automatic update

6 files changed, 97 insertions, 69 deletions

diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index e0982a21bc..9cace2d283 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -16315,8 +16315,7 @@ CVE-2012-0072 (Unspecified vulnerability in the Listener component in Oracle Dat
 	NOT-FOR-US: Oracle Database Server
 CVE-2012-0071 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
 	NOT-FOR-US: Oracle Fusion Middleware
-CVE-2012-0785 [Jenkins and hash collision attack]
-	RESERVED
+CVE-2012-0785 (Hash collision attack vulnerability in Jenkins before 1.447, Jenkins L ...)
 	- jenkins-winstone 0.9.10-jenkins-31+dfsg-1 (bug #655553)
 	- jenkins-executable-war 1.25-1 (bug #655554)
 	- jenkins 1.409.3+dfsg-2
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 4c5658c17e..278389d573 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -2,8 +2,7 @@ CVE-2015-9543 (An issue was discovered in OpenStack Nova before 18.2.4, 19.x bef
 	- nova <unfixed> (bug #951635)
 	NOTE: https://launchpad.net/bugs/1492140
 	NOTE: https://review.opendev.org/220622
-CVE-2015-9542 [buffer overflow in password field]
-	RESERVED
+CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...)
 	{DLA-2116-1}
 	- libpam-radius-auth 1.4.0-3 (bug #951396)
 	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 775a249d19..083a6a104f 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,3 +1,5 @@
+CVE-2016-11020 (Kunena before 5.0.4 does not restrict avatar file extensions to gif, j ...)
+	TODO: check
 CVE-2016-11019
 	RESERVED
 CVE-2016-11018 (An issue was discovered in the Huge-IT gallery-images plugin before 1. ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index bd8923b4ee..fd25f911b0 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -16807,8 +16807,8 @@ CVE-2018-14707 (Directory traversal in the Drobo Pix web application on Drobo 5N
 	NOT-FOR-US: Drobo Pix web application on Drobo 5N2 NAS
 CVE-2018-14706 (System command injection in the /DroboPix/api/drobopix/demo endpoint o ...)
 	NOT-FOR-US: Drobo 5N2 NAS
-CVE-2018-14705
-	RESERVED
+CVE-2018-14705 (In Drobo 5N2 4.0.5, all optional applications lack any form of authent ...)
+	TODO: check
 CVE-2018-14704 (Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS vers ...)
 	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14703 (Incorrect access control in the /mysql/api/droboapp/data endpoint in D ...)
@@ -20442,8 +20442,8 @@ CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK A3002R
 	NOT-FOR-US: TOTOLINK
 CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU version 1. ...)
 	NOT-FOR-US: TOTOLINK
-CVE-2018-13313
-	RESERVED
+CVE-2018-13313 (In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the  ...)
+	TODO: check
 CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0 ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2018-13311 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 8fb33cdc3f..1c7a418c00 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,7 @@
+CVE-2019-20481 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Fun ...)
+	TODO: check
+CVE-2019-20480 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website vis ...)
+	TODO: check
 CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...)
 	- libapache2-mod-auth-openidc 2.4.1-1
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
@@ -1103,8 +1107,8 @@ CVE-2019-20046 (The Synergy Systems &amp; Solutions PLC &amp; RTU system has a v
 	NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system
 CVE-2019-20045 (The Synergy Systems &amp; Solutions PLC &amp; RTU system has a vulnera ...)
 	NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system
-CVE-2019-20044 [insecure dropping of privileges when unsetting PRIVILEGED option]
-	RESERVED
+CVE-2019-20044 (In Zsh before 5.8, attackers able to execute commands can regain privi ...)
+	{DLA-2117-1}
 	- zsh 5.8-1 (bug #951458)
 	[buster] - zsh <no-dsa> (Minor issue)
 	[stretch] - zsh <no-dsa> (Minor issue)
@@ -5969,10 +5973,10 @@ CVE-2019-18185
 	RESERVED
 CVE-2019-18184 (Crestron DMC-STRO 1.0 devices allow remote command execution as root v ...)
 	NOT-FOR-US: Crestron DMC-STRO 1.0 devices
-CVE-2019-18183
-	RESERVED
-CVE-2019-18182
-	RESERVED
+CVE-2019-18183 (pacman before 5.2 is vulnerable to arbitrary command injection in lib/ ...)
