automatic update

3 files changed, 51 insertions, 43 deletions

diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index bd649981c0..024193c2e1 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -6691,9 +6691,9 @@ CVE-2015-7382 (SQL injection vulnerability in install.php in Web Reference Datab
 CVE-2015-7381 (Multiple PHP remote file inclusion vulnerabilities in install.php in W ...)
 	NOT-FOR-US: Web Reference Database (aka refbase)
 CVE-2015-7380
-	RESERVED
+	REJECTED
 CVE-2015-7379
-	RESERVED
+	REJECTED
 CVE-2015-7378 (Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "P ...)
 	NOT-FOR-US: Panda Security
 CVE-2015-7377 (Cross-site scripting (XSS) vulnerability in pie-register/pie-register. ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 73923ea68a..f1bb735eff 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -2524,7 +2524,7 @@ CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict
 	NOT-FOR-US: JFrog Artifactory
 CVE-2019-19936
 	RESERVED
-CVE-2019-19935 (Froala Editor before 3.0.6 allows XSS. ...)
+CVE-2019-19935 (Froala Editor before 3.2.2 allows XSS. ...)
 	NOT-FOR-US: Froala Editor
 CVE-2019-19934
 	RESERVED
@@ -23566,7 +23566,7 @@ CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH
 CVE-2019-11843 (The MailPoet plugin before 3.23.2 for WordPress allows remote attacker ...)
 	NOT-FOR-US: MailPoet plugin for WordPress
 CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...)
-	{DLA-1920-1}
+	{DLA-2402-1 DLA-1920-1}
 	- golang-go.crypto 1:0.0~git20200221.2aa609c-1
 	NOTE: https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
 	NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text")
@@ -23574,7 +23574,7 @@ CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsi
 	NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
 	NOTE: Upstream feels that this is not a security issue. See https://github.com/golang/go/issues/41200.
 CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
-	{DLA-1840-1}
+	{DLA-2402-1 DLA-1840-1}
 	- golang-go.crypto 1:0.0~git20200221.2aa609c-1
 	NOTE: https://github.com/golang/go/issues/30965
 	NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 18d04b4cf0..92cb9a3b43 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,9 @@
+CVE-2020-26886
+	RESERVED
+CVE-2020-26885
+	RESERVED
+CVE-2020-26884
+	RESERVED
 CVE-2020-26883
 	RESERVED
 CVE-2020-26882
@@ -2102,8 +2108,8 @@ CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 a
 	NOTE: https://phabricator.wikimedia.org/T260485
 CVE-2020-25868
 	RESERVED
-CVE-2020-25867
-	RESERVED
+CVE-2020-25867 (SoPlanning before 1.47 doesn't correctly check the security key used t ...)
+	TODO: check
 CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dis ...)
 	- wireshark 3.2.7-1
 	[buster] - wireshark <not-affected> (Vulnerable code not present)
@@ -2350,8 +2356,8 @@ CVE-2020-25770 (An out-of-bounds read information disclosure vulnerabilities in
 	NOT-FOR-US: Trend Micro
 CVE-2020-25769
 	RESERVED
-CVE-2020-25768
-	RESERVED
+CVE-2020-25768 (Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 hav ...)
+	TODO: check
 CVE-2020-25767
 	RESERVED
 CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...)
@@ -23725,8 +23731,8 @@ CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This
 	NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
 CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android,  ...)
 	NOT-FOR-US: DuckDuckGo application for Android and iOS
-CVE-2020-15501
-	RESERVED
+CVE-2020-15501 (** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd genera ...)
+	TODO: check
 CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...)
 	NOT-FOR-US: TileServer GL
 CVE-2020-15499 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...)
@@ -24346,8 +24352,8 @@ CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath`
 CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...)
 	- php-nette <removed>
 	NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
-CVE-2020-15226
-	RESERVED
+CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...)
+	TODO: check
 CVE-2020-15225
 	RESERVED
 CVE-2020-15224
@@ -24364,8 +24370,8 @@ CVE-2020-15219
 	RESERVED
 CVE-2020-15218
 	RESERVED
-CVE-2020-15217
-	RESERVED
+CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user information t ...)
