Process NFUs

author: Salvatore Bonaccorso <carnil@debian.org> 2022-02-12 10:23:08 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-02-12 10:23:08 +0100
commit: 5af9fa5e68f7849dca475590dcbd82a1d169c131 (patch)
tree: 50f2f643f0111bd22ca3643060eec7f2c2f0c889 /data
parent: faceac55759b72ae689fe3462bf68e1864f2d5c8 (diff)
2 files changed, 50 insertions, 50 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index a5ae115e54..19c38d422c 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -716,17 +716,17 @@ CVE-2021-46368
 CVE-2021-46367
 	RESERVED
 CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...)
 	NOT-FOR-US: Composr-CMS
 CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
@@ -3340,7 +3340,7 @@ CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at
 	NOTE: https://github.com/appneta/tcpreplay/issues/687
 	NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
 CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2021-45384
 	RESERVED
 CVE-2021-45383
@@ -4466,9 +4466,9 @@ CVE-2021-44959
 CVE-2021-44958
 	RESERVED
 CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2021-44955
 	RESERVED
 CVE-2021-44954
@@ -4585,9 +4585,9 @@ CVE-2021-44914
 CVE-2021-44913
 	RESERVED
 CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...)
-	TODO: check
+	NOT-FOR-US: XE
 CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...)
-	TODO: check
+	NOT-FOR-US: XE
 CVE-2021-44910
 	RESERVED
 CVE-2021-44909
@@ -5062,7 +5062,7 @@ CVE-2021-44545
 CVE-2021-44457
 	RESERVED
 CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-43351
 	RESERVED
 CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...)
@@ -5076,7 +5076,7 @@ CVE-2021-23188
 CVE-2021-23168
 	RESERVED
 CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-23145
 	RESERVED
 CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
@@ -5762,7 +5762,7 @@ CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the
 CVE-2021-44521 (When running Apache Cassandra with the following configuration: enable ...)
 	- cassandra <itp> (bug #585905)
 CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...)
-	TODO: check
+	NOT-FOR-US: TCMAN GIM
 CVE-2021-4045
 	RESERVED
 CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...)
@@ -6811,7 +6811,7 @@ CVE-2021-44113
 CVE-2021-44112
 	RESERVED
 CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via download  ...)
-	TODO: check
+	NOT-FOR-US: S-Cart
 CVE-2021-44110
 	RESERVED
 CVE-2021-44109
@@ -7117,11 +7117,11 @@ CVE-2021-3978
 CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During  ...)
 	NOT-FOR-US: invoiceninja
 CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
 	NOT-FOR-US: Siemens
 CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
 	NOT-FOR-US: Siemens
 CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
@@ -7153,7 +7153,7 @@ CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions &lt;
 CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
 	NOT-FOR-US: Siemens
 CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...)
 	- guacamole-client <unfixed>
 	[stretch] - guacamole-client <not-affected> (SAML is not supported)
@@ -8020,7 +8020,7 @@ CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Ha
 CVE-2021-43636
 	RESERVED
 CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...)
-	TODO: check
+	NOT-FOR-US: Codex
 CVE-2021-43634
 	RESERVED
 CVE-2021-43633
@@ -9830,7 +9830,7 @@ CVE-2021-42942
 CVE-2021-42941
 	RESERVED
 CVE-2021-42940 (A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 v ...)
-	TODO: check
+	NOT-FOR-US: Projeqtor
 CVE-2021-42939
 	RESERVED
 CVE-2021-42938
@@ -13377,15 +13377,15 @@ CVE-2021-41447
 CVE-2021-41446
 	RESERVED
 CVE-2021-41445 (A reflected cross-site-scripting attack in web application of D-Link D ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-41444
 	RESERVED
 CVE-2021-41443
 	RESERVED
 CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-41440
 	RESERVED
 CVE-2021-41439
@@ -14862,7 +14862,7 @@ CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite
 CVE-2021-40838
 	RESERVED
 CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
 	NOT-FOR-US: F-Secure
 CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index d9385f93c1..c294f9e340 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -20,7 +20,7 @@ CVE-2022-24970
 CVE-2022-24969
 	RESERVED
 CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...)
