automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-01-27 20:10:29 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-01-27 20:10:29 +0000
commit: a59703149cf62526da91796c2586921ba0e21bdc (patch)
tree: 3a885ddc452b3d0deab785e6c5192dfa4b70e15b
parent: 184c6ad7af56619ece4e911182c12dfb24431fe1 (diff)
10 files changed, 291 insertions, 138 deletions
diff --git a/data/CVE/list.2006 b/data/CVE/list.2006
index 5dfaf300b1..4f4710966f 100644
--- a/data/CVE/list.2006
+++ b/data/CVE/list.2006
@@ -17,8 +17,7 @@ CVE-2006-7248
 	REJECTED
 CVE-2006-7247 (SQL injection vulnerability in the Weblinks (com_weblinks) component f ...)
 	NOT-FOR-US: Joomla!
-CVE-2006-7246
-	RESERVED
+CVE-2006-7246 (NetworkManager 0.9.x does not pin a certificate's subject to an ESSID  ...)
 	- wpasupplicant 0.7.3-1
 	[squeeze] - wpasupplicant <no-dsa> (Minor issue)
 	- network-manager 0.9.4.0-1
diff --git a/data/CVE/list.2011 b/data/CVE/list.2011
index a27227c6e9..01f5a2f054 100644
--- a/data/CVE/list.2011
+++ b/data/CVE/list.2011
@@ -1796,8 +1796,7 @@ CVE-2011-4560 (Cross-site scripting (XSS) vulnerability in the Petition Node mod
 	NOT-FOR-US: Petition node module for Drupal
 CVE-2011-4559 (SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 ...)
 	NOT-FOR-US: vTiger
-CVE-2011-4558
-	RESERVED
+CVE-2011-4558 (Tiki 8.2 and earlier allows remote administrators to execute arbitrary ...)
 	- tikiwiki <removed>
 	NOTE: http://dev.tiki.org/item4059
 	NOTE: http://info.tiki.org/article185-Tiki-Security-Patches-Available-for-8-3-and-6-6-LTS
diff --git a/data/CVE/list.2012 b/data/CVE/list.2012
index 77a6b283ce..0b037010e2 100644
--- a/data/CVE/list.2012
+++ b/data/CVE/list.2012
@@ -12902,10 +12902,10 @@ CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Web
 CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before 5.0 ...)
 	{DSA-2423-1}
 	- movabletype-opensource 5.1.3+dfsg-1
-CVE-2012-1496
-	RESERVED
-CVE-2012-1495
-	RESERVED
+CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...)
+	TODO: check
+CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote attackers  ...)
+	TODO: check
 CVE-2012-1102 [XML::Atom Perl module XML entity expansion]
 	RESERVED
 	{DSA-2424-1}
diff --git a/data/CVE/list.2013 b/data/CVE/list.2013
index 3200c68e4d..3c5950e661 100644
--- a/data/CVE/list.2013
+++ b/data/CVE/list.2013
@@ -355,8 +355,8 @@ CVE-2013-7392 (Gitlist allows remote attackers to execute arbitrary commands via
 	- gitlist <itp> (bug #750368)
 CVE-2013-7391 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using th ...)
 	NOT-FOR-US: Drupal contributed module Entity API
-CVE-2013-7390
-	RESERVED
+CVE-2013-7390 (Unrestricted file upload vulnerability in AgentLogUploadServlet in Man ...)
+	TODO: check
 CVE-2013-7389 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645  ...)
 	NOT-FOR-US: D-Link router
 CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (f ...)
@@ -3926,8 +3926,8 @@ CVE-2013-6058 (SQL injection vulnerability in appRain CMF 3.0.2 and earlier allo
 	NOT-FOR-US: appRain CMS
 CVE-2013-6057
 	RESERVED
-CVE-2013-6056
-	RESERVED
+CVE-2013-6056 (OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerabilit ...)
+	TODO: check
 CVE-2013-6055
 	REJECTED
 CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and  ...)
@@ -4887,8 +4887,8 @@ CVE-2013-5661 (Cache Poisoning issue exists in DNS Response Rate Limiting. ...)
