automatic update

3 files changed, 101 insertions, 60 deletions

diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 0e83507faa..a43c1e2e90 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -11712,8 +11712,8 @@ CVE-2015-5438
 	REJECTED
 CVE-2015-5437
 	REJECTED
-CVE-2015-5436
-	REJECTED
+CVE-2015-5436 (A potential security vulnerability has been identified with HP Integra ...)
+	TODO: check
 CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 ...)
 	NOT-FOR-US: HP
 CVE-2015-5434 (HPE Networking Products, originally branded as Comware 5, Comware 7, H ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 55a8601493..c5db0e0216 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -12311,16 +12311,16 @@ CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the asset
 	NOT-FOR-US: baijiacms
 CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...)
 	NOT-FOR-US: baijiacms
-CVE-2018-16723
-	RESERVED
-CVE-2018-16722
-	RESERVED
-CVE-2018-16721
-	RESERVED
-CVE-2018-16720
-	RESERVED
-CVE-2018-16719
-	RESERVED
+CVE-2018-16723 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
+	TODO: check
+CVE-2018-16722 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
+	TODO: check
+CVE-2018-16721 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
+	TODO: check
+CVE-2018-16720 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
+	TODO: check
+CVE-2018-16719 (In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows  ...)
+	TODO: check
 CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26  ...)
 	NOT-FOR-US: NCBI ToolBox
 CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 th ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index a0ed849889..a526ba328b 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,47 @@
+CVE-2020-29005
+	RESERVED
+CVE-2020-29004
+	RESERVED
+CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via an answ ...)
+	TODO: check
+CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki ...)
+	TODO: check
+CVE-2020-29001
+	RESERVED
+CVE-2020-29000
+	RESERVED
+CVE-2020-28999
+	RESERVED
+CVE-2020-28998
+	RESERVED
+CVE-2020-28997
+	RESERVED
+CVE-2020-28996
+	RESERVED
+CVE-2020-28995
+	RESERVED
+CVE-2020-28994
+	RESERVED
+CVE-2020-28993
+	RESERVED
+CVE-2020-28992
+	RESERVED
+CVE-2020-28991 (Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git proto ...)
+	TODO: check
+CVE-2020-28990
+	RESERVED
+CVE-2020-28989
+	RESERVED
+CVE-2020-28988
+	RESERVED
+CVE-2020-28987
+	RESERVED
+CVE-2020-28986
+	RESERVED
+CVE-2020-28985
+	RESERVED
+CVE-2020-28983
+	RESERVED
 CVE-2020-28982
 	RESERVED
 CVE-2020-28981
@@ -12,10 +56,10 @@ CVE-2020-28977
 	RESERVED
 CVE-2020-28976
 	RESERVED
-CVE-2020-28984 [identified authors can execute arbitrary PHP code]
+CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does ...)
 	- spip 3.2.8-1
 	NOTE: https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8
-CVE-2020-28975 (svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn  ...)
+CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used i ...)
 	TODO: check
 CVE-2020-28973
 	RESERVED
@@ -131,8 +175,8 @@ CVE-2020-28928 [wcsnrtombs destination buffer overflow]
 	- musl <unfixed> (bug #975365)
 	[buster] - musl <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4
-CVE-2020-28927
-	RESERVED
+CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User Registration sectio ...)
+	TODO: check
 CVE-2020-28926
 	RESERVED
 CVE-2020-28925
@@ -1335,8 +1379,8 @@ CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5.
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/2
 CVE-2020-28361 (Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy So ...)
 	TODO: check, this might be specific to Kamailio as used in the specified product
-CVE-2020-28360
-	RESERVED
+CVE-2020-28360 (Insufficient RegEx in private-ip npm package v1.0.5 and below insuffic ...)
+	TODO: check
 CVE-2020-28359
 	RESERVED
 CVE-2020-28358
@@ -1359,8 +1403,8 @@ CVE-2020-28350 (A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sok
 	NOT-FOR-US: SOWA SowaSQL
 CVE-2020-28349 (** DISPUTED ** An inaccurate frame deduplication process in ChirpStack ...)
 	NOT-FOR-US: ChirpStack Network Server
-CVE-2020-28348
-	RESERVED
+CVE-2020-28348 (HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker  ...)
+	TODO: check
 CVE-2020-28347 (tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows rem ...)
 	NOT-FOR-US: TP-Link
 CVE-2020-28346
@@ -4555,8 +4599,8 @@ CVE-2020-26892 (The JWT library in NATS nats-server before 2.1.9 has Incorrect A
 CVE-2020-26891 (AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS d ...)
 	- matrix-synapse 1.21.1-1
 	NOTE: https://github.com/matrix-org/synapse/pull/8444
-CVE-2020-26890
-	RESERVED
+CVE-2020-26890 (Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Inf ...)
+	TODO: check
 CVE-2020-26889
 	RESERVED
 CVE-2020-26888
@@ -5917,16 +5961,16 @@ CVE-2020-26233
 	RESERVED
 CVE-2020-26232
 	RESERVED
-CVE-2020-26231
-	RESERVED
+CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based on the  ...)
+	TODO: check
 CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app for Spa ...)
 	NOT-FOR-US: Radar COVID
-CVE-2020-26229
-	RESERVED
-CVE-2020-26228
-	RESERVED
-CVE-2020-26227
-	RESERVED
+CVE-2020-26229 (TYPO3 is an open source PHP based web content management system. In TY ...)
