Process several NFUs

4 files changed, 52 insertions, 52 deletions

diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index fa16b507e3..9fc3286a3f 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1,7 +1,7 @@
 CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. ...)
 	NOT-FOR-US: StarWind
 CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...)
-	TODO: check
+	NOT-FOR-US: Z-Wave devices
 CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...)
 	NOT-FOR-US: Elemin
 CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index e390923cbc..b538e2ebac 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,7 +1,7 @@
 CVE-2018-25030
 	RESERVED
 CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgraded t ...)
-	TODO: check
+	NOT-FOR-US: Z-Wave specification
 CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
 	NOT-FOR-US: Rust crate libpulse-binding
 CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index eb13a890d4..3494116f4c 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -652,7 +652,7 @@ CVE-2021-46391
 CVE-2021-46390
 	RESERVED
 CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
-	TODO: check
+	NOT-FOR-US: IIPImage High Resolution Streaming Image Server
 CVE-2021-46388
 	RESERVED
 CVE-2021-46387
@@ -712,7 +712,7 @@ CVE-2021-46361
 CVE-2021-46360
 	RESERVED
 CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: FISCO-BCOS
 CVE-2021-46358
 	RESERVED
 CVE-2021-46357
@@ -3250,7 +3250,7 @@ CVE-2021-45410
 CVE-2021-45409
 	RESERVED
 CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, ...)
-	TODO: check
+	NOT-FOR-US: SeedDMS
 CVE-2021-45407
 	RESERVED
 CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...)
@@ -6486,11 +6486,11 @@ CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During
 CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: ShowDoc
 CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...)
 	NOT-FOR-US: Acronis
 CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...)
@@ -7298,15 +7298,15 @@ CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but
 CVE-2021-43930
 	RESERVED
 CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-43924
 	RESERVED
 CVE-2021-43923
@@ -7498,7 +7498,7 @@ CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block
 CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...)
 	NOT-FOR-US: Wiki.js
 CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In  ...)
 	TODO: check
 CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...)
@@ -10011,7 +10011,7 @@ CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081
 CVE-2021-42834
 	RESERVED
 CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...)
-	TODO: check
+	NOT-FOR-US: AquaView
 CVE-2021-42832
 	RESERVED
 CVE-2021-42831
@@ -15859,7 +15859,7 @@ CVE-2021-40422
 CVE-2021-40421
 	RESERVED
 CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...)
 	NOT-FOR-US: Reolink
 CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
@@ -18588,7 +18588,7 @@ CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser f
 CVE-2021-39281
 	RESERVED
 CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...)
-	TODO: check
+	NOT-FOR-US: Korenix JetWave devices
 CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...)
 	NOT-FOR-US: MOXA
 CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...)
@@ -21335,7 +21335,7 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish
 	NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2)
 	NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1)
 CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...)
-	TODO: check
+	NOT-FOR-US: perM
 CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not  ...)
 	{DSA-4998-1 DSA-4990-1 DLA-2818-1}
 	- ffmpeg 7:4.4.1-1
@@ -34276,7 +34276,7 @@ CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storag
 CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...)
 	NOT-FOR-US: Nextcloud Text
 CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a  ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -42947,17 +42947,17 @@ CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP
 CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...)
 	NOT-FOR-US: XMB
 CVE-2021-29398 (Directory traversal in /northstar/Common/NorthFileManager/fileManagerO ...)
-	TODO: check
+	NOT-FOR-US: Northstar
 CVE-2021-29397 (Cleartext Transmission of Sensitive Information in /northstar/Admin/lo ...)
-	TODO: check
+	NOT-FOR-US: Northstar
 CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc NorthStar  ...)
-	TODO: check
+	NOT-FOR-US: Northstar
 CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in Northstar ...)
-	TODO: check
+	NOT-FOR-US: Northstar
 CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar  ...)
-	TODO: check
+	NOT-FOR-US: Northstar
 CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar T ...)
