automatic update

7 files changed, 105 insertions, 86 deletions

diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 2be38a8c41..a27227c6e9 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -5421,7 +5421,7 @@ CVE-2011-3174 (Buffer overflow in the DoFindReplace function in the ISGrid.Grid2
 	NOT-FOR-US: Novell ZENworks Configuration Management
 CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in nippl ...)
 	NOT-FOR-US: Novell Open Enterprise Server
-CVE-2011-3172 (A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows at ...)
+CVE-2011-3172 (A vulnerability in pam_modules of SUSE Linux Enterprise allows attacke ...)
 	- libpam-unix2 <removed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=707645
 	NOTE: Issue was not fixed up to the version removed from unstable.
@@ -12915,7 +12915,7 @@ CVE-2011-0469 (Code injection in openSUSE when running some source services used
 	NOTE: Secondary fix: https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6
 CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and befo ...)
 	NOT-FOR-US: OpenSUSE aaa_base package
-CVE-2011-0467 (A vulnerability in the listing of available software of SUSE SUSE Stud ...)
+CVE-2011-0467 (A vulnerability in the listing of available software of SUSE Studio On ...)
 	NOT-FOR-US: SUSE Studio Onsite
 CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2. ...)
 	NOT-FOR-US: openSUSE Build Service
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index bff9e8cc76..9784ad38cd 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -739,8 +739,8 @@ CVE-2012-6454
 	RESERVED
 CVE-2012-6452 (Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway  ...)
 	NOT-FOR-US: Axway Secure Messenger
-CVE-2012-6451
-	RESERVED
+CVE-2012-6451 (Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass ...)
+	TODO: check
 CVE-2012-6450
 	RESERVED
 CVE-2012-6449
@@ -1051,8 +1051,8 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi
 	- wavesurfer <not-affected> (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615)
 	NOTE: http://secunia.com/advisories/49889/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
-CVE-2012-6302
-	RESERVED
+CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...)
+	TODO: check
 CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...)
 	NOT-FOR-US: Android browser
 CVE-2012-6300
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 1cfaf4e1bc..9de7a424c7 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -8324,8 +8324,7 @@ CVE-2013-4335
 CVE-2013-4334
 	RESERVED
 	NOT-FOR-US: opWebAPIPlugin
-CVE-2013-4333
-	RESERVED
+CVE-2013-4333 (OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an Ex ...)
 	NOT-FOR-US: OpenPNE
 CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library (ak ...)
 	{DLA-165-1}
@@ -9446,8 +9445,8 @@ CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501,
 	NOT-FOR-US: Grandstream
 CVE-2013-3961 (SQL injection vulnerability in edit_event.php in Simple PHP Agenda bef ...)
 	NOT-FOR-US: Simple PHP Agenda
-CVE-2013-3960
-	RESERVED
+CVE-2013-3960 (Easytime Studio Easy File Manager 1.1 has a HTTP request security bypa ...)
+	TODO: check
 CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIM ...)
 	NOT-FOR-US: Siemens WinCC
 CVE-2013-3958 (The login implementation in the Web Navigator in Siemens WinCC before  ...)
@@ -15889,16 +15888,16 @@ CVE-2013-1600
 	RESERVED
 CVE-2013-1599
 	RESERVED
-CVE-2013-1598
-	RESERVED
-CVE-2013-1597
-	RESERVED
-CVE-2013-1596
-	RESERVED
-CVE-2013-1595
-	RESERVED
-CVE-2013-1594
-	RESERVED
+CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras  ...)
+	TODO: check
+CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP Camera ...)
+	TODO: check
+CVE-2013-1596 (An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Cam ...)
+	TODO: check
+CVE-2013-1595 (A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 030 ...)
+	TODO: check
+CVE-2013-1594 (An Information Disclosure vulnerability exists via a GET request in Vi ...)
+	TODO: check
 CVE-2013-1593 (A Denial of Service vulnerability exists in the WRITE_C function in th ...)
