Salvatore Bonaccorso · Salvatore Bonaccorso · df886a0d
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -101,14 +101,14 @@ CVE-2018-11630
 CVE-2018-11629
 	RESERVED
 CVE-2018-11628 (Data input into EMS Master Calendar before 8.0.0.201805210 via URL ...)
-	TODO: check
+	NOT-FOR-US: EMS Master Calendar
 CVE-2018-11627 (Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs ...)
 	- ruby-sinatra <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/sinatra/sinatra/issues/1428
 	NOTE: Introduced by: https://github.com/sinatra/sinatra/commit/8f8df53ff29938ace79b31097c27d9cdac803b44
 	NOTE: Fixed by: https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
 CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer ...)
-	TODO: check
+	NOT-FOR-US: SELA
 CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file ...)
 	- imagemagick <unfixed>
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/5294966898532a6bd54699fbf04edf18902513ac
@@ -265,9 +265,9 @@ CVE-2018-11554
 CVE-2018-11553
 	RESERVED
 CVE-2018-11552 (There is a reflected XSS vulnerability in AXON PBX 2.02 via the ...)
-	TODO: check
+	NOT-FOR-US: AXON PBX
 CVE-2018-11551 (AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow ...)
-	TODO: check
+	NOT-FOR-US: AXON PBX
 CVE-2018-11550
 	REJECTED
 CVE-2018-11549 (An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS ...)
@@ -320,7 +320,7 @@ CVE-2018-11540
 CVE-2018-11539
 	RESERVED
 CVE-2018-11538 (servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, ...)
-	TODO: check
+	NOT-FOR-US: SearchBlox
 CVE-2018-11537
 	RESERVED
 CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because ...)
@@ -361,7 +361,7 @@ CVE-2018-11520
 CVE-2018-11519
 	RESERVED
 CVE-2018-11518 (A vulnerability allows a phreaking attack on HCL legacy IVR systems ...)
-	TODO: check
+	NOT-FOR-US: HCL legacy IVR systems
 CVE-2018-11517 (mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a ...)
 	NOT-FOR-US: mySCADA myPRO
 CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c in ...)
@@ -447,9 +447,9 @@ CVE-2018-11488 (A stack exhaustion vulnerability in the search function of dtSea
 CVE-2018-11487 (PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the ...)
 	NOT-FOR-US: PHPMyWind
 CVE-2018-11486 (An issue was discovered in the MULTIDOTS Advance Search for ...)
-	TODO: check
+	NOT-FOR-US: MULTIDOTS Advance Search for WooCommerce plugin for WordPress
 CVE-2018-11485 (The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for ...)
-	TODO: check
+	NOT-FOR-US: MULTIDOTS WooCommerce Quick Reports plugin for WordPress
 CVE-2018-11484
 	RESERVED
 CVE-2018-11483
@@ -1178,7 +1178,7 @@ CVE-2018-11222
 CVE-2018-11221
 	RESERVED
 CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command ...)
-	TODO: check
+	NOT-FOR-US: Bitmain Antminer D3, L3+, and S9 devices
 CVE-2018-11219
 	RESERVED
 CVE-2018-11218
@@ -1249,9 +1249,13 @@ CVE-2018-11198
 CVE-2018-11197
 	RESERVED
 CVE-2018-11196 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before ...)
-	TODO: check
+	- mahara <removed>
+	NOTE: https://bugs.launchpad.net/bugs/1770535
+	NOTE: https://mahara.org/interaction/forum/topic.php?id=8270
 CVE-2018-11195 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before ...)
