automatic update

6 files changed, 85 insertions, 58 deletions

diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index f3ca78c2c7..2da4f58772 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -901,8 +901,7 @@ CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin
 CVE-2011-4938
 	RESERVED
 	NOT-FOR-US: Ariadne CMS not in Debian
-CVE-2011-4937
-	RESERVED
+CVE-2011-4937 (Joomla! 1.7.1 has core information disclosure due to inadequate error  ...)
 	NOT-FOR-US: Joomla!
 CVE-2011-4936
 	REJECTED
@@ -980,8 +979,7 @@ CVE-2011-4914 (The ROSE protocol implementation in the Linux kernel before 2.6.3
 CVE-2011-4913 (The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux ker ...)
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.38-4
-CVE-2011-4912
-	RESERVED
+CVE-2011-4912 (Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout  ...)
 	NOT-FOR-US: Joomla!
 CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in unspecified fi ...)
 	NOT-FOR-US: Joomla!
@@ -4155,8 +4153,7 @@ CVE-2011-3631 (Hardlink before 0.1.2 has multiple integer overflows leading to h
 	- hardlink <not-affected> (Only the C version, ours are written in Python)
 CVE-2011-3630 (Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow ...)
 	- hardlink <not-affected> (Only the C version, ours are written in Python)
-CVE-2011-3629
-	RESERVED
+CVE-2011-3629 (Joomla! core 1.7.1 allows information disclosure due to weak encryptio ...)
 	NOT-FOR-US: Joomla!
 CVE-2011-3628 (Untrusted search path vulnerability in pam_motd (aka the MOTD module)  ...)
 	- pam 1.1.3-7 (low; bug #670076)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 46e58a1527..dc4f61515b 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -2584,8 +2584,8 @@ CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DN
 	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
 CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature  ...)
 	NOT-FOR-US: TP-LINK TL-WR841N router
-CVE-2012-5686
-	RESERVED
+CVE-2012-5686 (ZPanel 10.0.1 has insufficient entropy for its password reset process. ...)
+	TODO: check
 CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote ...)
 	NOT-FOR-US: ZPanel
 CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier  ...)
@@ -2785,8 +2785,7 @@ CVE-2012-5620
 	REJECTED
 CVE-2012-5619 (The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file ...)
 	- sleuthkit 4.1.2-1 (unimportant; bug #695097)
-CVE-2012-5618
-	RESERVED
+CVE-2012-5618 (Ushahidi before 2.6.1 has insufficient entropy for forgot-password tok ...)
 	NOT-FOR-US: Ushahidi
 CVE-2012-5617 (gksu-polkit: permissive PolicyKit policy configuration file allows pri ...)
 	- gksu-polkit <removed> (bug #695807)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 805b0e35ce..cf85331602 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1217,20 +1217,15 @@ CVE-2013-7057 (Cross-site request forgery (CSRF) vulnerability in Axway SecureTr
 	NOT-FOR-US: Axway SecureTransport
 CVE-2013-7056
 	RESERVED
-CVE-2013-7055
-	RESERVED
+CVE-2013-7055 (D-Link DIR-100 4.03B07 has PPTP and poe information disclosure ...)
 	NOT-FOR-US: Router D-Link DIR-100
-CVE-2013-7054
-	RESERVED
+CVE-2013-7054 (D-Link DIR-100 4.03B07: cli.cgi XSS ...)
 	NOT-FOR-US: Router D-Link DIR-100
-CVE-2013-7053
-	RESERVED
+CVE-2013-7053 (D-Link DIR-100 4.03B07: cli.cgi CSRF ...)
 	NOT-FOR-US: Router D-Link DIR-100
-CVE-2013-7052
-	RESERVED
+CVE-2013-7052 (D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi ...)
 	NOT-FOR-US: Router D-Link DIR-100
-CVE-2013-7051
-	RESERVED
+CVE-2013-7051 (D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to chec ...)
 	NOT-FOR-US: Router D-Link DIR-100
 CVE-2013-7047
 	RESERVED
@@ -12436,12 +12431,12 @@ CVE-2013-2680
 	RESERVED
 CVE-2013-2679
 	RESERVED
-CVE-2013-2678
-	RESERVED
+CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...)