 	NOT-FOR-US: SAP
 CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server service _ ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 3f27eb7d44..0fd372be95 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1923,8 +1923,7 @@ CVE-2014-9723
 	RESERVED
 CVE-2014-9722
 	RESERVED
-CVE-2014-9720
-	RESERVED
+CVE-2014-9720 (Tornado before 3.2.2 sends arbitrary responses that contain a fixed CS ...)
 	{DLA-475-1 DLA-279-1}
 	- python-tornado 3.2.2-1
 	NOTE: https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308
@@ -16037,8 +16036,7 @@ CVE-2014-4174 (wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x
 	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
 CVE-2014-4173
 	RESERVED
-CVE-2014-4172 [php-cas unencoded tickets]
-	RESERVED
+CVE-2014-4172 (A URL parameter injection vulnerability was found in the back-channel  ...)
 	{DSA-3017-1}
 	- php-cas 1.3.3-1 (bug #759718)
 	NOTE: https://github.com/Jasig/phpCAS/pull/125
@@ -22169,17 +22167,13 @@ CVE-2014-1928 (The shell_quote function in python-gnupg 0.3.5 does not properly
 CVE-2014-1927 (The shell_quote function in python-gnupg 0.3.5 does not properly quote ...)
 	{DSA-2946-1}
 	- python-gnupg 0.3.6-1 (bug #738509)
-CVE-2014-1925 [SQL injection]
-	RESERVED
+CVE-2014-1925 (SQL injection vulnerability in the MARC framework import/export functi ...)
 	- koha <itp> (bug #702134)
-CVE-2014-1924 [MARC framework import/export function did not require authentication]
-	RESERVED
+CVE-2014-1924 (The MARC framework import/export function (admin/import_export_framewo ...)
 	- koha <itp> (bug #702134)
-CVE-2014-1923 [arbitrary file write trough edithelp.pl]
-	RESERVED
+CVE-2014-1923 (Multiple directory traversal vulnerabilities in the (1) staff interfac ...)
 	- koha <itp> (bug #702134)
-CVE-2014-1922 [path traversal]
-	RESERVED
+CVE-2014-1922 (Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha be ...)
 	- koha <itp> (bug #702134)
 CVE-2014-1921 (parcimonie before 0.8.1, when using a large keyring, sleeps for the sa ...)
 	{DSA-2860-1}
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 1e44ff1075..784ccc04ba 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -15720,13 +15720,11 @@ CVE-2015-4012
 	RESERVED
 CVE-2015-4011
 	RESERVED
-CVE-2015-4042 [buffer overflow related to SIZE_MAX - lenb - 2 < lena test]
-	RESERVED
+CVE-2015-4042 (Integer overflow in the keycompare_mb function in sort.c in sort in GN ...)
 	- coreutils <not-affected> (Debian does not apply coreutils-i18n.patch)
 	NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
 	NOTE: http://pkgs.fedoraproject.org/cgit/coreutils.git/plain/coreutils-i18n.patch
-CVE-2015-4041 [heap overflow; size calculation without properly considering the number of bytes occupied by multibyte characters]
-	RESERVED
+CVE-2015-4041 (The keycompare_mb function in sort.c in sort in GNU Coreutils through  ...)
 	- coreutils <not-affected> (Debian does not apply coreutils-i18n.patch)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=928749
 	NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
@@ -19040,14 +19038,12 @@ CVE-2015-2839 (The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses a
 	NOT-FOR-US: Citrix NetScaler
 CVE-2015-2838 (Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix ...)
 	NOT-FOR-US: Citrix NetScaler
-CVE-2015-2929 [Dos against tor client; client to crash with an assertion failure]
-	RESERVED
+CVE-2015-2929 (The Hidden Service (HS) client implementation in Tor before 0.2.4.27,  ...)
 	{DSA-3216-1 DLA-187-1}
 	- tor 0.2.5.12-1
 	NOTE: https://trac.torproject.org/projects/tor/ticket/15601
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
-CVE-2015-2928 [DoS against hidden services]
-	RESERVED
+CVE-2015-2928 (The Hidden Service (HS) server implementation in Tor before 0.2.4.27,  ...)
