NFUs

author: Moritz Muehlenhoff <jmm@debian.org> 2020-03-09 23:36:04 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2020-03-09 23:36:04 +0100
commit: 9c7e43e6d181f99aa41cda2a6a316d8138cda78f (patch)
tree: 7171b622f35245d93017baf64dcc709864e2e06c /data
parent: e9751430aaf9f96bee49d1eda6ce5aed2c3b0216 (diff)
4 files changed, 18 insertions, 19 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 41d4f382e9..34bb9aa357 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -1837,7 +1837,7 @@ CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-
 	- dhcp3 <not-affected> (Only affects DHCP 4.x)
 	- isc-dhcp 4.2.2.dfsg.1-5 (bug #652259; low)
 CVE-2011-4538 (Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2011-4537 (Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical ...)
 	NOT-FOR-US: 7-Technologies IGSS
 CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka H ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index f235d0b2c1..40080a8876 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -4883,8 +4883,7 @@ CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet s
 CVE-2014-8740
 	RESERVED
 CVE-2014-8739 (Unrestricted file upload vulnerability in server/php/UploadHandler.php ...)
-	- libjs-jquery-file-upload <undetermined>
-	TODO: check, might be considered only as specific use in WordPress and Joomla?
+	NOT-FOR-US: Joomla/Wordpress plugin
 CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote a ...)
 	NOT-FOR-US: Drupal module Open Atrium Core
 CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7 ...)
@@ -7126,7 +7125,7 @@ CVE-2014-7952 (The backup mechanism in the adb tool in Android might allow attac
 	NOTE: the vulnerability is in the Android OS itself (and its backup manager)
 	NOTE: adb is just an intermediary in the backup process
 CVE-2014-7951 (Directory traversal vulnerability in the Android debug bridge (aka adb ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2014-7950
 	RESERVED
 CVE-2014-7949
@@ -22870,7 +22869,7 @@ CVE-2014-1636 (Multiple SQL injection vulnerabilities in Command School Student
 CVE-2014-1635 (Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with f ...)
 	NOT-FOR-US: Belkin router
 CVE-2014-1634 (SQL Injection exists in Advanced Newsletter Magento extension before 2 ...)
-	TODO: check
+	NOT-FOR-US: Magento extension
 CVE-2014-1633
 	RESERVED
 CVE-2014-1632 (htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers ...)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index a54ff6472e..59a0379a87 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -3324,11 +3324,11 @@ CVE-2015-8509 (Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x an
 CVE-2015-8508 (Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in ...)
 	- bugzilla4 <itp> (bug #669643)
 CVE-2015-8507 (mediaserver in Android 6.0 before 2015-12-01 allows remote attackers t ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Android
 CVE-2015-8506 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 a ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Android
 CVE-2015-8505 (mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to  ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Android
 CVE-2015-8503
 	RESERVED
 CVE-2015-8502
@@ -5139,7 +5139,7 @@ CVE-2015-7892 (Stack-based buffer overflow in the m2m1shot_compat_ioctl32 functi
 CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphics 2D  ...)
 	NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
 CVE-2015-7890 (Multiple buffer overflows in the esa_write function in /dev/seirenin t ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung S6 Edge  ...)
 	NOT-FOR-US: Samsung
 CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...)
@@ -6760,19 +6760,19 @@ CVE-2015-7346 (SQL injection vulnerability in ZCMS 1.1. ...)
 CVE-2015-7345
 	RESERVED
 CVE-2015-7344 (HikaShop Joomla Component before 2.6.0 has XSS via an injected payload ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7343 (JNews Joomla Component before 8.5.0 has XSS via the mailingsearch para ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7342 (JNews Joomla Component before 8.5.0 allows SQL injection via upload th ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7341 (JNews Joomla Component before 8.5.0 allows arbitrary File Upload via S ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7340 (JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid i ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7339 (JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7338 (SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via e ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7336
 	RESERVED
 CVE-2015-7335
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 559b5eb8e4..cc85c27de9 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -12655,7 +12655,7 @@ CVE-2016-6676 (Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm W
 CVE-2016-6675 (Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6674 (system_server in Android before 2016-10-05 on Nexus devices allows att ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Android
 CVE-2016-6673 (The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devic ...)
 	NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6672 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
@@ -29023,7 +29023,7 @@ CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48
 CVE-2016-1488 (Cross-site scripting (XSS) vulnerability in the login form in the inte ...)
 	NOT-FOR-US: Siemens
 CVE-2016-1487 (Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons  ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2016-1486 (A vulnerability in the email attachment scanning functionality of the  ...)
 	NOT-FOR-US: Siemens OZW OZW672
 CVE-2016-1485 (Cross-site scripting (XSS) vulnerability in Cisco Identity Services En ...)
@@ -29794,7 +29794,7 @@ CVE-2016-1161 (Cross-site request forgery (CSRF) vulnerability in ManageEngine P
 CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plug ...)
 	NOT-FOR-US: WP Favorite Posts plugin for WordPress
 CVE-2016-1159 (In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build ...)
-	TODO: check
+	NOT-FOR-US: ZOHO
 CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH  ...)
 	NOT-FOR-US: Corega
 CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Lo ...)
author	Moritz Muehlenhoff <jmm@debian.org>	2020-03-09 23:36:04 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2020-03-09 23:36:04 +0100
commit	9c7e43e6d181f99aa41cda2a6a316d8138cda78f (patch)
tree	7171b622f35245d93017baf64dcc709864e2e06c /data
parent	e9751430aaf9f96bee49d1eda6ce5aed2c3b0216 (diff)