 	NOTE: https://www.isc.org/blogs/cache-poisoning-gets-a-second-wind-from-rrl-probably-not/
 CVE-2013-5660 (Buffer overflow in Power Software WinArchiver 3.2 allows remote attack ...)
 	NOT-FOR-US: Power Software WinArchiver
-CVE-2013-5659
-	RESERVED
+CVE-2013-5659 (Wiz 5.0.3 has a user mode write access violation ...)
+	TODO: check
 CVE-2013-5658 (AultWare pwStore 2010.8.30.0 has XSS ...)
 	NOT-FOR-US: AultWare pwStore
 CVE-2013-5657 (AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request ...)
@@ -6931,8 +6931,8 @@ CVE-2013-4772 (D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wire
 	NOT-FOR-US: D-Link
 CVE-2013-4771
 	RESERVED
-CVE-2013-4770
-	RESERVED
+CVE-2013-4770 (Cross-site scripting (XSS) vulnerability in Eucalyptus Management Cons ...)
+	TODO: check
 CVE-2013-4769 (The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x ...)
 	- eucalyptus <removed>
 CVE-2013-4768 (The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote att ...)
@@ -7857,8 +7857,7 @@ CVE-2013-4464
 CVE-2013-4463 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly ...)
 	- nova 2013.2-3 (low; bug #728605)
 	[wheezy] - nova <no-dsa> (Minor issue)
-CVE-2013-4462
-	RESERVED
+CVE-2013-4462 (WordPress Portable phpMyAdmin Plugin has an authentication bypass vuln ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2013-4461 (SQL injection vulnerability in the web interface for cumin in Red Hat  ...)
 	NOT-FOR-US: Cumin
@@ -7923,8 +7922,7 @@ CVE-2013-4442 (Password Generator (aka Pwgen) before 2.07 uses weak pseudo gener
 	- pwgen 2.07-1 (unimportant; bug #767008)
 	NOTE: /dev/random is universally available, if an attacker can create an environment
 	NOTE: where it's not available that opens a far bigger can of worms
-CVE-2013-4441 [Phonemes mode has heavy bias and is enabled by default]
-	RESERVED
+CVE-2013-4441 (The Phonemes mode in Pwgen 2.06 generates predictable passwords, which ...)
 	- pwgen <unfixed> (unimportant; bug #726578)
 	NOTE: pwgen is documented to generate memorable passwords, so this is by design
 CVE-2013-4440 (Password Generator (aka Pwgen) before 2.07 generates weak non-tty pass ...)
@@ -10519,10 +10517,10 @@ CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.
 	NOTE: Hardware design flaw, no software solution
 CVE-2013-3494
 	RESERVED
-CVE-2013-3493
-	RESERVED
-CVE-2013-3492
-	RESERVED
+CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...)
+	TODO: check
+CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...)
+	TODO: check
 CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Shar ...)
 	NOT-FOR-US: WordPress plugin sharebar
 CVE-2013-3490
@@ -10533,8 +10531,8 @@ CVE-2013-3488
 	RESERVED
 CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security lo ...)
 	NOT-FOR-US: BulletProof Security plugin for WordPress
-CVE-2013-3486
-	RESERVED
+CVE-2013-3486 (IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerabilit ...)
+	TODO: check
 CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.105 ...)
 	NOT-FOR-US: Soda PDF
 CVE-2013-3484 (Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2 ...)
@@ -19307,8 +19305,8 @@ CVE-2013-0288 (nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows contex
 CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SSSD) 1 ...)
 	- sssd <not-affected> (Introduced in 1.9.0)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
-CVE-2013-0286
-	RESERVED
+CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...)
+	TODO: check
 CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before  ...)
 	NOT-FOR-US: nori Ruby gem
 CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communic ...)
diff --git a/data/CVE/list.2014 b/data/CVE/list.2014
index 2deb1d1a1f..9eaef3e73a 100644
--- a/data/CVE/list.2014
+++ b/data/CVE/list.2014
@@ -3008,8 +3008,7 @@ CVE-2014-9489 (The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.
