automatic update

1 files changed, 103 insertions, 49 deletions

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 2b390eaf19..ce69341f10 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,29 +1,85 @@
-CVE-2020-13815
+CVE-2020-13843
 	RESERVED
-CVE-2020-13814
+CVE-2020-13842
 	RESERVED
-CVE-2020-13813
+CVE-2020-13841
 	RESERVED
-CVE-2020-13812
+CVE-2020-13840
 	RESERVED
-CVE-2020-13811
+CVE-2020-13839
 	RESERVED
-CVE-2020-13810
+CVE-2020-13838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+	TODO: check
+CVE-2020-13837 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+	TODO: check
+CVE-2020-13836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+	TODO: check
+CVE-2020-13835 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...)
+	TODO: check
+CVE-2020-13834 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+	TODO: check
+CVE-2020-13833 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+	TODO: check
+CVE-2020-13832 (An issue was discovered on Samsung mobile devices with Q(10.0) (with T ...)
+	TODO: check
+CVE-2020-13831 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
+	TODO: check
+CVE-2020-13830 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
+	TODO: check
+CVE-2020-13829 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+	TODO: check
+CVE-2020-13828
 	RESERVED
-CVE-2020-13809
+CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/a ...)
+	TODO: check
+CVE-2020-13826
 	RESERVED
-CVE-2020-13808
+CVE-2020-13825
 	RESERVED
-CVE-2020-13807
+CVE-2020-13824
 	RESERVED
-CVE-2020-13806
+CVE-2020-13823
 	RESERVED
-CVE-2020-13805
+CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...)
+	TODO: check
+CVE-2020-13821
 	RESERVED
-CVE-2020-13804
+CVE-2020-13820
 	RESERVED
-CVE-2020-13803
+CVE-2020-13819
+	RESERVED
+CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when <cachestart>  ...)
+	TODO: check
+CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...)
+	TODO: check
+CVE-2020-13816
 	RESERVED
+CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...)
+	TODO: check
+CVE-2020-13814 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...)
+	TODO: check
+CVE-2020-13813 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...)
+	TODO: check
+CVE-2020-13812 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...)
+	TODO: check
+CVE-2020-13811 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has ...)
+	TODO: check
+CVE-2020-13810 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+	TODO: check
+CVE-2020-13809 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+	TODO: check
+CVE-2020-13808 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+	TODO: check
+CVE-2020-13807 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+	TODO: check
+CVE-2020-13806 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+	TODO: check
+CVE-2020-13805 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+	TODO: check
+CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+	TODO: check
+CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...)
+	TODO: check
 CVE-2020-13802
 	RESERVED
 CVE-2020-13801
@@ -52,16 +108,14 @@ CVE-2020-XXXX [Cross-Site Scripting (XSS) vulnerability in template object 'user
 	- roundcube 1.4.5+dfsg.1-1 (bug #962123)
 	NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5
 	NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19
-CVE-2020-13800 [ati-vga: infinite recursion in ati_mm_read/write calls may lead to DoS]
-	RESERVED
+CVE-2020-13800 (ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ...)
 	- qemu <unfixed>
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/2
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00833.html
-CVE-2020-13791 [ati-vga: OOB access while reading PCI configuration may lead to DoS]
-	RESERVED
+CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of- ...)
 	- qemu <unfixed>
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -127,8 +181,7 @@ CVE-2020-13767
 	RESERVED
 CVE-2020-13766
 	RESERVED
-CVE-2020-13765 [loader: OOB access while loading registered ROM may lead to code execution]
-	RESERVED
+CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...)
 	- qemu 1:4.2-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319
@@ -286,8 +339,8 @@ CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition thro
 	NOT-FOR-US: QuickBox
 CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...)
 	NOT-FOR-US: bbPress plugin for WordPress
-CVE-2020-13692
-	RESERVED
+CVE-2020-13692 (PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. ...)
+	TODO: check
 CVE-2020-13691
 	RESERVED
 CVE-2020-13690
@@ -492,6 +545,7 @@ CVE-2020-13598
 CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...)
 	TODO: check
 CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
+	{DLA-2233-1}
 	- python-django 2:2.2.13-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1
 	NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master)
@@ -1216,6 +1270,7 @@ CVE-2020-13256
 CVE-2020-13255
 	RESERVED
 CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
+	{DLA-2233-1}
 	- python-django 2:2.2.13-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1
 	NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master)
@@ -2103,8 +2158,8 @@ CVE-2020-12855
 	RESERVED
 CVE-2020-12854
 	RESERVED
-CVE-2020-12853
-	RESERVED
+CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...)