-	TODO: check
+	NOT-FOR-US: Northstar
 CVE-2021-29392
 	RESERVED
 CVE-2021-29391
@@ -43353,9 +43353,9 @@ CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erl
 CVE-2021-29220
 	RESERVED
 CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29217
 	RESERVED
 CVE-2021-29216
@@ -45140,7 +45140,7 @@ CVE-2021-28505
 CVE-2021-28504
 	RESERVED
 CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...)
-	TODO: check
+	NOT-FOR-US: Arista
 CVE-2021-28502
 	RESERVED
 CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index da8b87dde3..8dab43aa6b 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1888,7 +1888,7 @@ CVE-2022-0367
 CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...)
 	NOT-FOR-US: Sophos
 CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...)
-	TODO: check
+	NOT-FOR-US: Ricon Mobile
 CVE-2022-0364
 	RESERVED
 CVE-2022-0363
@@ -3379,7 +3379,7 @@ CVE-2022-23381
 CVE-2022-23380
 	RESERVED
 CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...)
-	TODO: check
+	NOT-FOR-US: Emlog
 CVE-2022-23378
 	RESERVED
 CVE-2022-23377
@@ -3477,9 +3477,9 @@ CVE-2022-23332
 CVE-2022-23331
 	RESERVED
 CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...)
-	TODO: check
+	NOT-FOR-US: jpress
 CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...)
-	TODO: check
+	NOT-FOR-US: UJCMS Jspxcms
 CVE-2022-23328
 	RESERVED
 CVE-2022-23327
@@ -3497,7 +3497,7 @@ CVE-2022-23322
 CVE-2022-23321
 	RESERVED
 CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
-	TODO: check
+	NOT-FOR-US: XMPie uStore
 CVE-2022-23319
 	RESERVED
 CVE-2022-23318
@@ -3727,11 +3727,11 @@ CVE-2022-23265
 CVE-2022-23264
 	RESERVED
 CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-23260
 	RESERVED
 CVE-2022-23259
@@ -3964,7 +3964,7 @@ CVE-2022-23186
 CVE-2022-23185
 	RESERVED
 CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use  ...)
 	- tomcat9 <unfixed>
 	- tomcat8 <removed>
@@ -4604,7 +4604,7 @@ CVE-2022-22941
 CVE-2022-22940
 	RESERVED
 CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...)
 	NOT-FOR-US: VMware
 CVE-2022-22937
@@ -4908,11 +4908,11 @@ CVE-2022-22835
 CVE-2022-22834
 	RESERVED
 CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...)
-	TODO: check
+	NOT-FOR-US: Servisnet Tessa
 CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...)
-	TODO: check
+	NOT-FOR-US: Servisnet Tessa
 CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add  ...)
-	TODO: check
+	NOT-FOR-US: Servisnet Tessa
 CVE-2022-22830
 	RESERVED
 CVE-2022-22829
@@ -5013,7 +5013,7 @@ CVE-2022-22806
 CVE-2022-22805
 	RESERVED
 CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2022-22803
 	RESERVED
 CVE-2022-22802
@@ -5299,17 +5299,17 @@ CVE-2022-0140
 CVE-2022-22728
 	RESERVED
 CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists that ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2022-22721
 	RESERVED
 CVE-2022-22720
@@ -5404,7 +5404,7 @@ CVE-2022-22691 (The password reset component deployed within Umbraco uses the ho
 CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...)
 	NOT-FOR-US: Umbraco CMS
 CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...)
-	TODO: check
+	NOT-FOR-US: CA Harvest Software Change Manager
 CVE-2022-22688
 	RESERVED
 CVE-2022-22687
@@ -5422,11 +5422,11 @@ CVE-2022-22682
 CVE-2022-22681
 	RESERVED
 CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript engine of F ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...)
 	NOT-FOR-US: Tenable
 CVE-2022-22678