Process some NFUs

author: Salvatore Bonaccorso <carnil@debian.org> 2021-01-20 09:15:31 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-01-20 09:22:49 +0100
commit: ba51a3e3fc680e0c8aa0a137ab0361e35c4b8837 (patch)
tree: cdd45737d12a01a76b88d5bf5a9c7427f23891e1
parent: 11cffb7d79e8ab6c0f75746aea9084a8ac27ae27 (diff)
1 files changed, 24 insertions, 24 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 099b1ab35c..929b702523 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3555,7 +3555,7 @@ CVE-2021-23937
 CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypas ...)
 	NOT-FOR-US: Discourse
 CVE-2021-3137 (XWiki 12.10.2 allows XSS via an SVG document to the upload feature of  ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2021-3136
 	RESERVED
 CVE-2021-3135
@@ -14035,9 +14035,9 @@ CVE-2020-35131 (Cockpit before 0.6.1 allows an attacker to inject custom PHP cod
 CVE-2020-35130
 	RESERVED
 CVE-2020-35129 (Mautic before 3.2.4 is affected by stored XSS. An attacker with access ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2020-35128 (Mautic before 3.2.4 is affected by stored XSS. An attacker with permis ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.j ...)
 	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct ...)
@@ -15826,7 +15826,7 @@ CVE-2020-29599 (ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles
 	NOTE:   '-authenticate' replaced by '-define authenticate=' between 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1) and 83ec5b above
 	NOTE: - bimodal ('-define delegate:bimodal=true' + pdf->(e)ps delegates, %a expansion) after 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2)
 CVE-2020-29598 (The My AIA SG application 1.2.6 for Android allows attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US:  My AIA SG application for Android
 CVE-2020-29597 (IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file  ...)
 	NOT-FOR-US: IncomCMS
 CVE-2020-29596 (MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial o ...)
@@ -18096,7 +18096,7 @@ CVE-2020-28709
 CVE-2020-28708
 	RESERVED
 CVE-2020-28707 (The Stockdio Historical Chart plugin before 2.8.1 for WordPress is aff ...)
-	TODO: check
+	NOT-FOR-US: Stockdio Historical Chart plugin for WordPress
 CVE-2020-28706
 	RESERVED
 CVE-2020-28705
@@ -22821,11 +22821,11 @@ CVE-2020-27854
 CVE-2020-27853 (Wire before 2020-10-16 allows remote attackers to cause a denial of se ...)
 	NOT-FOR-US: Wire app
 CVE-2020-27852 (A stored Cross-Site Scripting (XSS) vulnerability in the survey featur ...)
-	TODO: check
+	NOT-FOR-US: Rocketgenius Gravity Forms
 CVE-2020-27851 (Multiple stored HTML injection vulnerabilities in the "poll" and "quiz ...)
-	TODO: check
+	NOT-FOR-US: Rocketgenius Gravity Forms
 CVE-2020-27850 (A stored Cross-Site Scripting (XSS) vulnerability in forms import feat ...)
-	TODO: check
+	NOT-FOR-US: Rocketgenius Gravity Forms
 CVE-2020-27849
 	RESERVED
 CVE-2020-27848 (dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /ap ...)
@@ -24702,7 +24702,7 @@ CVE-2020-27278
 CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointe ...)
 	NOT-FOR-US: Delta Electronics DOPSoft
 CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i &amp; AnyDana-A, the c ...)
-	TODO: check
+	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27275 (Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to  ...)
 	NOT-FOR-US: Delta Electronics DOPSoft
 CVE-2020-27274
@@ -24710,23 +24710,23 @@ CVE-2020-27274
 CVE-2020-27273
 	RESERVED
 CVE-2020-27272 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The commun ...)
-	TODO: check
+	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27271
 	RESERVED
 CVE-2020-27270 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communicat ...)
-	TODO: check
+	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27269 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A,  ...)
-	TODO: check
+	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27268 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A,  ...)
-	TODO: check
+	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27267 (KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, Thin ...)
 	NOT-FOR-US: KEPServerEX
 CVE-2020-27266 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A,  ...)
-	TODO: check
+	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27265 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, Th ...)
 	NOT-FOR-US: KEPServerEX
 CVE-2020-27264 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A,  ...)
-	TODO: check
+	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27263 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, Th ...)
 	NOT-FOR-US: KEPServerEX
 CVE-2020-27262 (Innokas Yhtym&#228; Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
@@ -24738,11 +24738,11 @@ CVE-2020-27260 (Innokas Yhtym&#228; Oy Vital Signs Monitor VC150 prior to Versio
 CVE-2020-27259
 	RESERVED
 CVE-2020-27258 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A,  ...)
-	TODO: check
+	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27257
 	RESERVED
 CVE-2020-27256 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A,  ...)
-	TODO: check
+	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
 	NOT-FOR-US: FactoryTalk
 CVE-2020-27254 (Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, X ...)
@@ -41588,15 +41588,15 @@ CVE-2020-19366
 CVE-2020-19365
 	RESERVED
 CVE-2020-19364 (OpenEMR 5.0.1 allows an authenticated attacker to upload and execute m ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2020-19363 (Vtiger CRM v7.2.0 allows an attacker to display hidden files, list dir ...)
-	TODO: check
+	NOT-FOR-US: Vtiger CRM
 CVE-2020-19362 (Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the ...)
-	TODO: check
+	NOT-FOR-US: Vtiger CRM
 CVE-2020-19361 (Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1  ...)
-	TODO: check
+	NOT-FOR-US: Medintux
 CVE-2020-19360 (Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper fil ...)
-	TODO: check
+	NOT-FOR-US: FHEM
 CVE-2020-19359
 	RESERVED
 CVE-2020-19358
@@ -56560,9 +56560,9 @@ CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can
 CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure by interc ...)
 	NOT-FOR-US: D-Link
 CVE-2020-13134 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: Tufin SecureChange
 CVE-2020-13133 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: Tufin SecureChange
 CVE-2020-13132 (An issue was discovered in Yubico libykpiv before 2.1.0. An attacker c ...)
 	- yubico-piv-tool 2.1.1-1 (bug #972644)
 	[stretch] - yubico-piv-tool <not-affected> (Vulnerable code not present)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-01-20 09:15:31 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-01-20 09:22:49 +0100
commit	ba51a3e3fc680e0c8aa0a137ab0361e35c4b8837 (patch)
tree	cdd45737d12a01a76b88d5bf5a9c7427f23891e1
parent	11cffb7d79e8ab6c0f75746aea9084a8ac27ae27 (diff)