automatic update

6 files changed, 132 insertions, 129 deletions

diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index a65194a6f4..9e40545852 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -5345,11 +5345,9 @@ CVE-2011-3204 (hammerhead.cc in Hammerhead 2.1.4 allows local users to write to
 	[lenny] - hammerhead <no-dsa> (Minor issue)
 	[squeeze] - hammerhead <no-dsa> (Minor issue)
 	NOTE: https://launchpad.net/bugs/826679
-CVE-2011-3203 [Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution]
-	RESERVED
+CVE-2011-3203 (A Code Execution vulnerability exists the attachment parameter to inde ...)
 	NOT-FOR-US: Jcow
-CVE-2011-3202 [Jcow CMS 4.2 <= | Cross Site Scripting]
-	RESERVED
+CVE-2011-3202 (A Cross-Site Scripting (XSS) vulnerability exists in the g parameter t ...)
 	NOT-FOR-US: Jcow
 CVE-2011-3201 (GNOME Evolution before 3.2.3 allows user-assisted remote attackers to  ...)
 	- evolution <unfixed> (unimportant)
@@ -5411,8 +5409,7 @@ CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assiste
 CVE-2011-3184 (The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...)
 	- pidgin 2.10.0-1 (unimportant)
 	NOTE: Only exploitable by a malicious MSN server to crash the client
-CVE-2011-3183
-	RESERVED
+CVE-2011-3183 (A Cross-Site Scripting (XSS) vulnerability exists in the rcID paramete ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the mall ...)
 	{DSA-2408-1}
@@ -6220,11 +6217,9 @@ CVE-2011-2936 (Elgg through 1.7.10 has a SQL injection vulnerability ...)
 	- elgg <itp> (bug #526197)
 CVE-2011-2935 (Elgg through 1.7.10 has XSS ...)
 	- elgg <itp> (bug #526197)
-CVE-2011-2934
-	RESERVED
+CVE-2011-2934 (A Cross Site Request Forgery (CSRF) vulnerability exists in the admini ...)
 	NOT-FOR-US: WebsiteBaker
-CVE-2011-2933
-	RESERVED
+CVE-2011-2933 (An Arbitrary File Upload vulnerability exists in admin/media/upload.ph ...)
 	NOT-FOR-US: WebsiteBaker
 CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...)
 	{DSA-2655-1}
@@ -6922,11 +6917,9 @@ CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote D
 	- busybox 1:1.20.0-3 (unimportant; bug #635548)
 	NOTE: the default action script of busybox is not vulnerable to this attack
 	NOTE: fixed in 1.20 (experimental). default script in udeb may be vulnerable.
-CVE-2011-2715
-	RESERVED
+CVE-2011-2715 (An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0 ...)
 	NOT-FOR-US: Drupal data module
-CVE-2011-2714
-	RESERVED
+CVE-2011-2714 (A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6 ...)
 	NOT-FOR-US: Drupal data module
 CVE-2011-2713 (oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows u ...)
 	{DSA-2315-1}
@@ -6948,8 +6941,7 @@ CVE-2011-2708
 	REJECTED
 CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Lin ...)
 	- linux-2.6 <not-affected> (xtensa arch not used in Debian)
-CVE-2011-2706
-	RESERVED
+CVE-2011-2706 (A Cross-Site Scripting (XSS) vulnerability exists in the reorder admin ...)
 	NOT-FOR-US: sNews
 CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby  ...)
 	{DLA-235-1 DLA-88-1}
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 30b2f67000..ffedbea523 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -13220,8 +13220,8 @@ CVE-2016-6594 (Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5
 	NOT-FOR-US: Blue Coat
 CVE-2016-6593 (A code-execution vulnerability exists during startup in jhi.dll and ot ...)
 	NOT-FOR-US: Symantec VIP Access
-CVE-2016-6592
-	RESERVED
+CVE-2016-6592 (A vulnerability was found in Symantec Norton Download Manager versions ...)
+	TODO: check
 CVE-2016-6591 (A security bypass vulnerability exists in Symantec Norton App Lock 1.0 ...)
 	NOT-FOR-US: Symantec
 CVE-2016-6590 (A privilege escalation vulnerability exists when loading DLLs during b ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 3cd74b2a9c..22762bf867 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -37578,7 +37578,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi
 CVE-2017-5716
 	REJECTED
 CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and indir ...)