 	NOT-FOR-US: Gollum wiki
 CVE-2014-9487 (The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.1 ...)
 	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
-CVE-2014-9481
-	RESERVED
+CVE-2014-9481 (The Scribunto extension for MediaWiki allows remote attackers to obtai ...)
 	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
 CVE-2014-9480 (Cross-site scripting (XSS) vulnerability in the Hovercards extension f ...)
 	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
@@ -4873,10 +4872,10 @@ CVE-2014-8767 (Integer underflow in the olsr_print function in tcpdump 3.9.6 thr
 	{DSA-3086-1 DLA-102-1}
 	- tcpdump 4.6.2-2 (bug #770434)
 	NOTE: http://www.securityfocus.com/archive/1/534011/30/0/threaded
-CVE-2014-8742
-	RESERVED
-CVE-2014-8741
-	RESERVED
+CVE-2014-8742 (Directory traversal vulnerability in the ReportDownloadServlet servlet ...)
+	TODO: check
+CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet servle ...)
+	TODO: check
 CVE-2014-8740
 	RESERVED
 CVE-2014-8739
@@ -5337,8 +5336,8 @@ CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuT
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/e821e1908686657a45c1b735f6d077b7a8493e2b (3.3.x branch)
 	NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2014-5
 	NOTE: in experimental fixed in 3.3.10-1
-CVE-2014-8563
-	RESERVED
+CVE-2014-8563 (Synacor Zimbra Collaboration before 8.0.9 allows plaintext command inj ...)
+	TODO: check
 CVE-2014-8560
 	RESERVED
 CVE-2014-8558 (JExperts Channel Platform 5.0.33_CCB allows remote authenticated users ...)
@@ -6465,8 +6464,7 @@ CVE-2014-8163 (Directory traversal vulnerability in the XMLRPC interface in Red
 	NOT-FOR-US: Red Hat Satellite
 CVE-2014-8162 (XML external entity (XXE) in the RPC interface in Spacewalk and Red Ha ...)
 	NOT-FOR-US: Red Hat Satellite
-CVE-2014-8161
-	RESERVED
+CVE-2014-8161 (PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9. ...)
 	{DSA-3155-1 DLA-152-1}
 	- postgresql-9.4 9.4.1-1
 	- postgresql-9.1 9.1.11-2
@@ -8675,12 +8673,12 @@ CVE-2014-7305
 	RESERVED
 CVE-2014-7304
 	RESERVED
-CVE-2014-7303
-	RESERVED
-CVE-2014-7302
-	RESERVED
-CVE-2014-7301
-	RESERVED
+CVE-2014-7303 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...)
+	TODO: check
+CVE-2014-7302 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...)
+	TODO: check
+CVE-2014-7301 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...)
+	TODO: check
 CVE-2014-7299 (Unspecified vulnerability in administrative interfaces in ArubaOS 6.3. ...)
 	NOT-FOR-US: Aruba ArubaOS
 CVE-2014-7298 (adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify  ...)
@@ -12736,8 +12734,8 @@ CVE-2014-5502 (The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA a
 	NOT-FOR-US: Sophos Cyberoam CyberoamOS
 CVE-2014-5501 (Stack-based buffer overflow in the diagnose service in the Sophos Cybe ...)
 	NOT-FOR-US: Sophos Cyberoam CyberoamOS
-CVE-2014-5500
-	RESERVED
+CVE-2014-5500 (Synacor Zimbra Collaboration before 8.0.8 has XSS. ...)
+	TODO: check
 CVE-2014-5499
 	RESERVED
 CVE-2014-5498
@@ -16066,8 +16064,8 @@ CVE-2014-4159 (Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplie
 	NOT-FOR-US: SAP Supplier Relationship Management
 CVE-2014-4158 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to  ...)
 	NOT-FOR-US: Kolibri
-CVE-2014-4156
-	RESERVED
+CVE-2014-4156 (Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerabi ...)
+	TODO: check
 CVE-2014-4155 (Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300  ...)
 	NOT-FOR-US: ZTE router
 CVE-2014-4154 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...)
