NFUs

drop one TODO for mongo-driver, if relevant it would get handled via k8s

2 files changed, 9 insertions, 9 deletions

diff --git a/data/CVE/list.2012 b/data/CVE/list.2012
index 41ac24d65d..8f2de1d6de 100644
--- a/data/CVE/list.2012
+++ b/data/CVE/list.2012
@@ -10082,7 +10082,7 @@ CVE-2012-2667 (Session fixation vulnerability in lib/user/sfBasicSecurityUser.cl
 	NOTE: http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
 	NOTE: http://trac.symfony-project.org/changeset/33466?format=diff&new=33466
 CVE-2012-2666 (golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/ ...)
-	TODO: check
+	NOT-FOR-US: Historic Go issue
 CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest encryption ta ...)
 	{DSA-2520-1}
 	- libreoffice 1:3.5.4-7
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index e5ffa5f744..6dd5cc753c 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,11 +1,11 @@
 CVE-2021-36774
 	RESERVED
 CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
-	TODO: check
+	NOT-FOR-US: uBlock Origin
 CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-36770
 	RESERVED
 CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...)
@@ -58,7 +58,7 @@ CVE-2021-36749
 CVE-2021-3650
 	RESERVED
 CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...)
-	TODO: check
+	NOT-FOR-US: chatwoot
 CVE-2021-36748
 	RESERVED
 CVE-2021-36747
@@ -6189,7 +6189,7 @@ CVE-2021-33913
 CVE-2021-33912
 	RESERVED
 CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-33910
 	RESERVED
 CVE-2021-33909
@@ -6943,7 +6943,7 @@ CVE-2021-33594
 CVE-2021-33593
 	RESERVED
 CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...)
-	TODO: check
+	NOT-FOR-US: NAVER Toolbar
 CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...)
 	NOT-FOR-US: Naver Comic Viewer
 CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...)
@@ -20000,7 +20000,7 @@ CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations
 CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...)
 	NOT-FOR-US: MyBB addon
 CVE-2021-28114 (Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace co ...)
-	TODO: check
+	NOT-FOR-US: Froala WYSIWYG Editor
 CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain  ...)
 	NOT-FOR-US: Okta Access Gateway
 CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...)
@@ -37791,10 +37791,10 @@ CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publi
 CVE-2021-20330
 	RESERVED
 CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...)
+	NOT-FOR-US: mongo-driver
 	NOTE: https://jira.mongodb.org/browse/GODRIVER-1923
 	NOTE: https://github.com/mongodb/mongo-go-driver/pull/622
 	NOTE: https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118 (v1.5.1)
-	TODO: check, mongo-driver driver embedded in src:kubernetes
 CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
 	- mongo-java-driver <not-affected> (Vulnerable code introduce later)
 	NOTE: https://jira.mongodb.org/browse/JAVA-4017