Process some NFUs

author: Salvatore Bonaccorso <carnil@debian.org> 2020-12-31 16:41:03 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-12-31 16:41:03 +0100
commit: d1479ffc243e20404808972046313bdc81fd678a (patch)
tree: 5d5e29dd7c22ad62be22058c88e18469d3f845e3 /data
parent: 3d4992882736f63f5d15369662724d6218dbbe81 (diff)
4 files changed, 16 insertions, 16 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 7a5b484ed8..255f11c3ee 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -6323,17 +6323,17 @@ CVE-2016-9028 (Unauthorized redirect vulnerability in Citrix NetScaler ADC befor
 CVE-2016-9027
 	RESERVED
 CVE-2016-9026 (Exponent CMS before 2.6.0 has improper input validation in fileControl ...)
-	TODO: check
+	NOT-FOR-US: Exponent CMS
 CVE-2016-9025 (Exponent CMS before 2.6.0 has improper input validation in purchaseOrd ...)
-	TODO: check
+	NOT-FOR-US: Exponent CMS
 CVE-2016-9024
 	RESERVED
 CVE-2016-9023 (Exponent CMS before 2.6.0 has improper input validation in cron/find_h ...)
-	TODO: check
+	NOT-FOR-US: Exponent CMS
 CVE-2016-9022 (Exponent CMS before 2.6.0 has improper input validation in usersContro ...)
-	TODO: check
+	NOT-FOR-US: Exponent CMS
 CVE-2016-9021 (Exponent CMS before 2.6.0 has improper input validation in storeContro ...)
-	TODO: check
+	NOT-FOR-US: Exponent CMS
 CVE-2016-9020 (SQL injection vulnerability in framework/modules/help/controllers/help ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2016-9019 (SQL injection vulnerability in the activate_address function in framew ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index e0e99e7774..72d2042f74 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -12127,7 +12127,7 @@ CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1
 CVE-2018-16796 (HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files wit ...)
 	NOT-FOR-US: HiScout GRC Suite
 CVE-2018-16795 (OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/a ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory  ...)
 	NOT-FOR-US: Microsoft ADFS 4.0 Windows Server
 CVE-2018-16793 (Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions ...)
@@ -19247,7 +19247,7 @@ CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnera
 CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
 	NOT-FOR-US: SRCMS
 CVE-2018-14067 (Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injec ...)
-	TODO: check
+	NOT-FOR-US: Green Packet WiMax DV-360 devices
 CVE-2018-14066 (The content://wappush content provider in com.android.provider.telepho ...)
 	NOT-FOR-US: Lenovo
 CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index b3787aedc4..1e88c7b895 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -21282,7 +21282,7 @@ CVE-2019-12770
 CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 ...)
 	NOT-FOR-US: SolarWinds
 CVE-2019-12768 (An issue was discovered on D-Link DAP-1650 devices through v1.03b07 be ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-12767 (An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H ...)
 	NOT-FOR-US: D-Link
 CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...)
@@ -35783,9 +35783,9 @@ CVE-2019-7728 (An issue was discovered in the Bosch Smart Camera App before 1.3.
 CVE-2019-7727 (In NICE Engage through 6.5, the default configuration binds an unauthe ...)
 	NOT-FOR-US: NICE Engage
 CVE-2019-7726 (modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL IN ...)
-	TODO: check
+	NOT-FOR-US: NukeViet
 CVE-2019-7725 (includes/core/is_user.php in NukeViet before 4.3.04 deserializes the u ...)
-	TODO: check
+	NOT-FOR-US: NukeViet
 CVE-2019-7724
 	RESERVED
 CVE-2019-7723
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 3d7032026a..1af64ab32e 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -164,7 +164,7 @@ CVE-2020-35776
 CVE-2020-35775
 	RESERVED
 CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...)
-	TODO: check
+	NOT-FOR-US: Twitter TwitterServer
 CVE-2020-35773 (The site-offline plugin before 1.4.4 for WordPress lacks certain wp_cr ...)
 	NOT-FOR-US: site-offline plugin for WordPress
 CVE-2020-35772
@@ -242,7 +242,7 @@ CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples i
 	NOTE: https://github.com/dbry/WavPack/issues/91
 	NOTE: https://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0
 CVE-2020-35737 (In Correspondence Management System (corms) in Newgen eGov 12.0, an at ...)
-	TODO: check
+	NOT-FOR-US: Correspondence Management System (corms) in Newgen eGov
 CVE-2020-35736 (GateOne 1.1 allows arbitrary file download without authentication via  ...)
 	NOT-FOR-US: GateOne
 CVE-2020-35735 (Vidyo 02-09-/D allows clickjacking via the portal/ URI. ...)
@@ -5170,7 +5170,7 @@ CVE-2020-28097
 CVE-2020-28096 (FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART acc ...)
 	NOT-FOR-US: FOSCAM FHD
 CVE-2020-28095 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP PO ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2020-28094 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default set ...)
 	NOT-FOR-US: Tenda
 CVE-2020-28093 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, ...)
@@ -23304,7 +23304,7 @@ CVE-2020-19666
 CVE-2020-19665
 	RESERVED
 CVE-2020-19664 (DrayTek Vigor2960 1.5.1 allows remote command execution via shell meta ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor2960
 CVE-2020-19663
 	RESERVED
 CVE-2020-19662
@@ -27991,7 +27991,7 @@ CVE-2020-17365 (Improper directory permissions in the Hotspot Shield VPN client
 CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. ...)
 	NOT-FOR-US: User-friendly SVN
 CVE-2020-17363 (USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution ...)
-	TODO: check
+	NOT-FOR-US: User-friendly SVN
 CVE-2020-17362 (search.php in the Nova Lite theme before 1.3.9 for WordPress allows Re ...)
 	NOT-FOR-US: Nova Lite theme for WordPress
 CVE-2020-17361 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
@@ -37033,7 +37033,7 @@ CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implement
 CVE-2020-13655 (An issue was discovered in Collabtive 3.0 and later. managefile.php is ...)
 	- collabtive <removed>
 CVE-2020-13654 (XWiki Platform before 12.8 mishandles escaping in the property display ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra Collabo ...)
 	NOT-FOR-US: Zimbra
 CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2020-12-31 16:41:03 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-12-31 16:41:03 +0100
commit	d1479ffc243e20404808972046313bdc81fd678a (patch)
tree	5d5e29dd7c22ad62be22058c88e18469d3f845e3 /data
parent	3d4992882736f63f5d15369662724d6218dbbe81 (diff)