automatic update

7 files changed, 76 insertions, 57 deletions

diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 75bb7dd7a0..e063a4cffd 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -150,8 +150,7 @@ CVE-2012-XXXX [Insufficient validation of USB device descriptors]
 	[squeeze] - oss4 <no-dsa> (Minor issue)
 CVE-2012-6686
 	REJECTED
-CVE-2012-6685 [ruby-nokogiri XXE]
-	RESERVED
+CVE-2012-6685 (Nokogiri before 1.5.4 is vulnerable to XXE attacks ...)
 	{DLA-229-1}
 	- ruby-nokogiri 1.5.4-1 (low)
 	- libnokogiri-ruby <removed>
@@ -326,8 +325,8 @@ CVE-2012-6616 (The mov_text_decode_frame function in libavcodec/movtextdec.c in
 CVE-2012-6615 (The ff_ass_split_override_codes function in libavcodec/ass_split.c in  ...)
 	- libav <not-affected> (Vulnerable code not present in libav)
 	- ffmpeg <not-affected> (Vulnerable code not present in older ffmpeg)
-CVE-2012-6614
-	RESERVED
+CVE-2012-6614 (D-Link DSR-250N devices before 1.08B31 allow remote authenticated user ...)
+	TODO: check
 CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root ...)
 	NOT-FOR-US: D-Link
 CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in A ...)
@@ -11938,8 +11937,8 @@ CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in Newscoop
 	- newscoop <itp> (bug #604113)
 CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x b ...)
 	- newscoop <itp> (bug #604113)
-CVE-2012-1932
-	RESERVED
+CVE-2012-1932 (A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlie ...)
+	TODO: check
 CVE-2012-1931 (Opera before 11.62 on UNIX, when used in conjunction with an unspecifi ...)
 	NOT-FOR-US: Opera
 CVE-2012-1930 (Opera before 11.62 on UNIX uses world-readable permissions for tempora ...)
@@ -16390,8 +16389,7 @@ CVE-2012-0056 (The mem_write function in the Linux kernel before 3.2.2, when ASL
 	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.39)
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.39)
 	NOTE: fix is http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc (queued for 3.3)
-CVE-2012-0055
-	RESERVED
+CVE-2012-0055 (OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10 ...)
 	NOT-FOR-US: overlayfs is not (yet) in the Debian kernel
 CVE-2012-0054 (libs/updater.py in GoLismero 0.6.3, and other versions before Git revi ...)
 	NOT-FOR-US: golismero not in Debian
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index af8f1f46a2..baf06377a3 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -5180,7 +5180,7 @@ CVE-2013-5583 (Cross-site scripting (XSS) vulnerability in libraries/idna_conver
 CVE-2013-5582 (Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory loc ...)
 	NOT-FOR-US: Ammyy Admin
 CVE-2013-5581
-	RESERVED
+	REJECTED
 	NOT-FOR-US: Ammyy Admin
 CVE-2013-5579
 	RESERVED
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 7310ba7ce7..9787f2ae0c 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -17380,8 +17380,7 @@ CVE-2014-3624 (Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers
 	NOTE: https://issues.apache.org/jira/browse/TS-2677
 CVE-2014-3623 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF ...)
 	NOT-FOR-US: Apache CXF
-CVE-2014-3622 [Posthandler Potential Illegal efree() vulnerability]
-	RESERVED
+CVE-2014-3622 (Use-after-free vulnerability in the add_post_var function in the Posth ...)
 	- php5 5.6.1+dfsg-1 (unimportant)
 	NOTE: Not exploitable
 	NOTE: https://bugs.php.net/bug.php?id=68088
@@ -17935,6 +17934,7 @@ CVE-2014-3490 (RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in
 CVE-2014-3489 (lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine ( ...)
 	NOT-FOR-US: Red Hat CloudForms Management Engine
 CVE-2014-3488 (The SslHandler in Netty before 3.9.2 allows remote attackers to cause  ...)
