Process several NFUs

author: Salvatore Bonaccorso <carnil@debian.org> 2021-06-12 09:34:51 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-06-12 09:35:48 +0200
commit: 627de489954aeb46c4ab2077268f4839aa59473a (patch)
tree: 6e60db1e6684bf265f252d7db908d5e859b31297 /data
parent: bfbb0e632d8d2774a2d5323fe1f3845bb002f761 (diff)
1 files changed, 123 insertions, 123 deletions
diff --git a/data/CVE/list b/data/CVE/list
index d9af74dec3..24ce7bac17 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -282,7 +282,7 @@ CVE-2021-34542
 CVE-2021-34541
 	RESERVED
 CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...)
 	NOT-FOR-US: CubeCoders AMP
 CVE-2021-34538
@@ -3210,7 +3210,7 @@ CVE-2021-33207
 CVE-2021-33206
 	RESERVED
 CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges  ...)
-	TODO: check
+	NOT-FOR-US: Western Digital
 CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...)
 	- libvirt <not-affected> (Vulnerable code never in a released version)
 	NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1)
@@ -3871,11 +3871,11 @@ CVE-2021-32934
 CVE-2021-32933
 	RESERVED
 CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2021-32931
 	RESERVED
 CVE-2021-32930 (The affected product&#8217;s configuration is vulnerable due to missin ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2021-32929
 	RESERVED
 CVE-2021-32928
@@ -13852,7 +13852,7 @@ CVE-2021-28816
 CVE-2021-28815
 	RESERVED
 CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28813
 	RESERVED
 CVE-2021-28812 (A command injection vulnerability has been reported to affect certain  ...)
@@ -13870,7 +13870,7 @@ CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been repor
 CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP NAS run ...)
 	NOT-FOR-US: QNAP
 CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28804
 	RESERVED
 CVE-2021-28803
@@ -13878,7 +13878,7 @@ CVE-2021-28803
 CVE-2021-28802
 	RESERVED
 CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28800
 	RESERVED
 CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...)
@@ -17162,11 +17162,11 @@ CVE-2021-27412
 CVE-2021-27411
 	RESERVED
 CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...)
-	TODO: check
+	NOT-FOR-US: Welch Allyn
 CVE-2021-27409
 	RESERVED
 CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, which can ...)
-	TODO: check
+	NOT-FOR-US: Welch Allyn
 CVE-2021-27407
 	RESERVED
 CVE-2021-27406
@@ -17680,7 +17680,7 @@ CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in
 CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated  ...)
 	NOT-FOR-US: Endian Firewall Community (aka EFW)
 CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account due to t ...)
-	TODO: check
+	NOT-FOR-US: WoWonder
 CVE-2021-27199
 	RESERVED
 CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server through 11.0 ...)
@@ -18117,15 +18117,15 @@ CVE-2021-26999
 CVE-2021-26998
 	RESERVED
 CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
-	TODO: check
+	NOT-FOR-US: E-Series SANtricity OS Controller Software
 CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
-	TODO: check
+	NOT-FOR-US: E-Series SANtricity OS Controller Software
 CVE-2021-26995 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
-	TODO: check
+	NOT-FOR-US: E-Series SANtricity OS Controller Software
 CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...)
 	NOT-FOR-US: Clustered Data ONTAP (NetApp)
 CVE-2021-26993 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
-	TODO: check
+	NOT-FOR-US: E-Series SANtricity OS Controller Software
 CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...)
 	NOT-FOR-US: Cloud Manager (NetApp)
 CVE-2021-26991 (Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin ...)
@@ -18561,9 +18561,9 @@ CVE-2021-26831
 CVE-2021-26830 (SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote att ...)
 	NOT-FOR-US: Tribalsystems Zenario CMS
 CVE-2021-26829 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...)
-	TODO: check
+	NOT-FOR-US: OpenPLC ScadaBR
 CVE-2021-26828 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...)
-	TODO: check
+	NOT-FOR-US: OpenPLC ScadaBR
 CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...)
 	NOT-FOR-US: TP-Link
 CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...)
@@ -20319,11 +20319,11 @@ CVE-2021-23220
 CVE-2021-23212
 	RESERVED
 CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...)