-	TODO: check
+	NOT-FOR-US: Mellium
 CVE-2022-24967
 	RESERVED
 CVE-2022-24966
@@ -3572,7 +3572,7 @@ CVE-2022-23630 (Gradle is a build tool with a focus on build automation and supp
 CVE-2022-23629
 	RESERVED
 CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...)
-	TODO: check
+	NOT-FOR-US: OPA
 CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...)
 	NOT-FOR-US: ArchiSteamFarm
 CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...)
@@ -3584,21 +3584,21 @@ CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScrip
 CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...)
 	NOT-FOR-US: Frourio
 CVE-2022-23622 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23621 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23620 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23619 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23618 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23617 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23616 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...)
 	- php-twig 3.3.8-1
 	NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v
@@ -4362,7 +4362,7 @@ CVE-2022-23323
 CVE-2022-23322
 	RESERVED
 CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on two in ...)
-	TODO: check
+	NOT-FOR-US: XMPie
 CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
 	NOT-FOR-US: XMPie uStore
 CVE-2022-23319
@@ -5965,7 +5965,7 @@ CVE-2022-22767
 CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...)
 	NOT-FOR-US: BD Pyxis
 CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...)
-	TODO: check
+	NOT-FOR-US: BD Viper LT system
 CVE-2022-22764
 	RESERVED
 	{DSA-5069-1 DLA-2916-1}
@@ -8432,7 +8432,7 @@ CVE-2022-21239
 CVE-2022-21229
 	RESERVED
 CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21206
 	RESERVED
 CVE-2022-21188
@@ -8450,7 +8450,7 @@ CVE-2022-21162
 CVE-2022-21161
 	RESERVED
 CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21152
 	RESERVED
 CVE-2022-21150
@@ -8470,7 +8470,7 @@ CVE-2022-21240
 CVE-2022-21237
 	RESERVED
 CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21212
 	RESERVED
 CVE-2022-21197
@@ -8484,7 +8484,7 @@ CVE-2022-21140
 CVE-2022-21139
 	RESERVED
 CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21792
 	RESERVED
 CVE-2022-21791
@@ -9739,15 +9739,15 @@ CVE-2022-21242 (Vulnerability in the Primavera Portfolio Management product of O
 CVE-2022-21216
 	RESERVED
 CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21200
 	RESERVED
 CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21151
 	RESERVED
 CVE-2022-21138
@@ -9757,13 +9757,13 @@ CVE-2022-21136
 CVE-2022-21131
 	RESERVED
 CVE-2022-21220 (Improper restriction of XML external entity for Intel(R) Quartus(R) Pr ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21207
 	RESERVED
 CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Builder P ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21181
 	RESERVED
 CVE-2022-21180
@@ -10543,7 +10543,7 @@ CVE-2022-20740
 CVE-2022-20739
 	RESERVED
 CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20737
 	RESERVED
 CVE-2022-20736
@@ -10664,7 +10664,7 @@ CVE-2022-20682
 CVE-2022-20681
 	RESERVED
 CVE-2022-20680 (A vulnerability in the web-based management interface of Cisco Prime S ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20679
 	RESERVED
 CVE-2022-20678
@@ -10764,7 +10764,7 @@ CVE-2022-20632
 CVE-2022-20631
 	RESERVED
 CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20629
 	RESERVED
 CVE-2022-20628
author	Salvatore Bonaccorso <carnil@debian.org>	2022-02-12 10:23:08 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-02-12 10:23:08 +0100
commit	5af9fa5e68f7849dca475590dcbd82a1d169c131 (patch)
tree	50f2f643f0111bd22ca3643060eec7f2c2f0c889 /data
parent	faceac55759b72ae689fe3462bf68e1864f2d5c8 (diff)