+	{DLA-2110-1}
 	- netty <not-affected> (Introduced in 3.9.0)
 	- netty-3.9 3.9.9.Final-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1107983 says only affects
@@ -19990,8 +19990,8 @@ CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektro
 	NOT-FOR-US: Ektron Web Content Management System
 CVE-2014-2728
 	RESERVED
-CVE-2014-2727
-	RESERVED
+CVE-2014-2727 (The STARTTLS implementation in MailMarshal before 7.2 allows plaintext ...)
+	TODO: check
 CVE-2014-1985 (Open redirect vulnerability in the redirect_back_or_default function i ...)
 	- redmine 2.5.1-1 (bug #743828)
 	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
@@ -21266,8 +21266,8 @@ CVE-2014-2230 (Open redirect vulnerability in the header function in adclick.php
 	NOT-FOR-US: OpenX
 CVE-2014-2229
 	RESERVED
-CVE-2014-2228
-	RESERVED
+CVE-2014-2228 (The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote a ...)
+	TODO: check
 CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Ne ...)
 	NOT-FOR-US: Ubiquiti Networks
 CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative passwor ...)
@@ -26106,6 +26106,7 @@ CVE-2014-0195 (The dtls1_reassemble_fragment function in d1_both.c in OpenSSL be
 CVE-2014-0194
 	REJECTED
 CVE-2014-0193 (WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7. ...)
+	{DLA-2110-1}
 	- netty <not-affected> (WebSocket08FrameDecoder function not present; bug #746639)
 	- netty-3.9 3.9.9.Final-1
 	NOTE: https://github.com/netty/netty/commit/48edb7802b42b0e2eb5a55d8eca390e0c9066783
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index c5d4cf27e4..af86381be9 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -21316,7 +21316,7 @@ CVE-2015-2106 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmw
 CVE-2015-2105
 	RESERVED
 CVE-2015-2104
-	RESERVED
+	REJECTED
 CVE-2015-2103 (Cross-site scripting (XSS) vulnerability in the admin-login panel (adm ...)
 	NOT-FOR-US: Cosmoshop
 CVE-2015-2102 (SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2. ...)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index f6dbc5052c..7c70c54fda 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -14531,8 +14531,7 @@ CVE-2016-1000110 (The CGIHandler class in Python before 2.7.12 does not protect
 	NOTE: No part of Python does set HTTP_PROXY based on a Proxy: header, the Python bug
 	NOTE: just provides a hardening to discard HTTP_PROXY if it thinks a Python script is
 	NOTE: running as a CGI script
-CVE-2016-1000109
-	RESERVED
+CVE-2016-1000109 (HHVM does not attempt to address RFC 3875 section 4.1.18 namespace con ...)
 	- hhvm 3.12.11+dfsg-1 (unimportant)
 CVE-2016-1000107 (inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1 ...)
 	- erlang <unfixed> (unimportant)
@@ -14825,11 +14824,9 @@ CVE-2016-1000008
 	RESERVED
 CVE-2016-1000006 (hhvm before 3.12.11 has a use-after-free in the serialize_memoize_para ...)
 	- hhvm 3.12.11+dfsg-1
-CVE-2016-1000005
-	RESERVED
+CVE-2016-1000005 (mcrypt_get_block_size did not enforce that the provided "module" param ...)
 	- hhvm 3.12.11+dfsg-1
-CVE-2016-1000004
-	RESERVED
+CVE-2016-1000004 (Insufficient type checks were employed prior to casting input data in  ...)
 	- hhvm 3.12.11+dfsg-1
 CVE-2016-6173 (NSD before 4.1.11 allows remote DNS master servers to cause a denial o ...)
 	- nsd 4.1.11-1 (unimportant; bug #830806)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 47611bbfaa..908985ea84 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -73,6 +73,7 @@ CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file wit
 	NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515
 	NOTE: https://gitlab.gnome.org/GNOME/librsvg/commit/572f95f739529b865e2717664d6fefcef9493135
 CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length  ...)
