NFUs

2 files changed, 34 insertions, 34 deletions

diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index 03c3b31288..6d4857f3e9 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -19,7 +19,7 @@ CVE-2019-20898
 CVE-2019-20897
 	RESERVED
 CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...)
-	TODO: check
+	NOT-FOR-US: WebChess
 CVE-2019-20895
 	RESERVED
 CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions to proce ...)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 0edf627fb1..d308a01193 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -89,9 +89,9 @@ CVE-2020-15602
 CVE-2020-15601
 	RESERVED
 CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...)
-	TODO: check
+	NOT-FOR-US: CMSUno
 CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...)
-	TODO: check
+	NOT-FOR-US: Victor CMS
 CVE-2020-15598
 	RESERVED
 CVE-2020-15597
@@ -276,15 +276,15 @@ CVE-2020-15519
 CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup &a ...)
 	NOT-FOR-US: Veeam
 CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x th ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be  ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code Executio ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYP ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access  ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2020-15512
 	RESERVED
 CVE-2020-15511
@@ -1168,7 +1168,7 @@ CVE-2020-15098
 CVE-2020-15097
 	RESERVED
 CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...)
-	TODO: check
+	- electron <itp> (bug #842420)
 CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...)
 	TODO: check
 CVE-2020-15094
@@ -1289,25 +1289,25 @@ CVE-2020-15039
 CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2020-15027
 	RESERVED
 CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../  ...)
@@ -1356,7 +1356,7 @@ CVE-2020-15010
 CVE-2020-15009
 	RESERVED
 CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...)
-	TODO: check
+	NOT-FOR-US: Connectwise
 CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...)
 	- rbdoom3bfg <unfixed> (unimportant)
 	NOTE: https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec
@@ -6291,7 +6291,7 @@ CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of serv
 CVE-2020-12822
 	RESERVED
 CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...)
-	TODO: check
+	NOT-FOR-US: Gossipsub
 CVE-2020-12820
 	RESERVED
 CVE-2020-12819
@@ -6527,7 +6527,7 @@ CVE-2020-12738
 CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...)
 	NOT-FOR-US: Maxum Rumpus
 CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Code42
 CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...)
 	NOT-FOR-US: DomainMOD
 CVE-2020-12734
@@ -8597,7 +8597,7 @@ CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code exe
 CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...)
 	NOT-FOR-US: Divante vue-storefront-api
 CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the canvasm.myo2 ...)
-	TODO: check
+	NOT-FOR-US: O2 Business
 CVE-2020-11881
 	RESERVED
 CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...)
@@ -14995,9 +14995,9 @@ CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection by
 CVE-2020-9263
 	RESERVED
 CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
-	TODO: check
+	NOT-FOR-US: HUAWEI
 CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
-	TODO: check
+	NOT-FOR-US: HUAWEI
 CVE-2020-9260
 	RESERVED
 CVE-2020-9259
@@ -15067,7 +15067,7 @@ CVE-2020-9228
 CVE-2020-9227
 	RESERVED
 CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
-	TODO: check
+	NOT-FOR-US: HUAWEI
 CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...)
 	TODO: check
 CVE-2020-9224
@@ -15319,7 +15319,7 @@ CVE-2020-9102
 CVE-2020-9101
 	RESERVED
 CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...)
@@ -16614,11 +16614,11 @@ CVE-2020-8523
 CVE-2020-8522
 	RESERVED
 CVE-2020-8521 (SQL injection with start and length parameters in Records.php for phpz ...)
-	TODO: check
+	NOT-FOR-US: phpzag
 CVE-2020-8520 (SQL injection in order and column parameters in Records.php for phpzag ...)
-	TODO: check
+	NOT-FOR-US: phpzag
 CVE-2020-8519 (SQL injection with the search parameter in Records.php for phpzag live ...)
-	TODO: check
+	NOT-FOR-US: phpzag
 CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...)
 	{DLA-2174-1}
 	- php-horde-data <unfixed> (bug #951537)
@@ -26594,13 +26594,13 @@ CVE-2020-4079
 CVE-2020-4078
 	RESERVED
 CVE-2020-4077 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...)
-	TODO: check
+	- electron <itp> (bug #842420)
 CVE-2020-4076 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...)
-	TODO: check
+	- electron <itp> (bug #842420)
 CVE-2020-4075 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary  ...)
-	TODO: check
+	- electron <itp> (bug #842420)
 CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the aut ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-4073
 	RESERVED
 CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are created for ...)