@@ -16487,8 +16485,7 @@ CVE-2014-3982 (include/tests_webservers in Lynis before 1.5.5 on AIX allows loca
 CVE-2014-3981 (acinclude.m4, as used in the configure script in PHP 5.5.13 and earlie ...)
 	- php5 5.6.0~rc1+dfsg-1 (unimportant)
 	NOTE: Only exploitable during package build
-CVE-2014-3979
-	RESERVED
+CVE-2014-3979 (Bytemark Symbiosis allows remote attackers to cause a denial of servic ...)
 	NOT-FOR-US: Bytemark Symbiosis
 CVE-2014-3978 (SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote auth ...)
 	NOT-FOR-US: TomatoCart
diff --git a/data/CVE/list.2015 b/data/CVE/list.2015
index 32b0252bff..7ab58ff711 100644
--- a/data/CVE/list.2015
+++ b/data/CVE/list.2015
@@ -13901,7 +13901,7 @@ CVE-2015-4711
 CVE-2015-4710
 	RESERVED
 CVE-2015-4709
-	RESERVED
+	REJECTED
 CVE-2015-4708
 	RESERVED
 CVE-2015-4705
@@ -18310,8 +18310,7 @@ CVE-2015-3156 (The _write_config function in trove/guestagent/datastore/experime
 	NOTE: will be completed during kilo release
 CVE-2015-3155 (Foreman before 1.8.1 does not set the secure flag for the _session_id  ...)
 	- foreman <itp> (bug #663101)
-CVE-2015-3154 [Potential CRLF injection attacks in mail and HTTP headers]
-	RESERVED
+CVE-2015-3154 (CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framewor ...)
 	{DSA-3265-1 DLA-251-1}
 	- zendframework 1.12.12+dfsg-1
 	[jessie] - zendframework 1.12.9+dfsg-2+deb8u1
@@ -20923,8 +20922,8 @@ CVE-2015-2251 (The DeviceManager in Huawei OceanStor UDS devices with software b
 	NOT-FOR-US: Huawei
 CVE-2015-2250 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 befor ...)
 	NOT-FOR-US: concrete5
-CVE-2015-2249
-	RESERVED
+CVE-2015-2249 (Zimbra Collaboration before 8.6.0 patch5 has XSS. ...)
+	TODO: check
 CVE-2015-2248 (Cross-site request forgery (CSRF) vulnerability in the user portal in  ...)
 	NOT-FOR-US: Dell SonicWALL
 CVE-2015-2247 (Unspecified vulnerability in Boosted Boards skateboards allows physica ...)
@@ -26448,8 +26447,7 @@ CVE-2015-0295 (The BMP decoder in QtGui in QT before 5.5 does not properly calcu
 	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #779580)
 	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
 	NOTE: http://lists.qt-project.org/pipermail/announce/2015-February/000059.html
-CVE-2015-0294 [certificate algorithm consistency checking issue]
-	RESERVED
+CVE-2015-0294 (GnuTLS before 3.3.13 does not validate that the signature algorithms m ...)
 	{DSA-3191-1 DLA-180-1}
 	- gnutls26 <removed>
 	[experimental] - gnutls28 3.3.13-1
@@ -26607,26 +26605,22 @@ CVE-2015-0245 (D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and
 	{DSA-3161-1}
 	- dbus 1.8.16-1 (bug #777545)
 	[squeeze] - dbus <not-affected> (affects 1.4 and above)
-CVE-2015-0244
-	RESERVED
+CVE-2015-0244 (PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9. ...)
 	{DSA-3155-1 DLA-152-1}
 	- postgresql-9.4 9.4.1-1
 	- postgresql-9.1 9.1.11-2
 	- postgresql-8.4 <removed>
 	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
-CVE-2015-0243
-	RESERVED
+CVE-2015-0243 (Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0 ...)
 	{DSA-3155-1 DLA-152-1}
 	- postgresql-9.4 9.4.1-1
 	- postgresql-9.1 9.1.11-2
 	- postgresql-8.4 <removed>
 	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
-CVE-2015-0242
-	RESERVED
+CVE-2015-0242 (Stack-based buffer overflow in the *printf function implementations in ...)