-	{DSA-4213-1 DSA-4188-1 DSA-4187-1 DLA-1497-1 DLA-1422-1 DLA-1369-1}
+	{DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-1497-1 DLA-1422-1 DLA-1369-1}
 	- linux 4.15.11-1
 	- intel-microcode 3.20180425.1
 	[stretch] - intel-microcode 3.20180425.1~deb9u1
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 059f9ad3f3..d426fb741a 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -3539,8 +3539,8 @@ CVE-2018-19876 (cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c,
 	NOTE: and became vulnerable with freetype 2.9 which allows to define a different allocator. Partially
 	NOTE: fixed in https://gitlab.freedesktop.org/cairo/cairo/commit/c3659d7ef662b55949307ece7b1f613a7dc32620
 	NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645
-CVE-2018-1002104
-	RESERVED
+CVE-2018-1002104 (Versions &lt; 1.5 of the Kubernetes ingress default backend, which han ...)
+	TODO: check
 CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Das ...)
 	NOT-FOR-US: minikube
 CVE-2018-1002102 (Improper validation of URL redirection in the Kubernetes API server in ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 70add1891a..29e4cd821b 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -7777,9 +7777,9 @@ CVE-2019-17152
 CVE-2019-17151 (This vulnerability allows remote attackers redirect users to an extern ...)
 	NOT-FOR-US: Tencent WeChat
 CVE-2019-17150
-	RESERVED
+	REJECTED
 CVE-2019-17149
-	RESERVED
+	REJECTED
 CVE-2019-17148 (This vulnerability allows local attackers to escalate privileges on af ...)
 	NOT-FOR-US: Parallels
 CVE-2019-17147 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -8737,8 +8737,8 @@ CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the R
 	[jessie] - waitress <no-dsa> (Minor issue)
 	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p
 	NOTE: https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba 
-CVE-2019-16784
-	RESERVED
+CVE-2019-16784 (In PyInstaller before version 3.6, only on Windows, a local privilege  ...)
+	TODO: check
 CVE-2019-16783
 	RESERVED
 CVE-2019-16782 (There's a possible information leak / session hijack vulnerability in  ...)
@@ -46194,7 +46194,8 @@ CVE-2019-2226 (In device_class_to_int of device_class.cc, there is a possible ou
 	NOT-FOR-US: Android
 CVE-2019-2225 (When pairing with a Bluetooth device, it may be possible to pair a mal ...)
 	NOT-FOR-US: Android
-CVE-2019-2224 (In ReadMATImage of mat.c, there is a possible out of bounds write due  ...)
+CVE-2019-2224
+	REJECTED
 	NOTE: Duplicate of CVE-2019-15140, reported to MITRE
 CVE-2019-2223 (In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bo ...)
 	NOT-FOR-US: Android Media Framework
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 19ba7221c1..38efec4bb8 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,4 +1,14 @@
-CVE-2020-7053 [drm/i915: Fix use-after-free when destroying GEM context]
+CVE-2020-7058 (** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ...)
+	TODO: check
+CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a d ...)
+	TODO: check
+CVE-2020-7056
+	RESERVED
+CVE-2020-7055
+	RESERVED
+CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...)
+	TODO: check
+CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...)
 	- linux 5.2.6-1
 	NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/
 CVE-2020-7052
@@ -3156,10 +3166,10 @@ CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection ex
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/
 CVE-2020-5503
 	RESERVED
-CVE-2020-5502
-	RESERVED
-CVE-2020-5501
-	RESERVED
+CVE-2020-5502 (phpBB 3.2.8 allows a CSRF attack that can approve pending group member ...)
+	TODO: check
+CVE-2020-5501 (phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. ...)
+	TODO: check
 CVE-2020-5500
 	RESERVED
 CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...)
@@ -12980,118 +12990,118 @@ CVE-2020-0658
 	RESERVED
 CVE-2020-0657
 	RESERVED
-CVE-2020-0656
-	RESERVED
+CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+	TODO: check
 CVE-2020-0655
 	RESERVED
-CVE-2020-0654
-	RESERVED
-CVE-2020-0653
-	RESERVED
-CVE-2020-0652
-	RESERVED
-CVE-2020-0651
-	RESERVED
-CVE-2020-0650
-	RESERVED
+CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft OneDrive A ...)
+	TODO: check
+CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+	TODO: check
+CVE-2020-0652 (A remote code execution vulnerability exists in Microsoft Office softw ...)
+	TODO: check
+CVE-2020-0651 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+	TODO: check
+CVE-2020-0650 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+	TODO: check
 CVE-2020-0649
 	RESERVED
 CVE-2020-0648
 	RESERVED
-CVE-2020-0647
-	RESERVED
-CVE-2020-0646
-	RESERVED
+CVE-2020-0647 (A spoofing vulnerability exists when Office Online does not validate o ...)
+	TODO: check
+CVE-2020-0646 (A remote code execution vulnerability exists when the Microsoft .NET F ...)