+	TODO: check
 CVE-2020-12852
 	RESERVED
 CVE-2020-12851
@@ -4891,12 +4946,12 @@ CVE-2020-11683
 	RESERVED
 CVE-2020-11682
 	RESERVED
-CVE-2020-11681
-	RESERVED
-CVE-2020-11680
-	RESERVED
-CVE-2020-11679
-	RESERVED
+CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...)
+	TODO: check
+CVE-2020-11680 (Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all ...)
+	TODO: check
+CVE-2020-11679 (Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation throug ...)
+	TODO: check
 CVE-2020-11678
 	RESERVED
 CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...)
@@ -7393,8 +7448,7 @@ CVE-2020-10703 (A NULL pointer dereference was found in the libvirt API responsi
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725
 	NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1)
 	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1)
-CVE-2020-10702 [weak signature generation in Pointer Authentication support for ARM]
-	RESERVED
+CVE-2020-10702 (A flaw was found in QEMU in the implementation of the Pointer Authenti ...)
 	- qemu 1:4.2-5
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -10136,8 +10190,8 @@ CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP
 	NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000
 CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary  ...)
 	- centreon-web <itp> (bug #913903)
-CVE-2020-9462
-	RESERVED
+CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro devices up to ...)
+	TODO: check
 CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...)
 	NOT-FOR-US: Octech Oempro
 CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...)
@@ -10566,8 +10620,8 @@ CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0
 	NOT-FOR-US: FortiMail Fortiguard
 CVE-2020-9293
 	RESERVED
-CVE-2020-9292
-	RESERVED
+CVE-2020-9292 (An unquoted service path vulnerability in the FortiSIEM Windows Agent  ...)
+	TODO: check
 CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...)
 	NOT-FOR-US: Fortiguard / FortiClient for Windows
 CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online  ...)
@@ -14136,8 +14190,8 @@ CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of
 	TODO: check
 CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of Servic ...)
 	TODO: check
-CVE-2020-7661
-	RESERVED
+CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial  ...)
+	TODO: check
 CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject  ...)
 	TODO: check
 CVE-2020-7659 (reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...)
@@ -16506,8 +16560,8 @@ CVE-2020-6642
 	RESERVED
 CVE-2020-6641
 	RESERVED
-CVE-2020-6640
-	RESERVED
+CVE-2020-6640 (An improper neutralization of input vulnerability in the Admin Profile ...)
+	TODO: check
 CVE-2020-6639
 	RESERVED
 CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
@@ -21201,8 +21255,8 @@ CVE-2020-4511
 	RESERVED
 CVE-2020-4510
 	RESERVED
-CVE-2020-4509
-	RESERVED
+CVE-2020-4509 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity In ...)
+	TODO: check
 CVE-2020-4508
 	RESERVED
 CVE-2020-4507
@@ -21833,12 +21887,12 @@ CVE-2020-4195 (IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a rem
 	NOT-FOR-US: IBM
 CVE-2020-4194
 	RESERVED
-CVE-2020-4193
-	RESERVED
+CVE-2020-4193 (IBM Security Guardium 11.1 uses an inadequate account lockout setting  ...)
+	TODO: check
 CVE-2020-4192
 	RESERVED
-CVE-2020-4191
-	RESERVED
+CVE-2020-4191 (IBM Security Guardium 11.1 uses weaker than expected cryptographic alg ...)
+	TODO: check
 CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credent ...)
 	NOT-FOR-US: IBM
 CVE-2020-4189
@@ -21853,8 +21907,8 @@ CVE-2020-4185
 	RESERVED
 CVE-2020-4184
 	RESERVED
-CVE-2020-4183
-	RESERVED
+CVE-2020-4183 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...)
+	TODO: check
 CVE-2020-4182 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2020-4181
@@ -22669,11 +22723,11 @@ CVE-2020-3814
 CVE-2020-3813
 	RESERVED
 CVE-2020-3812 (qmail-verify as used in netqmail 1.06 is prone to an information discl ...)
-	{DSA-4692-1}
+	{DSA-4692-1 DLA-2234-1}
 	- netqmail 1.06-6.2 (bug #961060)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
 CVE-2020-3811 (qmail-verify as used in netqmail 1.06 is prone to a mail-address verif ...)
-	{DSA-4692-1}
+	{DSA-4692-1 DLA-2234-1}
 	- netqmail 1.06-6.2 (bug #961060)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
 CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...)