+	TODO: check
+CVE-2019-18182 (pacman before 5.2 is vulnerable to arbitrary command injection in conf ...)
+	TODO: check
 CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train ...)
 	NOT-FOR-US: CloudVision Portal
 CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...)
@@ -8113,10 +8117,10 @@ CVE-2019-17231
 	RESERVED
 CVE-2019-17230
 	RESERVED
-CVE-2019-17229
-	RESERVED
-CVE-2019-17228
-	RESERVED
+CVE-2019-17229 (includes/options.php in the motors-car-dealership-classified-listings  ...)
+	TODO: check
+CVE-2019-17228 (includes/options.php in the motors-car-dealership-classified-listings  ...)
+	TODO: check
 CVE-2019-17227
 	RESERVED
 CVE-2019-17226 (CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin &gt; Modu ...)
@@ -10572,7 +10576,7 @@ CVE-2019-16231 (drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not
 	NOTE: https://lkml.org/lkml/2019/9/9/487
 	NOTE: Requires memory allocation failure during device probe, so unlikely to
 	NOTE: be exploitable, and then it's only a local DoS.
-CVE-2019-16230 (drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 doe ...)
+CVE-2019-16230 (** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux ke ...)
 	- linux <unfixed> (unimportant)
 	NOTE: https://lkml.org/lkml/2019/9/9/487
 	NOTE: Requires memory allocation failure during device probe, so unlikely to
@@ -12868,8 +12872,8 @@ CVE-2019-15301 (A SQL injection vulnerability in the method Terrasoft.Core.DB.Co
 	NOT-FOR-US: Terrasoft Bpm'online CRM-System SDK
 CVE-2019-15300 (A problem was found in Centreon Web through 19.04.3. An authenticated  ...)
 	- centreon-web <itp> (bug #913903)
-CVE-2019-15299
-	RESERVED
+CVE-2019-15299 (An issue was discovered in Centreon Web through 19.04.3. When a user c ...)
+	TODO: check
 CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenticated  ...)
 	- centreon-web <itp> (bug #913903)
 CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allo ...)
@@ -20460,14 +20464,14 @@ CVE-2019-12515 (There is an out-of-bounds read vulnerability in the function Fla
 	NOTE: https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar
 CVE-2019-12514
 	RESERVED
-CVE-2019-12513
-	RESERVED
-CVE-2019-12512
-	RESERVED
-CVE-2019-12511
-	RESERVED
-CVE-2019-12510
-	RESERVED
+CVE-2019-12513 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP dis ...)
+	TODO: check
+CVE-2019-12512 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execu ...)
+	TODO: check
+CVE-2019-12511 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may execu ...)
+	TODO: check
+CVE-2019-12510 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypas ...)
+	TODO: check
 CVE-2019-12509
 	RESERVED
 CVE-2019-12508
@@ -23941,7 +23945,7 @@ CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to
 CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints that cont ...)
 	NOT-FOR-US: Cloud Foundry UAA
 CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...)
-	{DSA-4460-1 DSA-4434-1 DLA-1797-1 DLA-1777-1}
+	{DSA-4460-1 DSA-4434-1 DLA-2118-1 DLA-1797-1 DLA-1777-1}
 	- drupal7 <removed> (bug #927330)
 	- jquery 3.3.1~dfsg-2 (bug #927385)
 	[stretch] - jquery 3.1.1-2+deb9u1
@@ -25224,14 +25228,14 @@ CVE-2019-10801
 	RESERVED
 CVE-2019-10800
 	RESERVED
-CVE-2019-10799
-	RESERVED
-CVE-2019-10798
-	RESERVED
+CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary commands. Th ...)
+	TODO: check
+CVE-2019-10798 (rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects r ...)
+	TODO: check
 CVE-2019-10797 (Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Respo ...)
 	TODO: check
-CVE-2019-10796
-	RESERVED
+CVE-2019-10796 (rpi through 0.0.3 allows execution of arbritary commands. The variable ...)
+	TODO: check
 CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...)
 	NOT-FOR-US: undefsafe
 CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...)
@@ -41439,8 +41443,8 @@ CVE-2019-4747
 	RESERVED
 CVE-2019-4746
 	RESERVED
-CVE-2019-4745
-	RESERVED
+CVE-2019-4745 (IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to d ...)
+	TODO: check
 CVE-2019-4744 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scri ...)