-	TODO: check
+	- mahara <removed>
+	NOTE: https://bugs.launchpad.net/mahara/+bug/1770561
+	NOTE: https://mahara.org/interaction/forum/topic.php?id=8269
 CVE-2018-11194
 	RESERVED
 CVE-2018-11193
@@ -1357,27 +1361,27 @@ CVE-2018-11144
 CVE-2018-11143
 	RESERVED
 CVE-2018-11142 (The 'systemui/settings_network.php' and ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2018-11141 (The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Virtual Appliance
 CVE-2018-11140 (The 'reportID' parameter received by the '/common/run_report.php' ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2018-11139 (The '/common/ajax_email_connection_test.php' script in the Quest KACE ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2018-11138 (The '/common/download_agent_installer.php' script in the Quest KACE ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2018-11137 (The 'checksum' parameter of the '/common/download_attachment.php' ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2018-11136 (The 'orgID' parameter received by the ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2018-11135 (The script '/adminui/error_details.php' in the Quest KACE System ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2018-11134 (In order to perform actions that requires higher privileges, the Quest ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2018-11133 (The 'fmt' parameter of the '/common/run_cross_report.php' script in the ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2018-11132 (In order to perform actions that require higher privileges, the Quest ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2018-11131
 	RESERVED
 CVE-2018-11130 (The header::add_FORMAT_descriptor function in header.cpp in VCFtools ...)
@@ -1597,7 +1601,7 @@ CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in .
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/issues/307
 CVE-2018-11036 (Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, ...)
-	TODO: check
+	NOT-FOR-US: Ruckus devices
 CVE-2018-11035 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ...)
 	NOT-FOR-US: 2345 Security Guard
 CVE-2018-11034 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ...)
@@ -1834,7 +1838,7 @@ CVE-2018-10940 (The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c
 	- linux 4.16.12-1
 	NOTE: Fixed by: https://git.kernel.org/linus/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
 CVE-2018-10939 (Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before ...)
-	TODO: check
+	NOT-FOR-US: Zimbra Web Client
 CVE-2018-10938
 	RESERVED
 CVE-2018-10937
@@ -3179,7 +3183,7 @@ CVE-2018-10384
 CVE-2018-10383
 	RESERVED
 CVE-2018-10382 (MODX Revolution 2.6.3 has XSS. ...)
-	TODO: check
+	NOT-FOR-US: MODX Revolution
 CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege ...)
 	NOT-FOR-US: TunnelBear for Windows
 CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ...)
@@ -5624,15 +5628,15 @@ CVE-2018-9324
 CVE-2018-9323
 	REJECTED
 CVE-2018-9322 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
-	TODO: check
+	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
 CVE-2018-9321
 	REJECTED
 CVE-2018-9320 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
-	TODO: check
+	NOT-FOR-US: BMW (Head Unit HU_NBT component) on BMW vehicles
 CVE-2018-9319
 	REJECTED
 CVE-2018-9318 (The Telematics Control Unit (aka Telematic Communication Box or TCB), ...)
-	TODO: check
+	NOT-FOR-US: Telematics Control Unit (aka Telematic Communication Box or TCB) on BMW vehicles
 CVE-2018-9317
 	REJECTED
 CVE-2018-9316
@@ -5640,13 +5644,13 @@ CVE-2018-9316
 CVE-2018-9315
 	REJECTED
 CVE-2018-9314 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
-	TODO: check
+	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
 CVE-2018-9313 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
-	TODO: check
+	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
 CVE-2018-9312 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
-	TODO: check
+	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
 CVE-2018-9311 (The Telematics Control Unit (aka Telematic Communication Box or TCB), ...)
-	TODO: check
+	NOT-FOR-US: Telematics Control Unit (aka Telematic Communication Box or TCB) on BMW vehicles
 CVE-2018-1000155 (OpenFlow version 1.0 onwards contains a Denial of Service and Improper ...)
 	NOT-FOR-US: Flaw in the OpenFlow protocol
 CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper ...)
@@ -6096,7 +6100,7 @@ CVE-2018-9188
 CVE-2018-9187
 	RESERVED
 CVE-2018-9186 (A cross-site scripting (XSS) vulnerability in Fortinet ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2018-9185
 	RESERVED
 CVE-2018-9184
@@ -6786,9 +6790,9 @@ CVE-2018-8924
 CVE-2018-8923
 	RESERVED
 CVE-2018-8922 (Improper access control vulnerability in Synology Drive before ...)
-	TODO: check
+	NOT-FOR-US: Synology Drive
 CVE-2018-8921 (Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast ...)
-	TODO: check
+	NOT-FOR-US: Synology Drive
 CVE-2018-8920
 	RESERVED
 CVE-2018-8919