automatic update

3 files changed, 86 insertions, 42 deletions

diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 483e41bcda..a7bf7785ce 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1,3 +1,5 @@
+CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in OcPorta ...)
+	TODO: check
 CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...)
 	NOT-FOR-US: Mattermost
 CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) and KK ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 264c2ff89c..7ca998a05a 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -3825,12 +3825,12 @@ CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...)
 	NOT-FOR-US: SALTO ProAccess SPACE
 CVE-2019-19456 (A Reflected XSS was found in the server selection box inside the login ...)
 	NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-19455
-	RESERVED
+CVE-2019-19455 (Wowza Streaming Engine through 2019-11-28 has Insecure Permissions. ...)
+	TODO: check
 CVE-2019-19454 (An arbitrary file download was found in the "Download Log" functionali ...)
 	NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-19453
-	RESERVED
+CVE-2019-19453 (Wowza Streaming Engine through 2019-11-28 allows XSS (issue 1 of 2). ...)
+	TODO: check
 CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1 when proc ...)
 	NOT-FOR-US: Patriot Viper RGB
 CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename argument  ...)
@@ -43185,8 +43185,8 @@ CVE-2019-4591 (IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate s
 	NOT-FOR-US: IBM
 CVE-2019-4590
 	RESERVED
-CVE-2019-4589
-	RESERVED
+CVE-2019-4589 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalatio ...)
+	TODO: check
 CVE-2019-4588
 	RESERVED
 CVE-2019-4587
@@ -43631,8 +43631,8 @@ CVE-2019-4368
 	RESERVED
 CVE-2019-4367
 	RESERVED
-CVE-2019-4366
-	RESERVED
+CVE-2019-4366 (IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information di ...)
+	TODO: check
 CVE-2019-4365
 	RESERVED
 CVE-2019-4364 (IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which  ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index b3c7f783aa..d1786ef17e 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,45 @@
+CVE-2020-16286
+	RESERVED
+CVE-2020-16285
+	RESERVED
+CVE-2020-16284
+	RESERVED
+CVE-2020-16283
+	RESERVED
+CVE-2020-16282
+	RESERVED
+CVE-2020-16281
+	RESERVED
+CVE-2020-16280
+	RESERVED
+CVE-2020-16279
+	RESERVED
+CVE-2020-16278
+	RESERVED
+CVE-2020-16277
+	RESERVED
+CVE-2020-16276
+	RESERVED
+CVE-2020-16275
+	RESERVED
+CVE-2020-16274
+	RESERVED
+CVE-2020-16273
+	RESERVED
+CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is mis ...)
+	TODO: check
+CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...)
+	TODO: check
+CVE-2020-16270
+	RESERVED
+CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...)
+	TODO: check
+CVE-2020-16268
+	RESERVED
+CVE-2020-16267
+	RESERVED
+CVE-2020-16266
+	RESERVED
 CVE-2020-16265
 	RESERVED
 CVE-2020-16264
@@ -271,8 +313,8 @@ CVE-2020-16133
 	RESERVED
 CVE-2020-16132
 	RESERVED
-CVE-2020-16131
-	RESERVED
+CVE-2020-16131 (Tiki before 21.2 allows XSS because [\s\/"\'] is not properly consider ...)
+	TODO: check
 CVE-2020-16130
 	RESERVED
 CVE-2020-16129
@@ -1021,6 +1063,7 @@ CVE-2020-15805
 CVE-2020-15804
 	RESERVED
 CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...)
+	{DLA-2311-1}
 	- zabbix 1:5.0.2+dfsg-1 (bug #966146)
 	[buster] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-18057
@@ -4381,8 +4424,7 @@ CVE-2020-14321
 	RESERVED
 CVE-2020-14320
 	RESERVED
-CVE-2020-14319
-	RESERVED
+CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a Cross-Site ...)
 	NOT-FOR-US: AMQ Online
 CVE-2020-14318
 	RESERVED
@@ -5638,8 +5680,8 @@ CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature ma
 	NOTE: https://github.com/indutny/elliptic/issues/226
 CVE-2020-13821
 	RESERVED
-CVE-2020-13820
-	RESERVED
+CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...)
+	TODO: check
 CVE-2020-13819
 	RESERVED
 CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when &lt;cachestart&gt;  ...)
@@ -8148,8 +8190,8 @@ CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer ov
 	NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578
 	NOTE: --fuzz-seed in PoC not present until version 4.2.0
 	NOTE: Crash in CLI tool, no security impact
-CVE-2020-12739
-	RESERVED
+CVE-2020-12739 (A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could ...)
+	TODO: check
 CVE-2020-12738
 	RESERVED
 CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...)
@@ -18242,10 +18284,10 @@ CVE-2020-8577
 	RESERVED
 CVE-2020-8576
 	RESERVED
-CVE-2020-8575
-	RESERVED
-CVE-2020-8574
-	RESERVED
+CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows versions prio ...)
+	TODO: check
+CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship with th ...)
+	TODO: check
 CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers ...)
 	NOT-FOR-US: NetApp
 CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
@@ -19324,8 +19366,8 @@ CVE-2020-8110
 	RESERVED
 CVE-2020-8109
 	RESERVED
-CVE-2020-8108
-	RESERVED
+CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...)
+	TODO: check
 CVE-2020-8107
 	RESERVED
 CVE-2020-8106
@@ -27468,8 +27510,8 @@ CVE-2020-4562
 	RESERVED
 CVE-2020-4561
 	RESERVED
-CVE-2020-4560
-	RESERVED
+CVE-2020-4560 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
+	TODO: check
 CVE-2020-4559
 	RESERVED
 CVE-2020-4558
@@ -27480,18 +27522,18 @@ CVE-2020-4556
 	RESERVED
 CVE-2020-4555
 	RESERVED
-CVE-2020-4554
-	RESERVED
-CVE-2020-4553
-	RESERVED
-CVE-2020-4552
-	RESERVED
-CVE-2020-4551
-	RESERVED
-CVE-2020-4550
-	RESERVED
-CVE-2020-4549
-	RESERVED
+CVE-2020-4554 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+	TODO: check
+CVE-2020-4553 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+	TODO: check
+CVE-2020-4552 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute  ...)
+	TODO: check
+CVE-2020-4551 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+	TODO: check
+CVE-2020-4550 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+	TODO: check
+CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute  ...)
+	TODO: check
 CVE-2020-4548
 	RESERVED
 CVE-2020-4547
@@ -27520,8 +27562,8 @@ CVE-2020-4536
 	RESERVED
 CVE-2020-4535
 	RESERVED
-CVE-2020-4534
-	RESERVED
+CVE-2020-4534 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
+	TODO: check
 CVE-2020-4533
 	RESERVED
 CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...)
@@ -27834,8 +27876,8 @@ CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expec
 	NOT-FOR-US: IBM
 CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...)
 	NOT-FOR-US: IBM
-CVE-2020-4377
-	RESERVED
+CVE-2020-4377 (IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Ent ...)
+	TODO: check
 CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could ...)
 	NOT-FOR-US: IBM
 CVE-2020-4375 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1  ...)
@@ -27932,8 +27974,8 @@ CVE-2020-4330
 	RESERVED
 CVE-2020-4329 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...)
 	NOT-FOR-US: IBM
-CVE-2020-4328
-	RESERVED
+CVE-2020-4328 (IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection ...)
+	TODO: check
 CVE-2020-4327 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
 	NOT-FOR-US: IBM
 CVE-2020-4326