 (A nonce reuse vulnerability exists in the ACEView service of ALEOS bef ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11855 (An RPC server is enabled by default on the gateway's LAN of ALEOS befo ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11854
 	RESERVED
 CVE-2019-11853 (Several potential command injections vulnerabilities exist in the AT c ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11852 (An out-of-bounds reads vulnerability exists in the ACEView Service of  ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11851
 	RESERVED
 CVE-2019-11850 (A stack overflow vulnerabiltity exist in the AT command interface of A ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11849 (A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11848 (An API abuse vulnerability exists in the AT command API of ALEOS befor ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11847 (An improper privilege management vulnerabitlity exists in ALEOS before ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2019-11846 (/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XS ...)
 	NOT-FOR-US: dotCMS
 CVE-2019-11845 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...)
@@ -36495,7 +36495,7 @@ CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandle
 CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...)
 	NOT-FOR-US: MyThemeShop Launcher plugin for WordPress
 CVE-2019-7410 (There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remo ...)
-	TODO: check
+	NOT-FOR-US: Galileo CMS
 CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign C ...)
 	NOT-FOR-US: ProfileDesign CMS
 CVE-2019-7408
@@ -39256,7 +39256,7 @@ CVE-2019-6260 (The ASPEED ast2400 and ast2500 Baseband Management Controller (BM
 CVE-2019-6259 (An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injec ...)
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2019-6258 (D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-6257 (A Server Side Request Forgery (SSRF) vulnerability in elFinder before  ...)
 	NOT-FOR-US: elFinder
 CVE-2019-6256 (A Denial of Service issue was discovered in the LIVE555 Streaming Medi ...)
@@ -40961,7 +40961,7 @@ CVE-2019-5593 (Improper permission or value checking in the CLI console may allo
 CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE,  ...)
 	NOT-FOR-US: Fortinet
 CVE-2019-5591 (A Default Configuration vulnerability in FortiOS may allow an unauthen ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...)
 	NOT-FOR-US: Fortinet
 CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 0bd945e316..c3ab9f3282 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,9 +1,9 @@
 CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE attacks dur ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2020-24588
 	RESERVED
 CVE-2020-24587
@@ -33,13 +33,13 @@ CVE-2020-24576
 CVE-2020-24575
 	RESERVED
 CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows l ...)
-	TODO: check
+	NOT-FOR-US: GOG Galaxy client
 CVE-2020-24573
 	RESERVED
 CVE-2020-24572
 	RESERVED
 CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via ../ dir ...)
-	TODO: check
+	NOT-FOR-US: NexusDB
 CVE-2020-24570
 	RESERVED
 CVE-2020-24569
@@ -47,7 +47,7 @@ CVE-2020-24569
 CVE-2020-24568
 	RESERVED
 CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08- ...)
-	TODO: check
+	NOT-FOR-US: voidtools
 CVE-2020-24566
 	RESERVED
 CVE-2020-24565
@@ -472,7 +472,7 @@ CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via E
 CVE-2020-24360
 	RESERVED
 CVE-2020-24359 (HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrect ...)
-	TODO: check
+	NOT-FOR-US: vault-ssh-helper
 CVE-2020-24358
 	RESERVED
 CVE-2020-24357
@@ -1091,19 +1091,19 @@ CVE-2020-24059
 CVE-2020-24058
 	RESERVED
 CVE-2020-24057 (The management website of the Verint S5120FD Verint_FW_0_42 unit featu ...)
-	TODO: check
+	NOT-FOR-US: Verint
 CVE-2020-24056 (A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_ ...)
-	TODO: check
+	NOT-FOR-US: Verint
 CVE-2020-24055 (Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320 ...)
-	TODO: check
+	NOT-FOR-US: Verint
 CVE-2020-24054 (The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2 ...)
-	TODO: check
+	NOT-FOR-US: Moog
 CVE-2020-24053 (Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credenti ...)
-	TODO: check
+	NOT-FOR-US: Moog
 CVE-2020-24052 (Several XML External Entity (XXE) vulnerabilities in the Moog EXO Seri ...)
-	TODO: check
+	NOT-FOR-US: Moog
 CVE-2020-24051 (The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF int ...)
