automatic update

3 files changed, 127 insertions, 83 deletions

diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 373c688e5b..9fcd8077c8 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -11187,8 +11187,8 @@ CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in
 	NOT-FOR-US: IBM Global Security Kit
 CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus  ...)
 	NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security System
-CVE-2012-2201
-	RESERVED
+CVE-2012-2201 (IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by a ...)
+	TODO: check
 CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...)
 	NOT-FOR-US: sendmail configuration in AIX
 CVE-2012-2199 (The server message channel agent in the queue manager in the server in ...)
@@ -11270,8 +11270,8 @@ CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS)
 	NOT-FOR-US: WebSphere
 CVE-2012-2161 (Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Ec ...)
 	NOT-FOR-US: IBM Security AppScan Source
-CVE-2012-2160
-	RESERVED
+CVE-2012-2160 (IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused  ...)
+	TODO: check
 CVE-2012-2159 (Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used ...)
 	NOT-FOR-US: IBM Eclipse Help System
 CVE-2012-2158
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 35ef8f1240..c328b3fda6 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -15511,7 +15511,7 @@ CVE-2019-14823 (A flaw was found in the "Leaf and Chain" OCSP policy implementat
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747435
 	NOTE: https://github.com/dogtagpki/jss/pull/284
 	NOTE: https://github.com/dogtagpki/jss/commit/be37ff4738b4696d529a13b6ed33c7ac56d97ba4
-CVE-2019-14822 (A flaw was discovered in ibus that allows any unprivileged user to mon ...)
+CVE-2019-14822 (A flaw was discovered in ibus in versions before 1.5.22 that allows an ...)
 	{DSA-4525-1}
 	- ibus 1.5.21-1 (bug #940267)
 	[jessie] - ibus <ignored> (Hard to exploit, regression risk)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 391d57ddd9..fac4fbe354 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,41 @@
+CVE-2020-24718
+	RESERVED
+CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...)
+	TODO: check
+CVE-2020-24716 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permiss ...)
+	TODO: check
+CVE-2020-24715
+	RESERVED
+CVE-2020-24714
+	RESERVED
+CVE-2020-24713
+	RESERVED
+CVE-2020-24712
+	RESERVED
+CVE-2020-24711
+	RESERVED
+CVE-2020-24710
+	RESERVED
+CVE-2020-24709
+	RESERVED
+CVE-2020-24708
+	RESERVED
+CVE-2020-24707
+	RESERVED
+CVE-2020-24706 (An issue was discovered in certain WSO2 products. The Try It tool allo ...)
+	TODO: check
+CVE-2020-24705 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...)
+	TODO: check
+CVE-2020-24704 (An issue was discovered in certain WSO2 products. The Try It tool allo ...)
+	TODO: check
+CVE-2020-24703 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...)
+	TODO: check
+CVE-2020-24702
+	RESERVED
+CVE-2020-24701
+	RESERVED
+CVE-2020-24700
+	RESERVED
 CVE-2020-24699
 	RESERVED
 CVE-2020-24698
@@ -628,8 +666,8 @@ CVE-2020-24392
 	RESERVED
 CVE-2020-24391
 	RESERVED
-CVE-2020-24390
-	RESERVED
+CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...)
+	TODO: check
 CVE-2020-24389
 	RESERVED
 CVE-2020-24388
@@ -1047,10 +1085,10 @@ CVE-2020-24205
 	RESERVED
 CVE-2020-24204
 	RESERVED
-CVE-2020-24203
-	RESERVED
-CVE-2020-24202
-	RESERVED
+CVE-2020-24203 (Insecure File Permissions and Arbitrary File Upload in the upload pic  ...)
+	TODO: check
+CVE-2020-24202 (File Upload component in Projects World House Rental v1.0 suffers from ...)
+	TODO: check
 CVE-2020-24201
 	RESERVED
 CVE-2020-24200
@@ -1061,8 +1099,8 @@ CVE-2020-24198
 	RESERVED
 CVE-2020-24197
 	RESERVED
-CVE-2020-24196
-	RESERVED
+CVE-2020-24196 (An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental ...)
+	TODO: check
 CVE-2020-24195
 	RESERVED
 CVE-2020-24194
@@ -1485,32 +1523,32 @@ CVE-2020-23986
 	RESERVED
 CVE-2020-23985
 	RESERVED
-CVE-2020-23984
-	RESERVED
-CVE-2020-23983
-	RESERVED
-CVE-2020-23982
-	RESERVED
-CVE-2020-23981
-	RESERVED
-CVE-2020-23980
-	RESERVED
-CVE-2020-23979
-	RESERVED
-CVE-2020-23978
-	RESERVED
-CVE-2020-23977
-	RESERVED
-CVE-2020-23976
-	RESERVED
-CVE-2020-23975
-	RESERVED
-CVE-2020-23974
-	RESERVED
-CVE-2020-23973
-	RESERVED
-CVE-2020-23972
-	RESERVED
+CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...)