-	TODO: check
+	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23199
 	RESERVED
 CVE-2021-23197
@@ -20333,7 +20333,7 @@ CVE-2021-23193
 CVE-2021-23185
 	RESERVED
 CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23167
 	RESERVED
 CVE-2021-23162
@@ -20343,9 +20343,9 @@ CVE-2021-23155
 CVE-2021-23146
 	RESERVED
 CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...)
-	TODO: check
+	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...)
-	TODO: check
+	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...)
 	NOT-FOR-US: LivingLogic XIST4C
 CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...)
@@ -22102,91 +22102,91 @@ CVE-2021-25427
 CVE-2021-25426
 	RESERVED
 CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to version 6.17 a ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk prior to ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25423 (Improper log management vulnerability in Watch Active2 PlugIn prior to ...)
-	TODO: check
+	NOT-FOR-US: Watch Active2 PlugIn
 CVE-2021-25422 (Improper log management vulnerability in Watch Active PlugIn prior to  ...)
-	TODO: check
+	NOT-FOR-US: Watch Active2 PlugIn
 CVE-2021-25421 (Improper log management vulnerability in Galaxy Watch3 PlugIn prior to ...)
-	TODO: check
+	NOT-FOR-US: Galaxy Watch3 PlugIn
 CVE-2021-25420 (Improper log management vulnerability in Galaxy Watch PlugIn prior to  ...)
-	TODO: check
+	NOT-FOR-US: Galaxy Watch PlugIn
 CVE-2021-25419 (Non-compliance of recommended secure coding scheme in Samsung Internet ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25418 (Improper component protection vulnerability in Samsung Internet prior  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25417 (Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25416 (Assuming EL1 is compromised, an improper address validation in RKP pri ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25415 (Assuming EL1 is compromised, an improper address validation in RKP pri ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25414 (Improper sanitization of incoming intent in Samsung Contacts prior to  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25413 (Improper sanitization of incoming intent in Samsung Contacts prior to  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25412 (An improper access control vulnerability in genericssoservice prior to ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25411 (Improper address validation vulnerability in RKP api prior to SMR JUN- ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25410 (Improper access control of a component in CallBGProvider prior to SMR  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25409 (Improper access in Notification setting prior to SMR JUN-2021 Release  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25408 (A possible buffer overflow vulnerability in NPU driver prior to SMR JU ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25407 (A possible out of bounds write vulnerability in NPU driver prior to SM ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25406 (Information exposure vulnerability in Gear S Plugin prior to version 2 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25405 (An improper access control vulnerability in ScreenOffActivity in Samsu ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25404 (Information Exposure vulnerability in SmartThings prior to version 1.7 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25403 (Intent redirection vulnerability in Samsung Account prior to version 1 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25402 (Information Exposure vulnerability in Samsung Notes prior to version 4 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25401 (Intent redirection vulnerability in Samsung Health prior to version 6. ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25400 (Intent redirection vulnerability in Samsung Internet prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25399 (Improper configuration in Smart Manager prior to version 11.0.05.0 all ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25398 (Intent redirection vulnerability in Bixby Voice prior to version 3.1.1 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25397 (An improper access control vulnerability in TelephonyUI prior to SMR M ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25396 (An improper input validation vulnerability in NPU firmware prior to SM ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25395 (A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25394 (A use after free vulnerability via race condition in MFC charger drive ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25393 (Improper sanitization of incoming intent in SecSettings prior to SMR M ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25392 (Improper protection of backup path configuration in Samsung Dex prior  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25391 (Intent redirection vulnerability in Secure Folder prior to SMR MAY-202 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25390 (Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 R ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25389 (Improper running task check in S Secure prior to SMR MAY-2021 Release  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25388 (Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25387 (An improper input validation vulnerability in sflacfd_get_frm() in lib ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25386 (An improper input validation vulnerability in sdfffd_parse_chunk_FVER( ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25385 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25384 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25383 (An improper input validation vulnerability in scmn_mfal_read() in libs ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25382 (An improper authorization of using debugging command in Secure Folder  ...)
 	NOT-FOR-US: Samsung
 CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in  ...)
@@ -25148,7 +25148,7 @@ CVE-2021-24037
 CVE-2021-24036
 	RESERVED
 CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...)
-	TODO: check
+	NOT-FOR-US: WhatsApp
 CVE-2021-24034
 	RESERVED
 CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...)