 	NOT-FOR-US: IBM
 CVE-2019-4743 (IBM Financial Transaction Manager 3.0 does not set the secure attribut ...)
@@ -41523,8 +41527,8 @@ CVE-2019-4705
 	RESERVED
 CVE-2019-4704
 	RESERVED
-CVE-2019-4703
-	RESERVED
+CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft ...)
+	TODO: check
 CVE-2019-4702
 	RESERVED
 CVE-2019-4701
@@ -41739,8 +41743,8 @@ CVE-2019-4597
 	RESERVED
 CVE-2019-4596
 	RESERVED
-CVE-2019-4595
-	RESERVED
+CVE-2019-4595 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 c ...)
+	TODO: check
 CVE-2019-4594
 	RESERVED
 CVE-2019-4593
@@ -43888,8 +43892,8 @@ CVE-2019-3672
 	RESERVED
 CVE-2019-3671
 	RESERVED
-CVE-2019-3670
-	RESERVED
+CVE-2019-3670 (Remote Code Execution vulnerability in the web interface in McAfee Web ...)
+	TODO: check
 CVE-2019-3669
 	RESERVED
 CVE-2019-3668
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index a4ac91c0af..f9b3004b4f 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,4 +1,28 @@
-CVE-2020-9366
+CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...)
+	TODO: check
+CVE-2020-9373
+	RESERVED
+CVE-2020-9372
+	RESERVED
+CVE-2020-9371
+	RESERVED
+CVE-2020-9370
+	RESERVED
+CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial  ...)
+	TODO: check
+CVE-2020-9368
+	RESERVED
+CVE-2020-9367
+	RESERVED
+CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...)
+	TODO: check
+CVE-2020-9364
+	RESERVED
+CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection  ...)
+	TODO: check
+CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...)
+	TODO: check
+CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 treated ...)
 	- screen 4.8.0-1 (bug #950896)
 	NOTE: https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/02/06/3
@@ -2586,10 +2610,10 @@ CVE-2020-8133
 	RESERVED
 CVE-2020-8132
 	RESERVED
-CVE-2020-8131
-	RESERVED
-CVE-2020-8130
-	RESERVED
+CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earlier al ...)
+	TODO: check
+CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake &lt; 12.3. ...)
+	TODO: check
 CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...)
 	NOT-FOR-US: script-manager nodejs module
 CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities  ...)
@@ -8689,10 +8713,10 @@ CVE-2020-5247
 	RESERVED
 CVE-2020-5246
 	RESERVED
-CVE-2020-5245
-	RESERVED
-CVE-2020-5244
-	RESERVED
+CVE-2020-5245 (Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary cod ...)
+	TODO: check
+CVE-2020-5244 (In BuddyPress before 5.1.2, requests to a certain REST API endpoint ca ...)
+	TODO: check
 CVE-2020-5243 (uap-core before 0.7.3 is vulnerable to a denial of service attack when ...)
 	TODO: check
 CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to inst ...)
@@ -8852,12 +8876,12 @@ CVE-2020-5190
 	RESERVED
 CVE-2020-5189
 	RESERVED
-CVE-2020-5188
-	RESERVED
-CVE-2020-5187
-	RESERVED
-CVE-2020-5186
-	RESERVED
+CVE-2020-5188 (DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. ...)
+	TODO: check
+CVE-2020-5187 (DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 ...)
+	TODO: check
+CVE-2020-5186 (DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). ...)
+	TODO: check
 CVE-2020-5185
 	RESERVED
 CVE-2020-5184
@@ -10784,8 +10808,8 @@ CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive i
 	NOT-FOR-US: IBM
 CVE-2020-4223
 	RESERVED
-CVE-2020-4222
-	RESERVED
+CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
+	TODO: check
 CVE-2020-4221
 	RESERVED
 CVE-2020-4220
@@ -10802,14 +10826,14 @@ CVE-2020-4215
 	RESERVED
 CVE-2020-4214
 	RESERVED
-CVE-2020-4213
-	RESERVED
-CVE-2020-4212
-	RESERVED
-CVE-2020-4211
-	RESERVED
-CVE-2020-4210
-	RESERVED
+CVE-2020-4213 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
+	TODO: check
+CVE-2020-4212 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
+	TODO: check
+CVE-2020-4211 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
+	TODO: check
+CVE-2020-4210 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
+	TODO: check
 CVE-2020-4209
 	RESERVED
 CVE-2020-4208