+	{DLA-2110-1 DLA-2109-1}
 	- netty <unfixed> (bug #950967)
 	- netty-3.9 <removed>
 	NOTE: https://github.com/netty/netty/issues/9861
@@ -80,6 +81,7 @@ CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-L
 	NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1)
 	NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests)
 CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
+	{DLA-2110-1 DLA-2109-1}
 	- netty <unfixed> (bug #950966)
 	- netty-3.9 <removed>
 	NOTE: https://github.com/netty/netty/issues/9866
@@ -7851,8 +7853,8 @@ CVE-2019-17335 (The Data access layer component of TIBCO Software Inc.'s TIBCO S
 	NOT-FOR-US: TIBCO
 CVE-2019-17334 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire A ...)
 	NOT-FOR-US: TIBCO
-CVE-2019-17333
-	RESERVED
+CVE-2019-17333 (The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a ...)
+	TODO: check
 CVE-2019-17332 (The Digital Asset Manager Web Interface component of TIBCO Software In ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-17331 (The Data Exchange Web Interface component of TIBCO Software Inc.'s TIB ...)
@@ -9020,7 +9022,7 @@ CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff
 CVE-2019-16870
 	RESERVED
 CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...)
-	{DSA-4597-1 DLA-1941-1}
+	{DSA-4597-1 DLA-2110-1 DLA-1941-1}
 	- netty 1:4.1.33-2 (bug #941266)
 	- netty-3.9 <removed>
 	NOTE: https://github.com/netty/netty/issues/9571
@@ -20658,8 +20660,8 @@ CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an
 	NOT-FOR-US: Sitecore CMS
 CVE-2019-12438
 	RESERVED
-CVE-2019-12437
-	RESERVED
+CVE-2019-12437 (In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does n ...)
+	TODO: check
 CVE-2019-12436 (Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to  ...)
 	- samba <not-affected> (Only affects Samba since 4.10.0)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-12436.html
@@ -21167,8 +21169,8 @@ CVE-2019-12247 (** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qg
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html
 	NOTE: Disputed upstream as not beeing exploitable.
-CVE-2019-12246
-	RESERVED
+CVE-2019-12246 (SilverStripe through 4.3.3 allows a Denial of Service on flush and dev ...)
+	TODO: check
 CVE-2019-12245 (SilverStripe through 4.3.3 has incorrect access control for protected  ...)
 	NOT-FOR-US: SilverStripe
 CVE-2019-12244
@@ -25167,8 +25169,8 @@ CVE-2019-10799
 	RESERVED
 CVE-2019-10798
 	RESERVED
-CVE-2019-10797
-	RESERVED
+CVE-2019-10797 (Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Respo ...)
+	TODO: check
 CVE-2019-10796
 	RESERVED
 CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...)
@@ -41586,8 +41588,8 @@ CVE-2019-4642
 	RESERVED
 CVE-2019-4641
 	RESERVED
-CVE-2019-4640
-	RESERVED
+CVE-2019-4640 (IBM Security Secret Server 10.7 processes patches, image backups and o ...)
+	TODO: check
 CVE-2019-4639 (IBM Security Secret Server 10.7 uses weaker than expected cryptographi ...)
 	NOT-FOR-US: IBM
 CVE-2019-4638 (IBM Security Secret Server 10.7 does not set the secure attribute on a ...)
@@ -41952,8 +41954,8 @@ CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5
 	NOT-FOR-US: IBM
 CVE-2019-4458
 	RESERVED
-CVE-2019-4457
-	RESERVED
+CVE-2019-4457 (IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and ...)
+	TODO: check
 CVE-2019-4456 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 5.0.5 and 5.0.6 ...)
 	NOT-FOR-US: IBM
 CVE-2019-4455
@@ -42008,8 +42010,8 @@ CVE-2019-4431 (IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to
 	NOT-FOR-US: IBM
 CVE-2019-4430 (IBM Maximo Asset Management 7.6 could allow a remote attacker to trave ...)
 	NOT-FOR-US: IBM
-CVE-2019-4429
-	RESERVED
+CVE-2019-4429 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
+	TODO: check
 CVE-2019-4428 (IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is ...)