+	TODO: check
 CVE-2013-2677
 	RESERVED
-CVE-2013-2676
-	RESERVED
+CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
+	TODO: check
 CVE-2013-2675
 	RESERVED
 CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
@@ -16448,8 +16443,8 @@ CVE-2013-1424 [matplotlib buffer overrun]
 CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3)  ...)
 	{DSA-2633-1}
 	- fusionforge 5.2.1+20130227-1
-CVE-2013-1422
-	RESERVED
+CVE-2013-1422 (webcalendar before 1.2.7 shows the reason for a failed login (e.g., "n ...)
+	TODO: check
 CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar  ...)
 	- webcalendar <removed>
 CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS b ...)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index f5e3280031..9bebf62e17 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -14543,8 +14543,8 @@ CVE-2016-1000106
 	REJECTED
 CVE-2016-1000105
 	REJECTED
-CVE-2016-1000103 (A Security Bypass vulnerability exists in Nginx 2016-07-07 in the HTTP ...)
-	TODO: check
+CVE-2016-1000103
+	REJECTED
 CVE-2016-1000102
 	REJECTED
 CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index c8791653fd..5ddc552501 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1185,8 +1185,8 @@ CVE-2019-19970
 	RESERVED
 CVE-2019-19969
 	RESERVED
-CVE-2019-19968
-	RESERVED
+CVE-2019-19968 (PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting th ...)
+	TODO: check
 CVE-2019-19967 (The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH ...)
 	NOT-FOR-US: Connect Box EuroDOCSIS 3.0 Voice Gateway devices
 CVE-2019-19977 (libESMTP through 1.0.6 mishandles domain copying into a fixed-size buf ...)
@@ -3036,8 +3036,8 @@ CVE-2019-19274 (typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-b
 	NOTE: https://bugs.python.org/issue36495
 	NOTE: Introduced by: https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce (1.3.0)
 	NOTE: Fixed by: https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b (1.3.2)
-CVE-2019-19273
-	RESERVED
+CVE-2019-19273 (On Samsung mobile devices with O(8.0) and P(9.0) software and an Exyno ...)
+	TODO: check
 CVE-2019-19272 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Dir ...)
 	- proftpd-dfsg 1.3.6-1
 	[stretch] - proftpd-dfsg <not-affected> (Bug was introduced in 1.3.5c)
@@ -24838,8 +24838,8 @@ CVE-2019-10786
 	RESERVED
 CVE-2019-10785
 	RESERVED
-CVE-2019-10784
-	RESERVED
+CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be performed wit ...)
+	TODO: check
 CVE-2019-10783 (All versions including 0.0.4 of lsof npm module are vulnerable to Comm ...)
 	TODO: check
 CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScript obj ...)
@@ -28817,8 +28817,8 @@ CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 a
 	- php5 <removed> (unimportant)
 	NOTE: Fixed in 7.1.27, 7.3.3
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77586
-CVE-2019-9674
-	RESERVED
+CVE-2019-9674 (Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...)
+	TODO: check
 CVE-2019-9673 (Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript e ...)
 	NOT-FOR-US: Freenet
 CVE-2019-9672
@@ -41135,10 +41135,10 @@ CVE-2019-4677
 	RESERVED
 CVE-2019-4676
 	RESERVED
-CVE-2019-4675
-	RESERVED
-CVE-2019-4674
-	RESERVED
+CVE-2019-4675 (IBM Security Identity Manager 7.0.1 contains hard-coded credentials, s ...)
+	TODO: check
+CVE-2019-4674 (IBM Security Identity Manager 7.0.1 could allow a remote attacker to t ...)
+	TODO: check
 CVE-2019-4673
 	RESERVED
 CVE-2019-4672
@@ -41361,8 +41361,8 @@ CVE-2019-4564 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vu
 	NOT-FOR-US: IBM
 CVE-2019-4563
 	RESERVED
-CVE-2019-4562
-	RESERVED
+CVE-2019-4562 (IBM Security Directory Server 6.4.0 stores sensitive information in UR ...)