-	TODO: check
+	NOT-FOR-US: Moog
 CVE-2020-24050
 	RESERVED
 CVE-2020-24049
@@ -1333,9 +1333,9 @@ CVE-2020-23938 (***REJECTED***Out of bounds read (CWE-125) in AnnLab V3 Lite 4.0
 CVE-2020-23937
 	RESERVED
 CVE-2020-23936 (PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Auth ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Vehicle Parking Management System
 CVE-2020-23935 (Kabir Alhasan Student Management System 1.0 is vulnerable to Authentic ...)
-	TODO: check
+	NOT-FOR-US: Kabir Alhasan Student Management System
 CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated user can di ...)
 	NOT-FOR-US: RiteCMS
 CVE-2020-23933
@@ -7938,9 +7938,9 @@ CVE-2020-20636
 CVE-2020-20635
 	RESERVED
 CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows authenticated users  ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2020-20633 (ajax_policy_generator in admin/modules/cli-policy-generator/classes/cl ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2020-20632
 	RESERVED
 CVE-2020-20631
@@ -14268,7 +14268,7 @@ CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core
 	- tinymce <unfixed>
 	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
 CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...)
-	TODO: check
+	NOT-FOR-US: jpv
 CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly conside ...)
 	- libcrypt-perl-perl <itp> (bug #907353)
 CVE-2020-17477
@@ -16760,13 +16760,13 @@ CVE-2020-16284
 CVE-2020-16283
 	RESERVED
 CVE-2020-16282 (In the default configuration of Rangee GmbH RangeeOS 8.0.4, all compon ...)
-	TODO: check
+	NOT-FOR-US: Rangee
 CVE-2020-16281 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a loca ...)
-	TODO: check
+	NOT-FOR-US: Rangee
 CVE-2020-16280 (Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plain ...)
-	TODO: check
+	NOT-FOR-US: Rangee
 CVE-2020-16279 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to R ...)
-	TODO: check
+	NOT-FOR-US: Rangee
 CVE-2020-16278 (A cross-site scripting (XSS) vulnerability in the Permissions componen ...)
 	NOT-FOR-US: SAINT Security Suite
 CVE-2020-16277 (An SQL injection vulnerability in the Analytics component of SAINT Sec ...)
@@ -16848,15 +16848,15 @@ CVE-2020-16243
 CVE-2020-16242
 	RESERVED
 CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
-	TODO: check
+	NOT-FOR-US: Philips SureSigns
 CVE-2020-16240
 	RESERVED
 CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...)
-	TODO: check
+	NOT-FOR-US: Philips SureSigns
 CVE-2020-16238
 	RESERVED
 CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input  ...)
-	TODO: check
+	NOT-FOR-US: Philips SureSigns
 CVE-2020-16236
 	RESERVED
 CVE-2020-16235
@@ -18099,11 +18099,11 @@ CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input
 CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...)
 	NOT-FOR-US: Joomla!
 CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...)
-	TODO: check
+	- nim 1.2.6-1
 CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...)
-	TODO: check
+	- nim 1.2.6-1
 CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...)
-	TODO: check
+	- nim 1.2.6-1
 CVE-2020-15691
 	RESERVED
 CVE-2020-15690
@@ -18341,7 +18341,7 @@ CVE-2020-15598
 CVE-2020-15597 (SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statute ...)
 	NOT-FOR-US: SOPlanning
 CVE-2020-15596 (The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on var ...)
-	TODO: check
+	NOT-FOR-US: ALPS ALPINE touchpad driver for Windows
 CVE-2020-XXXX [veyon-configurator tmp handling]
 	- veyon 4.4.1+repack1-1 (bug #964568)
 	[buster] - veyon <no-dsa> (Minor issue)
@@ -18885,7 +18885,7 @@ CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restric
 CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...)
 	NOT-FOR-US: Venki
 CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another JSON Sch ...)
-	- node-ajv <unfixed>
+	- node-ajv 6.12.4-1
 	NOTE: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
 CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...)
 	- libraw <not-affected> (Vulnerable code introduced in 0.20-Beta1)
@@ -19332,7 +19332,7 @@ CVE-2020-15154
 CVE-2020-15153
 	RESERVED
 CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Req ...)
-	TODO: check
+	NOT-FOR-US: Node ftp-srv
 CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...)
 	NOT-FOR-US: OpenMage
 CVE-2020-15150
@@ -19342,7 +19342,7 @@ CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.1
 CVE-2020-15148
 	RESERVED
 CVE-2020-15147 (Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execu ...)