 	{DSA-3216-1 DLA-187-1}
 	- tor 0.2.5.12-1
 	NOTE: https://trac.torproject.org/projects/tor/ticket/15600
@@ -19742,13 +19738,11 @@ CVE-2015-2677 (Multiple cross-site scripting (XSS) vulnerabilities in ocPortal b
 	- ocportal <itp> (bug #625865)
 CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 rou ...)
 	NOT-FOR-US: Asus
-CVE-2015-2689 [Assertion failure in dns.c, possibly connected to UDP DoS attack]
-	RESERVED
+CVE-2015-2689 (Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly hand ...)
 	{DSA-3203-1 DLA-178-1}
 	- tor 0.2.5.11-1
 	NOTE: https://bugs.torproject.org/14129
-CVE-2015-2688 [relay could crash with an assertion]
-	RESERVED
+CVE-2015-2688 (buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not ...)
 	{DSA-3203-1 DLA-178-1}
 	- tor 0.2.5.11-1
 	NOTE: https://trac.torproject.org/projects/tor/ticket/15083
@@ -22848,8 +22842,8 @@ CVE-2015-1532
 	RESERVED
 CVE-2015-1531
 	RESERVED
-CVE-2015-1530
-	RESERVED
+CVE-2015-1530 (media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows at ...)
+	TODO: check
 CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android ...)
 	NOT-FOR-US: Android
 CVE-2015-1528 (Integer overflow in the native_handle_create function in libcutils/nat ...)
@@ -22858,8 +22852,8 @@ CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows loc
 	NOT-FOR-US: Android
 CVE-2015-1526 (The media_server component in Android allows remote attackers to cause ...)
 	NOT-FOR-US: Android
-CVE-2015-1525
-	RESERVED
+CVE-2015-1525 (audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attacker ...)
+	TODO: check
 CVE-2015-1524
 	RESERVED
 CVE-2015-1523
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index dfc7953b8c..e18caeafa0 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -2041,10 +2041,10 @@ CVE-2019-19634 (class.upload.php in verot.net class.upload through 1.0.3 and 2.x
 	NOT-FOR-US: K2 extension for Joomla!
 CVE-2019-19633
 	RESERVED
-CVE-2019-19632
-	RESERVED
-CVE-2019-19631
-	RESERVED
+CVE-2019-19632 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...)
+	TODO: check
+CVE-2019-19631 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...)
+	TODO: check
 CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...)
 	{DLA-2026-1}
 	- htmldoc 1.9.7-1 (low)
@@ -2718,8 +2718,8 @@ CVE-2019-19365
 	RESERVED
 CVE-2019-19364 (A weak malicious user can escalate its privilege whenever CatalystProd ...)
 	NOT-FOR-US: Sony Catalyst Production Suite
-CVE-2019-19363
-	RESERVED
+CVE-2019-19363 (An issue was discovered in Ricoh (including Savin and Lanier) Windows  ...)
+	TODO: check
 CVE-2019-19362 (An issue was discovered in the Chat functionality of the TeamViewer de ...)
 	NOT-FOR-US: TeamViewer
 CVE-2019-19361
@@ -3935,8 +3935,8 @@ CVE-2019-18902
 	RESERVED
 CVE-2019-18901
 	RESERVED
-CVE-2019-18900
-	RESERVED
+CVE-2019-18900 (: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS  ...)
+	TODO: check
 CVE-2019-18899 (The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in use ...)
 	- apt-cacher-ng <not-affected> (openSUSE specific systemd service unit configuration)
 CVE-2019-18898 (UNIX Symbolic Link (Symlink) Following vulnerability in the trousers p ...)