+	TODO: check
+CVE-2020-23983 (Michael-design iChat Realtime PHP Live Support System 1.6 has persiste ...)
+	TODO: check
+CVE-2020-23982 (DesignMasterEvents Conference management 1.0.0 has cross site scriptin ...)
+	TODO: check
+CVE-2020-23981 (13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id pa ...)
+	TODO: check
+CVE-2020-23980 (DesignMasterEvents Conference management 1.0.0 allows SQL Injection vi ...)
+	TODO: check
+CVE-2020-23979 (13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter ...)
+	TODO: check
+CVE-2020-23978 (SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the  ...)
+	TODO: check
+CVE-2020-23977 (KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 't ...)
+	TODO: check
+CVE-2020-23976 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection  ...)
+	TODO: check
+CVE-2020-23975 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scr ...)
+	TODO: check
+CVE-2020-23974 (Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting  ...)
+	TODO: check
+CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php ...)
+	TODO: check
+CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can  ...)
+	TODO: check
 CVE-2020-23971
 	RESERVED
 CVE-2020-23970
@@ -2301,8 +2339,8 @@ CVE-2020-23578
 	RESERVED
 CVE-2020-23577
 	RESERVED
-CVE-2020-23576
-	RESERVED
+CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site Scripting ...)
+	TODO: check
 CVE-2020-23575
 	RESERVED
 CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...)
@@ -17305,8 +17343,8 @@ CVE-2020-16144
 	RESERVED
 CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...)
 	- seafile-client <not-affected> (Windows-specific)
-CVE-2020-16142
-	RESERVED
+CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the B ...)
+	TODO: check
 CVE-2020-16141
 	RESERVED
 CVE-2020-16140
@@ -18070,17 +18108,20 @@ CVE-2020-15812
 	RESERVED
 CVE-2020-15811
 	RESERVED
+	{DSA-4751-1}
 	- squid 4.13-1 (bug #968932)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch
 CVE-2020-24606 (Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...)
+	{DSA-4751-1}
 	- squid 4.13-1 (bug #968933)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch
 CVE-2020-15810
 	RESERVED
+	{DSA-4751-1}
 	- squid 4.13-1 (bug #968934)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
@@ -18430,7 +18471,7 @@ CVE-2020-15670
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670
 CVE-2020-15669
 	RESERVED
-	{DSA-4749-1}
+	{DSA-4749-1 DLA-2346-1}
 	- firefox-esr 68.12.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669
 CVE-2020-15668
@@ -18451,7 +18492,7 @@ CVE-2020-15665
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665
 CVE-2020-15664
 	RESERVED
-	{DSA-4749-1}
+	{DSA-4749-1 DLA-2346-1}
 	- firefox 80.0-1
 	- firefox-esr 68.12.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664
@@ -21255,8 +21296,7 @@ CVE-2020-14418
 	RESERVED
 CVE-2020-14417
 	RESERVED
-CVE-2020-14415 [division by zero in oss_write() in audio/ossaudio.c]
-	RESERVED
+CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...)
 	- qemu 1:5.0-1
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -35466,6 +35506,7 @@ CVE-2020-8626
 CVE-2020-8625
 	RESERVED
 CVE-2020-8624 (In BIND 9.9.12 -&gt; 9.9.13, 9.10.7 -&gt; 9.10.8, 9.11.3 -&gt; 9.11.21 ...)
+	{DSA-4752-1}
 	- bind9 1:9.16.6-1 (bug #966497)
 	[stretch] - bind9 <not-affected> (Vulnerable code (dns_ssu_mtypefromstring()) introduced later)
 	NOTE: https://kb.isc.org/docs/cve-2020-8624
@@ -35476,11 +35517,13 @@ CVE-2020-8624 (In BIND 9.9.12 -&gt; 9.9.13, 9.10.7 -&gt; 9.10.8, 9.11.3 -&gt; 9.
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22)
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22)
 CVE-2020-8623 (In BIND 9.10.0 -&gt; 9.11.21, 9.12.0 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3 ...)
+	{DSA-4752-1}
 	- bind9 1:9.16.6-1
 	NOTE: https://kb.isc.org/docs/cve-2020-8623
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6)
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22)
 CVE-2020-8622 (In BIND 9.0.0 -&gt; 9.11.21, 9.12.0 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3, ...)
+	{DSA-4752-1}
 	- bind9 1:9.16.6-1
 	NOTE: https://kb.isc.org/docs/cve-2020-8622
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6)
@@ -35498,6 +35541,7 @@ CVE-2020-8620 (In BIND 9.15.6 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3, An attacker who
 	NOTE: https://kb.isc.org/docs/cve-2020-8620
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9a372f2bce642545164d2b4408eb6c4e301acc5e (v9_16_6)
 CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -&gt; 9.11.19, BIND 9.14.9 -&gt; 9. ...)
+	{DSA-4752-1}
 	- bind9 1:9.16.4-1
 	[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
 	[jessie] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -43143,8 +43187,8 @@ CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security
 	NOT-FOR-US: Dell
 CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Wi ...)