-	TODO: check
+	NOT-FOR-US: Red Discord Bot
 CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...)
 	NOT-FOR-US: SyliusResourceBundle
 CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...)
@@ -19352,11 +19352,11 @@ CVE-2020-15144
 CVE-2020-15143 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...)
 	NOT-FOR-US: SyliusResourceBundle
 CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with  ...)
-	TODO: check
+	NOT-FOR-US: openapi-python-client
 CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...)
-	TODO: check
+	NOT-FOR-US: openapi-python-client
 CVE-2020-15140 (In Red Discord Bot before version 3.3.11, a RCE exploit has been disco ...)
-	TODO: check
+	NOT-FOR-US: Red Discord Bot
 CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...)
 	NOT-FOR-US: MyBB
 CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview of the ...)
@@ -19413,7 +19413,7 @@ CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the
 CVE-2020-15120 (In "I hate money" before version 4.1.5, an authenticated member of one ...)
 	NOT-FOR-US: ihatemoney
 CVE-2020-15119 (In auth0-lock versions before and including 11.25.1, dangerouslySetInn ...)
-	TODO: check
+	NOT-FOR-US: Node auth0-lock
 CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is m ...)
 	NOT-FOR-US: Wagtail
 CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...)
@@ -19531,7 +19531,7 @@ CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An error-based
 CVE-2020-15071 (content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS  ...)
 	NOT-FOR-US: Symphony CMS
 CVE-2020-15070 (Zulip Server 2.x before 2.1.7 allows eval injection if a privileged at ...)
-	TODO: check
+	- zulip-server <itp> (bug #800052)
 CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow an ...)
 	NOT-FOR-US: Sophos
 CVE-2020-15068
@@ -19724,7 +19724,7 @@ CVE-2020-14985
 CVE-2020-14984
 	RESERVED
 CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't valid ...)
-	- crispy-doom <unfixed> (bug #964564)
+	- crispy-doom 5.9.0-1 (bug #964564)
 	[buster] - crispy-doom <no-dsa> (Minor issue)
 	- chocolate-doom 3.0.1-1
 	[buster] - chocolate-doom <no-dsa> (Minor issue)
@@ -20724,7 +20724,7 @@ CVE-2020-14520 (The affected product is vulnerable to an information leak, which
 CVE-2020-14519
 	RESERVED
 CVE-2020-14518 (Philips DreamMapper, Version 2.24 and prior. Information written to lo ...)
-	TODO: check
+	NOT-FOR-US: Philips DreamMapper
 CVE-2020-14517
 	RESERVED
 CVE-2020-14516
@@ -21491,7 +21491,7 @@ CVE-2020-14217
 CVE-2020-14216
 	RESERVED
 CVE-2020-14215 (Zulip Server before 2.1.5 has Incorrect Access Control because 0198_pr ...)
-	TODO: check
+	- zulip-server <itp> (bug #800052)
 CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, relies o ...)
 	- zammad <itp> (bug #841355)
 CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should only  ...)
@@ -21523,7 +21523,7 @@ CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Req
 CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...)
 	NOT-FOR-US: WebFOCUS Business Intelligence
 CVE-2020-14201 (Dolibarr CRM before 11.0.5 allows privilege escalation. This could all ...)
-	TODO: check
+	- dolibarr <removed>
 CVE-2020-14200
 	RESERVED
 CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...)
@@ -21546,7 +21546,7 @@ CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the in
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
 CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a topic header ...)
-	TODO: check
+	- zulip-server <itp> (bug #800052)
 CVE-2020-14193
 	RESERVED
 CVE-2020-14192
@@ -22223,7 +22223,7 @@ CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6
 	NOTE: https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e (8.5.57)
 	NOTE: https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399 (9.0.37)
 CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...)
-	- shiro <unfixed>
+	- shiro <unfixed> (bug #968753)
 	NOTE: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E
 CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...)
 	NOT-FOR-US: Apache ActiveMQ Artemis
@@ -22487,9 +22487,9 @@ CVE-2020-13828
 CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/a ...)
 	- phplist <itp> (bug #612288)
 CVE-2020-13826 (A CSV injection (aka Excel Macro Injection or Formula Injection) issue ...)
-	TODO: check
+	NOT-FOR-US: i-doit
 CVE-2020-13825 (A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows rem ...)