+	TODO: check
 CVE-2020-0645
 	RESERVED
-CVE-2020-0644
-	RESERVED
-CVE-2020-0643
-	RESERVED
-CVE-2020-0642
-	RESERVED
-CVE-2020-0641
-	RESERVED
-CVE-2020-0640
-	RESERVED
-CVE-2020-0639
-	RESERVED
-CVE-2020-0638
-	RESERVED
-CVE-2020-0637
-	RESERVED
-CVE-2020-0636
-	RESERVED
-CVE-2020-0635
-	RESERVED
-CVE-2020-0634
-	RESERVED
-CVE-2020-0633
-	RESERVED
-CVE-2020-0632
-	RESERVED
-CVE-2020-0631
-	RESERVED
-CVE-2020-0630
-	RESERVED
-CVE-2020-0629
-	RESERVED
-CVE-2020-0628
-	RESERVED
-CVE-2020-0627
-	RESERVED
-CVE-2020-0626
-	RESERVED
-CVE-2020-0625
-	RESERVED
-CVE-2020-0624
-	RESERVED
-CVE-2020-0623
-	RESERVED
-CVE-2020-0622
-	RESERVED
-CVE-2020-0621
-	RESERVED
-CVE-2020-0620
-	RESERVED
+CVE-2020-0644 (An elevation of privilege vulnerability exists when Microsoft Windows  ...)
+	TODO: check
+CVE-2020-0643 (An information disclosure vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0642 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+	TODO: check
+CVE-2020-0641 (An elevation of privilege vulnerability exists in Windows Media Servic ...)
+	TODO: check
+CVE-2020-0640 (A remote code execution vulnerability exists when Internet Explorer im ...)
+	TODO: check
+CVE-2020-0639 (An information disclosure vulnerability exists in the Windows Common L ...)
+	TODO: check
+CVE-2020-0638 (An elevation of privilege vulnerability exists in the way the Update N ...)
+	TODO: check
+CVE-2020-0637 (An information disclosure vulnerability exists when Remote Desktop Web ...)
+	TODO: check
+CVE-2020-0636 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0635 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
+	TODO: check
+CVE-2020-0634 (An elevation of privilege vulnerability exists when the Windows Common ...)
+	TODO: check
+CVE-2020-0633 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0632 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0631 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0630 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0629 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0628 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0627 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0626 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0625 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0624 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+	TODO: check
+CVE-2020-0623 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0622 (An information disclosure vulnerability exists when the Microsoft Wind ...)
+	TODO: check
+CVE-2020-0621 (A security feature bypass vulnerability exists in Windows 10 when thir ...)
+	TODO: check
+CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft Cryptogr ...)
+	TODO: check
 CVE-2020-0619
 	RESERVED
 CVE-2020-0618
 	RESERVED
-CVE-2020-0617
-	RESERVED
-CVE-2020-0616
-	RESERVED
-CVE-2020-0615
-	RESERVED
-CVE-2020-0614
-	RESERVED
-CVE-2020-0613
-	RESERVED
-CVE-2020-0612
-	RESERVED
-CVE-2020-0611
-	RESERVED
-CVE-2020-0610
-	RESERVED
-CVE-2020-0609
-	RESERVED
-CVE-2020-0608
-	RESERVED
-CVE-2020-0607
-	RESERVED
-CVE-2020-0606
-	RESERVED
-CVE-2020-0605
-	RESERVED
+CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V Virtua ...)
+	TODO: check
+CVE-2020-0616 (A denial of service vulnerability exists when Windows improperly handl ...)
+	TODO: check
+CVE-2020-0615 (An information disclosure vulnerability exists in the Windows Common L ...)
+	TODO: check
+CVE-2020-0614 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0613 (An elevation of privilege vulnerability exists in the way that the Win ...)
+	TODO: check
+CVE-2020-0612 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...)
+	TODO: check
+CVE-2020-0611 (A remote code execution vulnerability exists in the Windows Remote Des ...)
+	TODO: check
+CVE-2020-0610 (A remote code execution vulnerability exists in Windows Remote Desktop ...)
+	TODO: check
+CVE-2020-0609 (A remote code execution vulnerability exists in Windows Remote Desktop ...)
+	TODO: check
+CVE-2020-0608 (An information disclosure vulnerability exists when the win32k compone ...)
+	TODO: check
+CVE-2020-0607 (An information disclosure vulnerability exists in the way that Microso ...)
+	TODO: check
+CVE-2020-0606 (A remote code execution vulnerability exists in .NET software when the ...)
+	TODO: check
+CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...)
+	TODO: check
 CVE-2020-0604
 	RESERVED
-CVE-2020-0603
-	RESERVED
-CVE-2020-0602
-	RESERVED
-CVE-2020-0601
-	RESERVED
+CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software  ...)
+	TODO: check
+CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly  ...)
+	TODO: check
+CVE-2020-0601 (A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32. ...)
+	TODO: check
 CVE-2020-0600
 	RESERVED
 CVE-2020-0599