NFUs

author: Moritz Muehlenhoff <jmm@debian.org> 2021-09-24 11:27:20 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2021-09-24 11:27:20 +0200
commit: 264a1cba7b8f530e8ee0fe7f296ebea8617ddf43 (patch)
tree: fc39606b1088c302930d87ee8d7312d7aa186b2b /data
parent: 51436461a6834ef2b48513ed6b722a6832ec500b (diff)
1 files changed, 20 insertions, 20 deletions
diff --git a/data/CVE/list b/data/CVE/list
index b9933b4bce..d2713a2b55 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,9 +1,9 @@
 CVE-2021-41585
 	RESERVED
 CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a  ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...)
-	TODO: check
+	NOT-FOR-US: vpn-user-portal
 CVE-2021-41582
 	RESERVED
 CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints. ...)
@@ -55,7 +55,7 @@ CVE-2021-41561
 CVE-2021-3825
 	RESERVED
 CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...)
-	TODO: check
+	NOT-FOR-US: OpenVPN Access Server
 CVE-2021-3823
 	RESERVED
 CVE-2021-3822
@@ -1062,7 +1062,7 @@ CVE-2021-41088 (Elvish is a programming language and interactive shell, combined
 CVE-2021-41087 (in-toto-golang is a go implementation of the in-toto framework to prot ...)
 	TODO: check
 CVE-2021-41086 (jsuites is an open source collection of common required javascript web ...)
-	TODO: check
+	NOT-FOR-US: jsuites
 CVE-2021-41085
 	RESERVED
 CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...)
@@ -19950,7 +19950,7 @@ CVE-2021-33001
 CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...)
 	NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while  ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32998
 	RESERVED
 CVE-2021-32997
@@ -19974,7 +19974,7 @@ CVE-2021-32989
 CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...)
 	NOT-FOR-US: FATEK Automation WinProladder
 CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command  ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32986
 	RESERVED
 CVE-2021-32985
@@ -19990,7 +19990,7 @@ CVE-2021-32981
 CVE-2021-32980
 	RESERVED
 CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32978
 	RESERVED
 CVE-2021-32977
@@ -20006,7 +20006,7 @@ CVE-2021-32973
 CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...)
 	NOT-FOR-US: Panasonic
 CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command  ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32970
 	RESERVED
 CVE-2021-32969
@@ -20022,7 +20022,7 @@ CVE-2021-32965
 CVE-2021-32964
 	RESERVED
 CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32962
 	RESERVED
 CVE-2021-32961
@@ -20030,7 +20030,7 @@ CVE-2021-32961
 CVE-2021-32960
 	RESERVED
 CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32958
 	RESERVED
 CVE-2021-32957
@@ -22699,7 +22699,7 @@ CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on
 	NOTE: https://github.com/Yubico/pam-u2f/issues/175
 	NOTE: Support for PIN verification introduced in 1.1.0.
 CVE-2021-31923 (Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling vi ...)
-	TODO: check
+	NOT-FOR-US: Ping Identity PingAccess
 CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffi ...)
 	NOT-FOR-US: Pulse Secure
 CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...)
@@ -35759,7 +35759,7 @@ CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating syst
 CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...)
 	NOT-FOR-US: NeDi
 CVE-2021-26750 (DLL hijacking in Panda Agent &lt;=1.16.11 in Panda Security, S.L.U. Pa ...)
-	TODO: check
+	NOT-FOR-US: Panda Agent
 CVE-2021-26749
 	RESERVED
 CVE-2021-26748
@@ -44748,7 +44748,7 @@ CVE-2021-22954
 CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...)
-	TODO: check
+	NOT-FOR-US: UniFI Talk
 CVE-2021-22951
 	RESERVED
 CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachme ...)
@@ -44756,7 +44756,7 @@ CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing at
 CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to d ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver &lt; ...)
-	TODO: check
+	NOT-FOR-US: revive-adserver
 CVE-2021-22947 [STARTTLS protocol injection via MITM]
 	RESERVED
 	- curl <unfixed>
@@ -72969,7 +72969,7 @@ CVE-2020-24329
 CVE-2020-24328
 	RESERVED
 CVE-2020-24327 (Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2020-24326
 	RESERVED
 CVE-2020-24325
@@ -74726,7 +74726,7 @@ CVE-2020-23480
 CVE-2020-23479
 	RESERVED
 CVE-2020-23478 (Leo Editor v6.2.1 was discovered to contain a regular expression denia ...)
-	TODO: check
+	NOT-FOR-US: Leo Editor
 CVE-2020-23477
 	RESERVED
 CVE-2020-23476
@@ -82202,11 +82202,11 @@ CVE-2020-19953
 CVE-2020-19952
 	RESERVED
 CVE-2020-19951 (A cross-site request forgery (CSRF) in /controller/pay.class.php of Yz ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-19950 (A cross-site scripting (XSS) vulnerability in the /banner/add.html com ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-19949 (A cross-site scripting (XSS) vulnerability in the /link/add.html compo ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-19948
 	RESERVED
 CVE-2020-19947
@@ -89117,7 +89117,7 @@ CVE-2020-16632 (A XSS Vulnerability in /uploads/dede/action_search.php in DedeCM
 CVE-2020-16631
 	RESERVED
 CVE-2020-16630 (TI&#8217;s BLE stack caches and reuses the LTK&#8217;s property for a  ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments
 CVE-2020-16629 (PhpOK 5.4.137 contains a SQL injection vulnerability that can inject a ...)
 	NOT-FOR-US: PhpOK
 CVE-2020-16628
author	Moritz Muehlenhoff <jmm@debian.org>	2021-09-24 11:27:20 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2021-09-24 11:27:20 +0200
commit	264a1cba7b8f530e8ee0fe7f296ebea8617ddf43 (patch)
tree	fc39606b1088c302930d87ee8d7312d7aa186b2b /data
parent	51436461a6834ef2b48513ed6b722a6832ec500b (diff)