-	TODO: check
+	NOT-FOR-US: i-doit
 CVE-2020-13824
 	RESERVED
 CVE-2020-13823
@@ -25012,7 +25012,7 @@ CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer over
 CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...)
 	NOT-FOR-US: OpenNMS
 CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook ...)
-	TODO: check
+	- zulip-server <itp> (bug #800052)
 CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...)
 	- consul 1.7.4+dfsg1-1
 	[buster] - consul <not-affected> (Vulnerable code not present)
@@ -25392,9 +25392,9 @@ CVE-2020-12621
 CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.con ...)
 	NOT-FOR-US: Pi-hole
 CVE-2020-12619 (MailMate before 1.11 automatically imported S/MIME certificates and th ...)
-	TODO: check
+	NOT-FOR-US: MailMate
 CVE-2020-12618 (eM Client before 7.2.33412.0 automatically imported S/MIME certificate ...)
-	TODO: check
+	NOT-FOR-US: eM Client
 CVE-2020-12617
 	RESERVED
 CVE-2020-12616
@@ -31323,9 +31323,10 @@ CVE-2020-10292
 CVE-2020-10291
 	RESERVED
 CVE-2020-10290 (Universal Robots controller execute URCaps (zip files containing Java- ...)
-	TODO: check
+	NOT-FOR-US: Universal Robots controller 
 CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...)
-	TODO: check
+	- ros-actionlib <unfixed> (bug #968830)
+	[buster] - ros-actionlib <no-dsa> (Minor issue)
 CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...)
 	NOT-FOR-US: ABB IRC5
 CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with credent ...)
@@ -31337,7 +31338,7 @@ CVE-2020-10285 (The authentication implementation on the xArm controller has ver
 CVE-2020-10284 (No authentication is required to control the robot inside the network, ...)
 	NOT-FOR-US: xArm
 CVE-2020-10283 (The Micro Air Vehicle Link (MAVLink) protocol presents authentication  ...)
-	TODO: check
+	NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol
 CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no authenticati ...)
 	NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol
 CVE-2020-10281 (This vulnerability applies to the Micro Air Vehicle Link (MAVLink) pro ...)
@@ -33753,7 +33754,7 @@ CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerab
 CVE-2020-9247
 	RESERVED
 CVE-2020-9246 (FusionCompute 8.0.0 has an information leak vulnerability. A module do ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9245 (HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUA ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8); ...)
@@ -34037,7 +34038,7 @@ CVE-2020-9106
 CVE-2020-9105
 	RESERVED
 CVE-2020-9104 (HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...)
@@ -34053,9 +34054,9 @@ CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 h
 CVE-2020-9097
 	RESERVED
 CVE-2020-9096 (HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E1 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9095 (HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E16 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9094
 	RESERVED
 CVE-2020-9093
@@ -37184,27 +37185,27 @@ CVE-2020-7712
 CVE-2020-7711
 	RESERVED
 CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an  ...)
-	TODO: check
+	NOT-FOR-US: Node safe-eval
 CVE-2020-7709
 	RESERVED
 CVE-2020-7708 (The package irrelon-path before 4.7.0; the package @irrelon/path befor ...)
-	TODO: check
+	NOT-FOR-US: Node irrelon-path
 CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to Prototype Pol ...)
-	TODO: check
+	NOT-FOR-US: Node property-expr
 CVE-2020-7706 (The package connie-lang before 0.1.1 are vulnerable to Prototype Pollu ...)
-	TODO: check
+	NOT-FOR-US: Node connie-lang
 CVE-2020-7705
 	RESERVED
 CVE-2020-7704 (The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pol ...)
-	TODO: check
+	NOT-FOR-US: Node linux-cmdline
 CVE-2020-7703 (All versions of package nis-utils are vulnerable to Prototype Pollutio ...)
-	TODO: check
+	NOT-FOR-US: Node nis-utils
 CVE-2020-7702 (All versions of package templ8 are vulnerable to Prototype Pollution v ...)
-	TODO: check
+	NOT-FOR-US: templ8
 CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution  ...)
-	TODO: check
+	NOT-FOR-US: Node madlib-object-utils
 CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...)
-	TODO: check
+	NOT-FOR-US: phpjs
 CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...)
 	NOT-FOR-US: express-fileupload
 CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...)