+	TODO: check
+CVE-2020-26228 (TYPO3 is an open source PHP based web content management system. In TY ...)
+	TODO: check
+CVE-2020-26227 (TYPO3 is an open source PHP based web content management system. In TY ...)
+	TODO: check
 CVE-2020-26226 (In the npm package semantic-release before version 17.2.3, secrets tha ...)
 	NOT-FOR-US: semantic-release nodejs module
 CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an attacker could ...)
@@ -7148,8 +7192,7 @@ CVE-2020-25697
 	RESERVED
 	NOTE: Long-standing design limitation in X11, unlikely to get fixed until the world moves to Wayland
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3
-CVE-2020-25696 [psql's \gset allows overwriting specially treated variables]
-	RESERVED
+CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL in ver ...)
 	- postgresql-13 13.1-1
 	- postgresql-12 <unfixed>
 	- postgresql-11 <removed>
@@ -7188,8 +7231,7 @@ CVE-2020-25690
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188
 CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...)
 	- wildfly <itp> (bug #752018)
-CVE-2020-25688
-	RESERVED
+CVE-2020-25688 (A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two  ...)
 	NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM)
 CVE-2020-25687
 	RESERVED
@@ -7259,8 +7301,7 @@ CVE-2020-25662 (A Red Hat only CVE-2020-12352 regression issue was found in the
 	- linux <not-affected> (Red Hat-specific regression)
 CVE-2020-25661 (A Red Hat only CVE-2020-12351 regression issue was found in the way th ...)
 	- linux <not-affected> (Red Hat-specific regression)
-CVE-2020-25660 [cephx authentication protocol does not verify ceph clients correctly]
-	RESERVED
+CVE-2020-25660 (A flaw was found in the Cephx authentication protocol in versions befo ...)
 	- ceph <unfixed> (bug #975275)
 	[buster] - ceph <not-affected> (Vulnerable code introduced later)
 	[stretch] - ceph <not-affected> (Vulnerable code introduced later)
@@ -10506,8 +10547,8 @@ CVE-2020-24229
 	RESERVED
 CVE-2020-24228
 	RESERVED
-CVE-2020-24227
-	RESERVED
+CVE-2020-24227 (Playground Sessions v2.5.582 (and earlier) for Windows, stores the use ...)
+	TODO: check
 CVE-2020-24226
 	RESERVED
 CVE-2020-24225
@@ -27459,10 +27500,10 @@ CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attack
 	NOT-FOR-US: Netwrix Account Lockout Examiner
 CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...)
 	NOT-FOR-US: Joplin desktop
-CVE-2020-15929
-	RESERVED
-CVE-2020-15928
-	RESERVED
+CVE-2020-15929 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...)
+	TODO: check
+CVE-2020-15928 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...)
+	TODO: check
 CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows  ...)
 	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...)
@@ -28744,10 +28785,10 @@ CVE-2020-15439
 	RESERVED
 CVE-2020-15438
 	RESERVED
-CVE-2020-15437
-	RESERVED
-CVE-2020-15436
-	RESERVED
+CVE-2020-15437 (The Linux kernel before version 5.8 is vulnerable to a NULL pointer de ...)
+	TODO: check
+CVE-2020-15436 (Use-after-free vulnerability in fs/block_dev.c in the Linux kernel bef ...)
+	TODO: check
 CVE-2020-15435 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: CentOS-WebPanel.com
 CVE-2020-15434 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -29182,14 +29223,14 @@ CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule Temp
 	[buster] - junit4 <no-dsa> (Minor issue)
 	NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
 	NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
-CVE-2020-15249
-	RESERVED
-CVE-2020-15248
-	RESERVED
-CVE-2020-15247
-	RESERVED
-CVE-2020-15246
-	RESERVED
+CVE-2020-15249 (October is a free, open-source, self-hosted CMS platform based on the  ...)
+	TODO: check
+CVE-2020-15248 (October is a free, open-source, self-hosted CMS platform based on the  ...)
+	TODO: check
+CVE-2020-15247 (October is a free, open-source, self-hosted CMS platform based on the  ...)
+	TODO: check
+CVE-2020-15246 (October is a free, open-source, self-hosted CMS platform based on the  ...)
+	TODO: check
 CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...)
 	NOT-FOR-US: Sylius
 CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before versions 19. ...)
@@ -52813,8 +52854,8 @@ CVE-2020-5676
 	RESERVED
 CVE-2020-5675
 	RESERVED
-CVE-2020-5674
-	RESERVED
+CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...)
+	TODO: check
 CVE-2020-5673
 	RESERVED
 CVE-2020-5672
@@ -52879,8 +52920,8 @@ CVE-2020-5643 (Improper input validation vulnerability in Cybozu Garoon 5.0.0 to
 	NOT-FOR-US: Cybozu Garoon
 CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...)
 	NOT-FOR-US: Live Chat
-CVE-2020-5641
-	RESERVED
+CVE-2020-5641 (Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware v ...)
+	TODO: check
 CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier  ...)
 	NOT-FOR-US: OneThird CMS
 CVE-2020-5639
@@ -56360,8 +56401,8 @@ CVE-2020-4008
 	RESERVED
 CVE-2020-4007
 	RESERVED
-CVE-2020-4006
-	RESERVED
+CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity Manager, and I ...)
+	TODO: check
 CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...)
 	NOT-FOR-US: VMware
 CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...)