@@ -43204,24 +43204,24 @@ CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the
 	[stretch] - linux 4.9.161-1
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1120386
 	NOTE: https://marc.info/?l=linux-netdev&m=154651842302479&w=2
-CVE-2019-3700
-	RESERVED
-CVE-2019-3699
-	RESERVED
+CVE-2019-3700 (yast2-security didn't use secure defaults to protect passwords. This b ...)
+	TODO: check
+CVE-2019-3699 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging  ...)
+	TODO: check
 CVE-2019-3698
 	RESERVED
-CVE-2019-3697
-	RESERVED
+CVE-2019-3697 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging  ...)
+	TODO: check
 CVE-2019-3696
 	RESERVED
 CVE-2019-3695
 	RESERVED
-CVE-2019-3694
-	RESERVED
-CVE-2019-3693
-	RESERVED
-CVE-2019-3692
-	RESERVED
+CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the packaging of  ...)
+	TODO: check
+CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman in SUSE  ...)
+	TODO: check
+CVE-2019-3692 (The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Fact ...)
+	TODO: check
 CVE-2019-3691 (A Symbolic Link (Symlink) Following vulnerability in the packaging of  ...)
 	TODO: check
 CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks before c ...)
@@ -43237,8 +43237,8 @@ CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before a
 CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...)
 	- squid <not-affected> (/usr/lib/squid/pinger permissions are root:root)
 	- squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root)
-CVE-2019-3687
-	RESERVED
+CVE-2019-3687 (The permission package in SUSE Linux Enterprise Server allowed all loc ...)
+	TODO: check
 CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...)
 	TODO: check
 CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index fcaac9a170..f106fcb87c 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,35 @@
+CVE-2020-7962
+	RESERVED
+CVE-2020-7961
+	RESERVED
+CVE-2020-7960
+	RESERVED
+CVE-2020-7959
+	RESERVED
+CVE-2020-7958
+	RESERVED
+CVE-2020-7957
+	RESERVED
+CVE-2020-7956
+	RESERVED
+CVE-2020-7955
+	RESERVED
+CVE-2020-7954
+	RESERVED
+CVE-2020-7953
+	RESERVED
+CVE-2020-7952
+	RESERVED
+CVE-2020-7951
+	RESERVED
+CVE-2020-7950
+	RESERVED
+CVE-2020-7949
+	RESERVED
+CVE-2020-7948
+	RESERVED
+CVE-2020-7947
+	RESERVED
 CVE-2020-7946
 	RESERVED
 CVE-2020-7945
@@ -1442,8 +1474,8 @@ CVE-2020-7228 (The Calculated Fields Form plugin through 1.0.353 for WordPress s
 	NOT-FOR-US: Calculated Fields Form plugin for WordPress
 CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...)
 	NOT-FOR-US: Westermo MRD-315 devices
-CVE-2020-7226
-	RESERVED
+CVE-2020-7226 (CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and  ...)
+	TODO: check
 CVE-2020-7225
 	RESERVED
 CVE-2020-7224
@@ -2004,18 +2036,18 @@ CVE-2020-6968
 	RESERVED
 CVE-2020-6967
 	RESERVED
-CVE-2020-6966
-	RESERVED
-CVE-2020-6965
-	RESERVED
-CVE-2020-6964
-	RESERVED
-CVE-2020-6963
-	RESERVED
-CVE-2020-6962
-	RESERVED
-CVE-2020-6961
-	RESERVED
+CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
+	TODO: check
+CVE-2020-6965 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
+	TODO: check
+CVE-2020-6964 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
+	TODO: check
+CVE-2020-6963 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
+	TODO: check
+CVE-2020-6962 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...)
+	TODO: check
+CVE-2020-6961 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...)
+	TODO: check
 CVE-2020-6960 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...)
 	NOT-FOR-US: Honeywell
 CVE-2020-6959 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...)
@@ -5577,8 +5609,8 @@ CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user
 	NOT-FOR-US: uftpd
 CVE-2020-5220
 	RESERVED
-CVE-2020-5219
-	RESERVED
+CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...)
+	TODO: check
 CVE-2020-5218
 	RESERVED
 CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)