@@ -37727,9 +37728,10 @@ CVE-2020-7462
 CVE-2020-7461
 	RESERVED
 CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-ST ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-ST ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
+	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:21.usb_net.asc
 CVE-2020-7458 (In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and ...)
 	NOT-FOR-US: FreeBSD
 CVE-2020-7457 (In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-ST ...)
@@ -37930,7 +37932,7 @@ CVE-2020-7362
 CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command injecti ...)
 	NOT-FOR-US: EasyCorp ZenTao Pro application
 CVE-2020-7360 (An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartCo ...)
-	TODO: check
+	NOT-FOR-US: SmartControl
 CVE-2020-7359
 	RESERVED
 CVE-2020-7358
@@ -37946,7 +37948,7 @@ CVE-2020-7354 (Cross-site Scripting (XSS) vulnerability in the 'host' field of a
 CVE-2020-7353
 	RESERVED
 CVE-2020-7352 (The GalaxyClientService component of GOG Galaxy runs with elevated SYS ...)
-	TODO: check
+	NOT-FOR-US: GOG Galaxy
 CVE-2020-7351 (An OS Command Injection vulnerability in the endpoint_devicemap.php co ...)
 	NOT-FOR-US: Fonality Trixbox Community Edition
 CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...)
@@ -38030,27 +38032,27 @@ CVE-2020-7312
 CVE-2020-7311
 	RESERVED
 CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee McAfee T ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7309
 	RESERVED
 CVE-2020-7308
 	RESERVED
 CVE-2020-7307 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7306 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7305 (Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7304 (Cross site request forgery vulnerability in McAfee Data Loss Preventio ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7303 (Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7302 (Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Pr ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7301 (Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7300 (Improper Authorization vulnerability in McAfee Data Loss Prevention (D ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7299
 	RESERVED
 CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP) prior t ...)
@@ -38745,7 +38747,7 @@ CVE-2020-7031
 CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered in the ...)
 	NOT-FOR-US: IP Office
 CVE-2020-7029 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in th ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2020-7028
 	RESERVED
 CVE-2020-7027
@@ -38941,7 +38943,7 @@ CVE-2020-6934
 CVE-2020-6933
 	RESERVED
 CVE-2020-6932 (An information disclosure and remote code execution vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: BlackBerry QNX Software Development Platform
 CVE-2020-6931
 	RESERVED
 CVE-2020-6930
@@ -39649,7 +39651,7 @@ CVE-2020-6655
 CVE-2020-6654
 	RESERVED
 CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 &amp; prior stores the user l ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...)
 	NOT-FOR-US: Eaton
 CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v ...)
@@ -41904,9 +41906,9 @@ CVE-2020-5777
 CVE-2020-5776
 	RESERVED
 CVE-2020-5775 (Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote,  ...)
-	TODO: check
+	NOT-FOR-US: Canvas LMS
 CVE-2020-5774 (Nessus versions 8.11.0 and earlier were found to maintain sessions lon ...)
-	TODO: check
+	NOT-FOR-US: Nessus
 CVE-2020-5773 (Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allow ...)
 	NOT-FOR-US: Teltonika firmware
 CVE-2020-5772 (Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 all ...)
@@ -42222,9 +42224,9 @@ CVE-2020-5618
 CVE-2020-5617 (Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12 ...)
 	NOT-FOR-US: SKYSEA Client View
 CVE-2020-5616 ([Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], ...)
-	TODO: check
+	NOT-FOR-US: Calendar01
 CVE-2020-5615 (Cross-site request forgery (CSRF) vulnerability in [Calendar01] free e ...)
-	TODO: check
+	NOT-FOR-US: Calendar01
 CVE-2020-5614 (Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows ...)
 	NOT-FOR-US: KonaWiki
 CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allow ...)
@@ -42710,7 +42712,7 @@ CVE-2020-5387
 CVE-2020-5386
 	RESERVED
 CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suit ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Wi ...)
