automatic update

2 files changed, 39 insertions, 37 deletions

diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index 8a05ef58fa..99e8cf59dd 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -3868,17 +3868,17 @@ CVE-2019-19419
 	RESERVED
 CVE-2019-19418
 	RESERVED
-CVE-2019-19417
-	RESERVED
-CVE-2019-19416
-	RESERVED
-CVE-2019-19415
-	RESERVED
+CVE-2019-19417 (The SIP module of some Huawei products have a denial of service (DoS)  ...)
+	TODO: check
+CVE-2019-19416 (The SIP module of some Huawei products have a denial of service (DoS)  ...)
+	TODO: check
+CVE-2019-19415 (The SIP module of some Huawei products have a denial of service (DoS)  ...)
+	TODO: check
 CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of some Huaw ...)
 	NOT-FOR-US: Huawei
 CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...)
 	NOT-FOR-US: Huawei
-CVE-2019-19412 (Some Huawei smart phones have a Factory Reset Protection (FRP) bypass  ...)
+CVE-2019-19412 (Huawei smart phones have a Factory Reset Protection (FRP) bypass secur ...)
 	NOT-FOR-US: Huawei
 CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...)
 	NOT-FOR-US: Huawei
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 9e2a4b3a8d..1744ba89fc 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -2455,7 +2455,7 @@ CVE-2020-14478
 CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...)
 	NOT-FOR-US: Philips
 CVE-2020-14476
-	RESERVED
+	REJECTED
 CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...)
 	- dolibarr <removed>
 	NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08
@@ -8328,8 +8328,8 @@ CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache T
 	NOTE: https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552 (8.5.56)
 CVE-2020-11995
 	RESERVED
-CVE-2020-11994
-	RESERVED
+CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure on Camel  ...)
+	TODO: check
 CVE-2020-11993
 	RESERVED
 CVE-2020-11992
@@ -8339,6 +8339,7 @@ CVE-2020-11991
 CVE-2020-11990
 	RESERVED
 CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...)
+	{DLA-2273-1}
 	- shiro <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1
 	NOTE: https://github.com/apache/shiro/pull/211
@@ -8692,8 +8693,8 @@ CVE-2020-11851
 	RESERVED
 CVE-2020-11850
 	RESERVED
-CVE-2020-11849
-	RESERVED
+CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...)
+	TODO: check
 CVE-2020-11848
 	RESERVED
 CVE-2020-11847
@@ -10541,7 +10542,7 @@ CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smu
 	NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
 CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...)
 	NOT-FOR-US: Anchore Engine
-CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.7.6, there i ...)
+CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there i ...)
 	NOT-FOR-US: PrestaShop
 CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...)
 	NOT-FOR-US: zsh-autoswitch-virtualenv
@@ -11066,6 +11067,7 @@ CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with r
 CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...)
 	NOT-FOR-US: Acyba AcyMailing
 CVE-2020-10933 (An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ...)
+	{DSA-4721-1}
 	- ruby2.7 2.7.1-1
 	- ruby2.5 <removed>
 	- ruby2.3 <not-affected> (Vulnerable code introduced in 2.5.0)
@@ -11873,7 +11875,7 @@ CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY
 CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019  ...)
 	NOT-FOR-US: VxWorks
 CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...)
-	{DLA-2192-1 DLA-2190-1}
+	{DSA-4721-1 DLA-2192-1 DLA-2190-1}
 	- ruby-json 2.3.0+dfsg-1
 	[buster] - ruby-json <no-dsa> (Minor issue)
 	[stretch] - ruby-json <no-dsa> (Minor issue)
@@ -12499,7 +12501,7 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libIma
 	[jessie] - pillow <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538
 	NOTE: Fixed in 6.2.3 and 7.1.0
-CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, ...)
+CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.0.1, an out-of-bou ...)
 	- pillow <unfixed>
 	[jessie] - pillow <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538
@@ -12936,7 +12938,7 @@ CVE-2020-10179
 	RESERVED
 CVE-2020-10178
 	REJECTED
-CVE-2020-10177 (Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds re ...)
+CVE-2020-10177 (Pillow before 7.0.1 has multiple out-of-bounds reads in libImaging/Fli ...)
 	- pillow <unfixed>
 	[jessie] - pillow <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4503
@@ -19644,8 +19646,8 @@ CVE-2020-7142
 	RESERVED
 CVE-2020-7141
 	RESERVED
-CVE-2020-7140
-	RESERVED
+CVE-2020-7140 (A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gatew ...)