 	NOT-FOR-US: RSA MFA Agent
-CVE-2020-5383
-	RESERVED
+CVE-2020-5383 (Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS vers ...)
+	TODO: check
 CVE-2020-5382
 	RESERVED
 CVE-2020-5381
@@ -44850,8 +44894,8 @@ CVE-2020-4605
 	RESERVED
 CVE-2020-4604
 	RESERVED
-CVE-2020-4603
-	RESERVED
+CVE-2020-4603 (IBM Security Guardium Insights 2.0.1 performs an operation at a privil ...)
+	TODO: check
 CVE-2020-4602
 	RESERVED
 CVE-2020-4601
@@ -44906,8 +44950,8 @@ CVE-2020-4577
 	RESERVED
 CVE-2020-4576
 	RESERVED
-CVE-2020-4575
-	RESERVED
+CVE-2020-4575 (IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Vir ...)
+	TODO: check
 CVE-2020-4574 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...)
 	NOT-FOR-US: IBM
 CVE-2020-4573 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitiv ...)
@@ -45706,26 +45750,26 @@ CVE-2020-4177 (IBM Security Guardium 11.1 contains hard-coded credentials, such
 	NOT-FOR-US: IBM
 CVE-2020-4176
 	RESERVED
-CVE-2020-4175
-	RESERVED
-CVE-2020-4174
-	RESERVED
+CVE-2020-4175 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to  ...)
+	TODO: check
+CVE-2020-4174 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...)
+	TODO: check
 CVE-2020-4173 (IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure a ...)
 	NOT-FOR-US: IBM
-CVE-2020-4172
-	RESERVED
-CVE-2020-4171
-	RESERVED
+CVE-2020-4172 (IBM Security Guardium Insights 2.0.1 stores sensitive information in U ...)
+	TODO: check
+CVE-2020-4171 (IBM Security Guardium Insights 2.0.1 allows web pages to be stored loc ...)
+	TODO: check
 CVE-2020-4170 (IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site reque ...)
 	NOT-FOR-US: IBM
-CVE-2020-4169
-	RESERVED
+CVE-2020-4169 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...)
+	TODO: check
 CVE-2020-4168
 	RESERVED
-CVE-2020-4167
-	RESERVED
-CVE-2020-4166
-	RESERVED
+CVE-2020-4167 (IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain ...)
+	TODO: check
+CVE-2020-4166 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to  ...)
+	TODO: check
 CVE-2020-4165 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4164 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
@@ -47144,8 +47188,8 @@ CVE-2020-3519 (A vulnerability in a specific REST API method of Cisco Data Cente
 	TODO: check
 CVE-2020-3518 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
 	TODO: check
-CVE-2020-3517
-	RESERVED
+CVE-2020-3517 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
+	TODO: check
 CVE-2020-3516
 	RESERVED
 CVE-2020-3515
@@ -47170,8 +47214,8 @@ CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol implemen
 	TODO: check
 CVE-2020-3505 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...)
 	TODO: check
-CVE-2020-3504
-	RESERVED
+CVE-2020-3504 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS  ...)
+	TODO: check
 CVE-2020-3503
 	RESERVED
 CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
@@ -47273,8 +47317,8 @@ CVE-2020-3456
 	RESERVED
 CVE-2020-3455
 	RESERVED
-CVE-2020-3454
-	RESERVED
+CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS Software could ...)
+	TODO: check
 CVE-2020-3453
 	RESERVED
 CVE-2020-3452 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
@@ -47351,8 +47395,8 @@ CVE-2020-3417
 	RESERVED
 CVE-2020-3416
 	RESERVED
-CVE-2020-3415
-	RESERVED
+CVE-2020-3415 (A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Sof ...)
+	TODO: check
 CVE-2020-3414
 	RESERVED
 CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of Cisco Web ...)
@@ -47385,16 +47429,16 @@ CVE-2020-3400
 	RESERVED
 CVE-2020-3399
 	RESERVED
-CVE-2020-3398
-	RESERVED
-CVE-2020-3397
-	RESERVED
+CVE-2020-3398 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...)
+	TODO: check
+CVE-2020-3397 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...)
+	TODO: check
 CVE-2020-3396
 	RESERVED
 CVE-2020-3395
 	RESERVED
-CVE-2020-3394
-	RESERVED
+CVE-2020-3394 (A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Serie ...)
+	TODO: check
 CVE-2020-3393
 	RESERVED
 CVE-2020-3392
@@ -47512,8 +47556,8 @@ CVE-2020-3340 (Multiple vulnerabilities in the web-based management interface of
 	NOT-FOR-US: Cisco
 CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3338
-	RESERVED
+CVE-2020-3338 (A vulnerability in the Protocol Independent Multicast (PIM) feature fo ...)
+	TODO: check
 CVE-2020-3337 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3336 (A vulnerability in the software upgrade process of Cisco TelePresence  ...)