@@ -27691,7 +27691,7 @@ CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable t
 CVE-2021-22914
 	RESERVED
 CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Deck
 CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...)
 	TODO: check
 CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...)
@@ -27707,7 +27707,7 @@ CVE-2021-22907 (An improper access control vulnerability exists in Citrix Worksp
 CVE-2021-22906 (Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers  ...)
 	TODO: check
 CVE-2021-22905 (Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnera ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Android App (com.nextcloud.client)
 CVE-2021-22904 (The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ...)
 	{DSA-4929-1 DLA-2655-1}
 	- rails 2:6.0.3.7+dfsg-1 (bug #988214)
@@ -28037,45 +28037,45 @@ CVE-2021-22770
 CVE-2021-22769 (A CWE-269: Improper Privilege Management vulnerability exists in Enerl ...)
 	TODO: check
 CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
-	TODO: check
+	NOT-FOR-US: PowerLogic EGX300
 CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
-	TODO: check
+	NOT-FOR-US: PowerLogic EGX300
 CVE-2021-22766 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
-	TODO: check
+	NOT-FOR-US: PowerLogic EGX300
 CVE-2021-22765 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
-	TODO: check
+	NOT-FOR-US: PowerLogic
 CVE-2021-22764 (A CWE-287: Improper Authentication vulnerability exists in PowerLogic  ...)
-	TODO: check
+	NOT-FOR-US: PowerLogic
 CVE-2021-22763 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...)
-	TODO: check
+	NOT-FOR-US: PowerLogic
 CVE-2021-22762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22761 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22760 (A CWE-763: Release of invalid pointer or reference vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22759 (A CWE-416: Use after free vulnerability exists inIGSS Definition (Def. ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22758 (A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22757 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22756 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22755 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22754 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22753 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22752 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22751 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22748
 	RESERVED
 CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
@@ -30136,7 +30136,7 @@ CVE-2021-21835
 CVE-2021-21834
 	RESERVED
 CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21832
 	RESERVED
 CVE-2021-21831
@@ -30154,7 +30154,7 @@ CVE-2021-21826
 CVE-2021-21825
 	RESERVED
 CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420  ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21823
 	RESERVED
 CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
@@ -30186,7 +30186,7 @@ CVE-2021-21810
 CVE-2021-21809
 	RESERVED
 CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21807
 	RESERVED
 CVE-2021-21806
@@ -30212,7 +30212,7 @@ CVE-2021-21797
 CVE-2021-21796
 	RESERVED
 CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21794
 	RESERVED
 CVE-2021-21793
@@ -34212,7 +34212,7 @@ CVE-2021-20734
 CVE-2021-20733
 	RESERVED
 CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 an ...)
-	TODO: check
+	NOT-FOR-US: ATOM (ATOM - Smart life App)
 CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver ...)
 	NOT-FOR-US: WSR-1166DHP3 firmware
 CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.1 ...)
@@ -34220,7 +34220,7 @@ CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware V
 CVE-2021-20729
 	RESERVED
 CVE-2021-20728 (Improper access control vulnerability in goo blog App for Android ver. ...)
-	TODO: check
+	NOT-FOR-US: goo blog App
 CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...)
 	NOT-FOR-US: Zettlr
 CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...)
@@ -34497,7 +34497,7 @@ CVE-2021-20593
 CVE-2021-20592
 	RESERVED
 CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model all ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...)
@@ -47052,19 +47052,19 @@ CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for W
 CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...)
 	NOT-FOR-US: Intel
 CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0099
 	RESERVED
 CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0096
 	RESERVED
 CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Processors m ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0093
 	RESERVED
 CVE-2021-0092
@@ -47072,7 +47072,7 @@ CVE-2021-0092
 CVE-2021-0091
 	RESERVED
 CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow  ...)