+	TODO: check
 CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) before ve ...)
 	- golang-github-russellhaering-goxmldsig <unfixed> (bug #971615)
 	NOTE: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
@@ -35098,6 +35104,7 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resulta
 CVE-2020-10937
 	RESERVED
 CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
+	{DLA-2401-1}
 	- sympa 6.2.40~dfsg-5 (bug #961491)
 	NOTE: https://sympa-community.github.io/security/2020-002.html
 	NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
@@ -39095,6 +39102,7 @@ CVE-2020-9285
 CVE-2020-9284
 	RESERVED
 CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...)
+	{DLA-2402-1}
 	- golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462)
 	[buster] - golang-go.crypto <no-dsa> (Minor issue)
 	[stretch] - golang-go.crypto <no-dsa> (Minor issue)
@@ -52077,20 +52085,20 @@ CVE-2020-3604
 	RESERVED
 CVE-2020-3603
 	RESERVED
-CVE-2020-3602
-	RESERVED
-CVE-2020-3601
-	RESERVED
+CVE-2020-3602 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco  ...)
+	TODO: check
+CVE-2020-3601 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco  ...)
+	TODO: check
 CVE-2020-3600
 	RESERVED
 CVE-2020-3599
 	RESERVED
-CVE-2020-3598
-	RESERVED
-CVE-2020-3597
-	RESERVED
-CVE-2020-3596
-	RESERVED
+CVE-2020-3598 (A vulnerability in the web-based management interface of Cisco Vision  ...)
+	TODO: check
+CVE-2020-3597 (A vulnerability in the configuration restore feature of Cisco Nexus Da ...)
+	TODO: check
+CVE-2020-3596 (A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expr ...)
+	TODO: check
 CVE-2020-3595
 	RESERVED
 CVE-2020-3594
@@ -52103,8 +52111,8 @@ CVE-2020-3591
 	RESERVED
 CVE-2020-3590
 	RESERVED
-CVE-2020-3589
-	RESERVED
+CVE-2020-3589 (A vulnerability in the web-based management interface of Cisco Identit ...)
+	TODO: check
 CVE-2020-3588
 	RESERVED
 CVE-2020-3587
@@ -52145,10 +52153,10 @@ CVE-2020-3570
 	RESERVED
 CVE-2020-3569 (Multiple vulnerabilities in the Distance Vector Multicast Routing Prot ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3568
-	RESERVED
-CVE-2020-3567
-	RESERVED
+CVE-2020-3568 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
+	TODO: check
+CVE-2020-3567 (A vulnerability in the management REST API of Cisco Industrial Network ...)
+	TODO: check
 CVE-2020-3566 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3565
@@ -52193,10 +52201,10 @@ CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco As
 	NOT-FOR-US: Cisco
 CVE-2020-3545 (A vulnerability in Cisco FXOS Software could allow an authenticated, l ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3544
-	RESERVED
-CVE-2020-3543
-	RESERVED
+CVE-2020-3544 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+	TODO: check
+CVE-2020-3543 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...)
+	TODO: check
 CVE-2020-3542 (A vulnerability in Cisco Webex Training could allow an authenticated,  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex Meetings  ...)
@@ -52209,10 +52217,10 @@ CVE-2020-3538
 	RESERVED
 CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could allow an au ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3536
-	RESERVED
-CVE-2020-3535
-	RESERVED
+CVE-2020-3536 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
+	TODO: check
+CVE-2020-3535 (A vulnerability in the loading mechanism of specific DLLs in the Cisco ...)
+	TODO: check
 CVE-2020-3534
 	RESERVED
 CVE-2020-3533
@@ -52350,8 +52358,8 @@ CVE-2020-3469
 	RESERVED
 CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3467
-	RESERVED
+CVE-2020-3467 (A vulnerability in the web-based management interface of Cisco Identit ...)
+	TODO: check
 CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3465 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...)
@@ -52656,8 +52664,8 @@ CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco
 	NOT-FOR-US: Cisco
 CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3320
-	RESERVED
+CVE-2020-3320 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+	TODO: check
 CVE-2020-3319 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)