 	NOT-FOR-US: RSA MFA Agent
 CVE-2020-5383
@@ -44253,9 +44255,9 @@ CVE-2020-4689
 CVE-2020-4688
 	RESERVED
 CVE-2020-4687 (IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated use ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4686 (IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4685
 	RESERVED
 CVE-2020-4684
@@ -44321,7 +44323,7 @@ CVE-2020-4655
 CVE-2020-4654
 	RESERVED
 CVE-2020-4653 (IBM Planning Analytics 2.0 could allow a remote attacker to conduct ph ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4652
 	RESERVED
 CVE-2020-4651
@@ -44331,7 +44333,7 @@ CVE-2020-4650
 CVE-2020-4649
 	RESERVED
 CVE-2020-4648 (A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4647
 	RESERVED
 CVE-2020-4646
@@ -44531,7 +44533,7 @@ CVE-2020-4550 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attac
 CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4548 (IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4547
 	RESERVED
 CVE-2020-4546
@@ -44865,7 +44867,7 @@ CVE-2020-4383
 CVE-2020-4382
 	RESERVED
 CVE-2020-4381 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting.  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
@@ -45483,9 +45485,9 @@ CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, th
 CVE-2020-4073
 	RESERVED
 CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are created for ...)
-	TODO: check
+	NOT-FOR-US: generator-jhipster-kotlin
 CVE-2020-4071 (In django-basic-auth-ip-whitelist before 0.3.4, a potential timing att ...)
-	TODO: check
+	NOT-FOR-US: django-basic-auth-ip-whitelist
 CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is a cros ...)
 	TODO: check
 CVE-2020-4069
@@ -45696,9 +45698,9 @@ CVE-2020-3978
 CVE-2020-3977
 	RESERVED
 CVE-2020-3976 (VMware ESXi and vCenter Server contain a partial denial of service vul ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3975 (VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3974 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...)
 	NOT-FOR-US: VMware
 CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input validation whi ...)
@@ -46367,7 +46369,7 @@ CVE-2020-3683
 CVE-2020-3682
 	RESERVED
 CVE-2020-3681 (Authenticated and encrypted payload MMEs can be forged and remotely se ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3680 (A race condition can occur when using the fastrpc memory mapping API.  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3679
@@ -46739,11 +46741,11 @@ CVE-2020-3504
 CVE-2020-3503
 	RESERVED
 CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3501 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3500 (A vulnerability in the IPv6 implementation of Cisco StarOS could allow ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3499
 	RESERVED
 CVE-2020-3498
@@ -46802,7 +46804,7 @@ CVE-2020-3474
 CVE-2020-3473
 	RESERVED
 CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings could  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3471
 	RESERVED
 CVE-2020-3470
@@ -46818,9 +46820,9 @@ CVE-2020-3466
 CVE-2020-3465
 	RESERVED
 CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3463 (A vulnerability in the web-based management interface of Cisco Webex M ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3462 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
@@ -46848,11 +46850,11 @@ CVE-2020-3451
 CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3449 (A vulnerability in the Border Gateway Protocol (BGP) additional paths  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3448 (A vulnerability in an access control mechanism of Cisco Cyber Vision C ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3447 (A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security A ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3446
 	RESERVED
 CVE-2020-3445
@@ -46876,11 +46878,11 @@ CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD
 CVE-2020-3436
 	RESERVED
 CVE-2020-3435 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3434 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3432
 	RESERVED
 CVE-2020-3431
@@ -46920,11 +46922,11 @@ CVE-2020-3415
 CVE-2020-3414
 	RESERVED
 CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of Cisco Web ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3412 (A vulnerability in the scheduled meeting template feature of Cisco Web ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3411 (A vulnerability in Cisco DNA Center software could allow an unauthenti ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3410
 	RESERVED
 CVE-2020-3409
@@ -47020,7 +47022,7 @@ CVE-2020-3365
 CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality of the  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3363 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3362 (A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3361 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
@@ -47057,7 +47059,7 @@ CVE-2020-3348 (Multiple vulnerabilities in the web-based management interface of
 CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3346 (A vulnerability in the web UI of Cisco Unified Communications Manager  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3345 (A vulnerability in certain web pages of Cisco Webex Meetings and Cisco ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
@@ -47800,7 +47802,7 @@ CVE-2020-2983 (Vulnerability in the Oracle Data Masking and Subsetting product o
 CVE-2020-2982 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
 	NOT-FOR-US: Oracle
 CVE-2020-2981 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2980
 	RESERVED
 CVE-2020-2979
@@ -49890,7 +49892,7 @@ CVE-2020-2037
 CVE-2020-2036
 	RESERVED
 CVE-2020-2035 (When SSL/TLS Forward Proxy Decryption mode has been configured to decr ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS GlobalProtect port ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2020-2033 (When the pre-logon feature is enabled, a missing certification validat ...)