 	- xen <unfixed>
 	[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -47104,27 +47104,27 @@ CVE-2021-0079
 CVE-2021-0078
 	RESERVED
 CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0076
 	RESERVED
 CVE-2021-0075
 	RESERVED
 CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0072
 	RESERVED
 CVE-2021-0071
 	RESERVED
 CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0069
 	RESERVED
 CVE-2021-0068
 	RESERVED
 CVE-2021-0067 (&amp;nbsp;Improper access control in system firmware for some Intel(R) ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0066
 	RESERVED
 CVE-2021-0065
@@ -47142,21 +47142,21 @@ CVE-2021-0060
 CVE-2021-0059
 	RESERVED
 CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0057 (Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pac ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0056 (Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Dri ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0055 (Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0054 (Improper buffer restrictions in system firmware for some Intel(R) NUCs ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0053
 	RESERVED
 CVE-2021-0052 (Incorrect default privileges in the Intel(R) Computing Improvement Pro ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0051 (Improper input validation in the Intel(R) SPS versions before SPS_E5_0 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0050
 	RESERVED
 CVE-2021-0049
@@ -47256,7 +47256,7 @@ CVE-2021-0003
 CVE-2021-0002
 	RESERVED
 CVE-2021-0001 (Observable timing discrepancy in Intel(R) IPP before version 2020 upda ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-27669
 	RESERVED
 CVE-2020-27668
@@ -47894,7 +47894,7 @@ CVE-2020-27386 (An unrestricted file upload issue in FlexDotnetCMS before v1.5.9
 CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/)  ...)
 	NOT-FOR-US: FlexDotnetCMS
 CVE-2020-27384 (The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an ...)
-	TODO: check
+	NOT-FOR-US: Guild Wars 2 launcher
 CVE-2020-27383 (Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of ...)
 	TODO: check
 CVE-2020-27382
@@ -50833,7 +50833,7 @@ CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access P
 	NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
 	NOTE: https://lore.kernel.org/linux-wireless/20210511200110.cb327ed0cabe.Ib7dcffa2a31f0913d660de65ba3c8aca75b1d10f@changeid/
 CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brackets in ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe
 CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...)
 	- python-urllib3 1.25.9-1
 	[buster] - python-urllib3 <no-dsa> (Minor issue)
@@ -54388,15 +54388,15 @@ CVE-2020-24673 (In S+ Operations and S+ Historian, a successful SQL injection ex
 CVE-2020-24672
 	RESERVED
 CVE-2020-24671 (Trace Financial CRESTBridge &lt;6.3.0.02 contains an authenticated SQL ...)
-	TODO: check
+	NOT-FOR-US: Trace Financial CRESTBridge
 CVE-2020-24670 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
 	NOT-FOR-US: Hitachi
 CVE-2020-24669 (The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x c ...)
 	NOT-FOR-US: Hitachi
 CVE-2020-24668 (Trace Financial Crest Bridge &lt;6.3.0.02 contains a stored XSS vulner ...)
-	TODO: check
+	NOT-FOR-US: Trace Financial CRESTBridge
 CVE-2020-24667 (Trace Financial CRESTBridge &lt;6.3.0.02 contains an authenticated SQL ...)
-	TODO: check
+	NOT-FOR-US: Trace Financial CRESTBridge
 CVE-2020-24666 (The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x conta ...)
 	NOT-FOR-US: Hitachi
 CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
@@ -54404,7 +54404,7 @@ CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.
 CVE-2020-24664 (The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
 	NOT-FOR-US: Hitachi
 CVE-2020-24663 (Trace Financial CRESTBridge &lt;6.3.0.02 contains a stored XSS vulnera ...)
-	TODO: check
+	NOT-FOR-US: Trace Financial CRESTBridge
 CVE-2020-24662 (SmartStream Transaction Lifecycle Management (TLM) Reconciliation Prem ...)
 	TODO: check
 CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate verificati ...)
@@ -54766,11 +54766,11 @@ CVE-2020-24518
 CVE-2020-24517
 	RESERVED
 CVE-2020-24516 (Modification of assumed-immutable data in subsystem in Intel(R) CSME v ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-24515 (Protection mechanism failure in some Intel(R) RealSense(TM) IDs may al ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-24514 (Improper authentication in some Intel(R) RealSense(TM) IDs may allow a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-24513 (Domain-bypass transient execution vulnerability in some Intel Atom(R)  ...)
 	- intel-microcode 3.20210608.1 (bug #989615)
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
author	Salvatore Bonaccorso <carnil@debian.org>	2021-06-12 09:34:51 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-06-12 09:35:48 +0200
commit	627de489954aeb46c4ab2077268f4839aa59473a (patch)
tree	6e60db1e6684bf265f252d7db908d5e859b31297 /data
parent	bfbb0e632d8d2774a2d5323fe1f3845bb002f761 (diff)