+	TODO: check
 CVE-2020-7139 (Potential remote access security vulnerabilities have been identified  ...)
 	NOT-FOR-US: HPE
 CVE-2020-7138 (Potential remote code execution security vulnerabilities have been ide ...)
@@ -20166,8 +20168,8 @@ CVE-2020-6940
 	RESERVED
 CVE-2020-6939
 	RESERVED
-CVE-2020-6938
-	RESERVED
+CVE-2020-6938 (A sensitive information disclosure vulnerability in Tableau Server 10. ...)
+	TODO: check
 CVE-2020-6937 (A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, ...)
 	NOT-FOR-US: MuleSoft
 CVE-2020-6936
@@ -22900,8 +22902,8 @@ CVE-2020-5841 (An issue was discovered in OpServices OpMon 9.3.1-1. Using passwo
 	NOT-FOR-US: OpServices OpMon
 CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/R ...)
 	NOT-FOR-US: HashBrown CMS
-CVE-2020-5839
-	RESERVED
+CVE-2020-5839 (Symantec Endpoint Detection And Response, prior to 4.4, may be suscept ...)
+	TODO: check
 CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...)
 	NOT-FOR-US: Symantec
 CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...)
@@ -23050,8 +23052,8 @@ CVE-2020-5766
 	RESERVED
 CVE-2020-5765
 	RESERVED
-CVE-2020-5764
-	RESERVED
+CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...)
+	TODO: check
 CVE-2020-5763
 	RESERVED
 CVE-2020-5762
@@ -26815,8 +26817,8 @@ CVE-2020-3975
 	RESERVED
 CVE-2020-3974
 	RESERVED
-CVE-2020-3973
-	RESERVED
+CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input validation whi ...)
+	TODO: check
 CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...)
 	NOT-FOR-US: VMware
 CVE-2020-3971 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
@@ -26899,8 +26901,8 @@ CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance M
 	NOT-FOR-US: Secom Co. Dr.ID
 CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may ...)
 	NOT-FOR-US: Draytek VigorAP910C
-CVE-2020-3931
-	RESERVED
+CVE-2020-3931 (Buffer overflow exists in Geovision Door Access Control device family, ...)
+	TODO: check
 CVE-2020-3930 (GeoVision Door Access Control device family improperly stores and cont ...)
 	NOT-FOR-US: GeoVision Door Access Control
 CVE-2020-3929 (GeoVision Door Access Control device family employs shared cryptograph ...)
@@ -30984,16 +30986,16 @@ CVE-2020-2036
 	RESERVED
 CVE-2020-2035
 	RESERVED
-CVE-2020-2034
-	RESERVED
+CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS GlobalProtect port ...)
+	TODO: check
 CVE-2020-2033 (When the pre-logon feature is enabled, a missing certification validat ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2020-2032 (A race condition vulnerability Palo Alto Networks GlobalProtect app on ...)
 	NOT-FOR-US: Palo Alto Networks
-CVE-2020-2031
-	RESERVED
-CVE-2020-2030
-	RESERVED
+CVE-2020-2031 (An integer underflow vulnerability in the dnsproxyd component of the P ...)
+	TODO: check
+CVE-2020-2030 (An OS Command Injection vulnerability in the PAN-OS management interfa ...)
+	TODO: check
 CVE-2020-2029 (An OS Command Injection vulnerability in the PAN-OS web management int ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2020-2028 (An OS Command Injection vulnerability in PAN-OS management server allo ...)
@@ -31096,8 +31098,8 @@ CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of lib
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed
 	NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
-CVE-2020-1982
-	RESERVED
+CVE-2020-1982 (Certain communication between PAN-OS and cloud-delivered services inad ...)
+	TODO: check
 CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local  ...)
 	NOT-FOR-US: PAN-OS
 CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...)
@@ -31152,7 +31154,7 @@ CVE-2020-1959 (A Server-Side Template Injection was identified in Apache Syncope
 CVE-2020-1958 (When LDAP authentication is enabled in Apache Druid 0.17.0, callers of ...)
 	- druid <itp> (bug #825797)
 CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...)
-	{DLA-2181-1}
+	{DLA-2273-1 DLA-2181-1}
 	- shiro <unfixed> (bug #955018)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
 	NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139