+	TODO: check
 CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote attacker to e ...)
 	NOT-FOR-US: IBM
 CVE-2019-4560 (IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulne ...)
@@ -41383,14 +41383,14 @@ CVE-2019-4553
 	RESERVED
 CVE-2019-4552
 	RESERVED
-CVE-2019-4551
-	RESERVED
-CVE-2019-4550
-	RESERVED
+CVE-2019-4551 (IBM Security Directory Server 6.4.0 does not perform an authentication ...)
+	TODO: check
+CVE-2019-4550 (IBM Security Directory Server 6.4.0 is deployed with active debugging  ...)
+	TODO: check
 CVE-2019-4549 (IBM Security Directory Server 6.4.0 discloses sensitive information to ...)
 	NOT-FOR-US: IBM
-CVE-2019-4548
-	RESERVED
+CVE-2019-4548 (IBM Security Directory Server 6.4.0 could allow a remote attacker to h ...)
+	TODO: check
 CVE-2019-4547
 	RESERVED
 CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment Manager ...)
@@ -41403,10 +41403,10 @@ CVE-2019-4543
 	RESERVED
 CVE-2019-4542 (IBM Security Directory Server 6.4.0 is vulnerable to cross-site script ...)
 	NOT-FOR-US: IBM
-CVE-2019-4541
-	RESERVED
-CVE-2019-4540
-	RESERVED
+CVE-2019-4541 (IBM Security Directory Server 6.4.0 uses incomplete blacklisting for i ...)
+	TODO: check
+CVE-2019-4540 (IBM Security Directory Server 6.4.0 uses weaker than expected cryptogr ...)
+	TODO: check
 CVE-2019-4539 (IBM Security Directory Server 6.4.0 does not properly neutralize speci ...)
 	NOT-FOR-US: IBM
 CVE-2019-4538 (IBM Security Directory Server 6.4.0 could allow a remote attacker to c ...)
@@ -41583,8 +41583,8 @@ CVE-2019-4453
 	RESERVED
 CVE-2019-4452
 	RESERVED
-CVE-2019-4451
-	RESERVED
+CVE-2019-4451 (IBM Security Identity Manager 6.0.0 is vulnerable to cross-site script ...)
+	TODO: check
 CVE-2019-4450 (IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. T ...)
 	NOT-FOR-US: IBM
 CVE-2019-4449
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 6cc8619398..eff9c45072 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,39 @@
+CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...)
+	TODO: check
+CVE-2020-8614
+	RESERVED
+CVE-2020-8613
+	RESERVED
+CVE-2020-8612
+	RESERVED
+CVE-2020-8611
+	RESERVED
+CVE-2020-8610
+	RESERVED
+CVE-2020-8609
+	RESERVED
+CVE-2020-8608
+	RESERVED
+CVE-2020-8607
+	RESERVED
+CVE-2020-8606
+	RESERVED
+CVE-2020-8605
+	RESERVED
+CVE-2020-8604
+	RESERVED
+CVE-2020-8603
+	RESERVED
+CVE-2020-8602
+	RESERVED
+CVE-2020-8601
+	RESERVED
+CVE-2020-8600
+	RESERVED
+CVE-2020-8599
+	RESERVED
+CVE-2020-8598
+	RESERVED
 CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overf ...)
 	- ppp <unfixed> (bug #950618)
 	NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
@@ -2840,8 +2876,8 @@ CVE-2020-7223
 	RESERVED
 CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06- ...)
 	NOT-FOR-US: Amcrest Web Server
-CVE-2020-7221
-	RESERVED
+CVE-2020-7221 (mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege es ...)
+	TODO: check
 CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...)
 	NOT-FOR-US: HashiCorp Vault
 CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...)
@@ -9142,8 +9178,8 @@ CVE-2020-4165
 	RESERVED
 CVE-2020-4164
 	RESERVED
-CVE-2020-4163
-	RESERVED
+CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under special ...)
+	TODO: check
 CVE-2020-4162
 	RESERVED
 CVE-2020-4161