 	NOT-FOR-US: IBM
 CVE-2019-4427 (IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index c050c60af6..e58f26ecf7 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,23 @@
+CVE-2020-9295
+	RESERVED
+CVE-2020-9294
+	RESERVED
+CVE-2020-9293
+	RESERVED
+CVE-2020-9292
+	RESERVED
+CVE-2020-9291
+	RESERVED
+CVE-2020-9290
+	RESERVED
+CVE-2020-9289
+	RESERVED
+CVE-2020-9288
+	RESERVED
+CVE-2020-9287
+	RESERVED
+CVE-2020-9286
+	RESERVED
 CVE-2020-9285
 	RESERVED
 CVE-2020-9284
@@ -660,8 +680,8 @@ CVE-2020-8961
 	RESERVED
 CVE-2020-8960
 	RESERVED
-CVE-2020-8959
-	RESERVED
+CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...)
+	TODO: check
 CVE-2020-8958
 	RESERVED
 CVE-2020-8957
@@ -936,8 +956,8 @@ CVE-2020-8826
 	RESERVED
 CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...)
 	NOT-FOR-US: Vanilla Forums
-CVE-2020-8824
-	RESERVED
+CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...)
+	TODO: check
 CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerab ...)
 	NOT-FOR-US: SockJS
 CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices  ...)
@@ -1760,8 +1780,8 @@ CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible
 	- ossec-hids <itp> (bug #361954)
 CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
 	- ossec-hids <itp> (bug #361954)
-CVE-2020-8441
-	RESERVED
+CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserialization  ...)
+	TODO: check
 CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is  ...)
 	NOT-FOR-US: Simplejobscript.com SJS
 CVE-2020-8439
@@ -4242,6 +4262,7 @@ CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow atta
 CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...)
 	NOT-FOR-US: conversation-watson plugin for WordPress
 CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...)
+	{DLA-2110-1 DLA-2109-1}
 	- netty <unfixed> (bug #950967)
 	- netty-3.9 <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225
@@ -6803,10 +6824,10 @@ CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the un
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...)
 	NOT-FOR-US: Accusoft ImageGear
-CVE-2020-6062
-	RESERVED
-CVE-2020-6061
-	RESERVED
+CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way CoTUR ...)
+	TODO: check
+CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...)
+	TODO: check
 CVE-2020-6060 (A stack buffer overflow vulnerability exists in the way MiniSNMPD vers ...)
 	NOT-FOR-US: MiniSNMPD
 CVE-2020-6059 (An exploitable out of bounds read vulnerability exists in the way Mini ...)
@@ -10544,8 +10565,8 @@ CVE-2020-4232
 	RESERVED
 CVE-2020-4231
 	RESERVED
-CVE-2020-4230
-	RESERVED
+CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
+	TODO: check
 CVE-2020-4229
 	RESERVED
 CVE-2020-4228
@@ -10596,16 +10617,16 @@ CVE-2020-4206
 	RESERVED
 CVE-2020-4205
 	RESERVED
-CVE-2020-4204
-	RESERVED
+CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+	TODO: check
 CVE-2020-4203
 	RESERVED
 CVE-2020-4202
 	RESERVED
 CVE-2020-4201
 	RESERVED
-CVE-2020-4200
-	RESERVED
+CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
+	TODO: check
 CVE-2020-4199
 	RESERVED
 CVE-2020-4198
@@ -10682,8 +10703,8 @@ CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under sp
 	NOT-FOR-US: IBM
 CVE-2020-4162
 	RESERVED
-CVE-2020-4161
-	RESERVED
+CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+	TODO: check
 CVE-2020-4160
 	RESERVED
 CVE-2020-4159
@@ -10734,8 +10755,8 @@ CVE-2020-4137
 	RESERVED
 CVE-2020-4136
 	RESERVED
-CVE-2020-4135
-	RESERVED
+CVE-2020-4135 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+	TODO: check
 CVE-2020-4134
 	RESERVED
 CVE-2020-4133