 	- postgresql-9.4 <not-affected> (Only affects PostgreSQL on Windows)
 	- postgresql-9.1 <not-affected> (Only affects PostgreSQL on Windows)
-CVE-2015-0241
-	RESERVED
+CVE-2015-0241 (The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, ...)
 	{DSA-3155-1 DLA-152-1}
 	- postgresql-9.4 9.4.1-1
 	- postgresql-9.1 9.1.11-2
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 75a3458552..b04b7e561d 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -7515,7 +7515,7 @@ CVE-2017-16114 (The marked module is vulnerable to a regular expression denial o
 CVE-2017-16113 (The parsejson module is vulnerable to regular expression denial of ser ...)
 	NOT-FOR-US: parsejson node module
 CVE-2017-16112
-	RESERVED
+	REJECTED
 CVE-2017-16111 (The content module is a module to parse HTTP Content-* headers. It is  ...)
 	NOT-FOR-US: node content
 CVE-2017-16110 (weather.swlyons is a simple web server for weather updates. weather.sw ...)
@@ -11341,10 +11341,10 @@ CVE-2017-14809
 	REJECTED
 CVE-2017-14808
 	REJECTED
-CVE-2017-14807
-	RESERVED
-CVE-2017-14806
-	RESERVED
+CVE-2017-14807 (An Improper Neutralization of Special Elements used in an SQL Command  ...)
+	TODO: check
+CVE-2017-14806 (A Improper Certificate Validation vulnerability in susestudio-common o ...)
+	TODO: check
 CVE-2017-14805
 	RESERVED
 CVE-2017-14804 (The build package before 20171128 did not check directory names during ...)
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index e048fd5774..30f19ade9e 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -2862,8 +2862,8 @@ CVE-2018-20107
 	REJECTED
 CVE-2018-20106 (In yast2-printer up to and including version 4.0.2 the SMB printer set ...)
 	NOT-FOR-US: yast2-printer
-CVE-2018-20105
-	RESERVED
+CVE-2018-20105 (A Inclusion of Sensitive Information in Log Files vulnerability in yas ...)
+	TODO: check
 CVE-2018-20104
 	RESERVED
 CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In the cas ...)
@@ -4775,8 +4775,8 @@ CVE-2018-19444 (A use after free in the TextBox field Validate action in IReader
 	NOT-FOR-US: Foxit Reader SDK
 CVE-2018-19442 (A Buffer Overflow in Network::AuthenticationClient::VerifySignature in ...)
 	NOT-FOR-US: Neato Botvac Connected
-CVE-2018-19441
-	RESERVED
+CVE-2018-19441 (An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateR ...)
+	TODO: check
 CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
 	NOT-FOR-US: ARM Trusted Firmware-A
 CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global Deskt ...)
@@ -22663,8 +22663,8 @@ CVE-2018-12477 (A Improper Neutralization of CRLF Sequences vulnerability in Ope
 	NOT-FOR-US: obs-service refresh_patches
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108189
 	NOTE: https://github.com/openSUSE/obs-service-refresh_patches/commit/d6244245dda5367767efc989446fe4b5e4609cce
-CVE-2018-12476
-	RESERVED
+CVE-2018-12476 (Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE L ...)
+	TODO: check
 CVE-2018-12475
 	RESERVED
 CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...)
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index bd399fa0de..8c2e47ca2c 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -1,3 +1,5 @@
+CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a s ...)
+	TODO: check
 CVE-2019-20432 (In the Lustre file system before 2.12.3, the mdt module has an out-of- ...)
 	TODO: check
 CVE-2019-20431 (In the Lustre file system before 2.12.3, the ptlrpc module has an osd_ ...)
@@ -1579,14 +1581,14 @@ CVE-2019-19827
 	RESERVED
 CVE-2019-19826 (The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal make ...)
 	NOT-FOR-US: Views Dynamic Fields module for Drupal
-CVE-2019-19825
-	RESERVED
-CVE-2019-19824
-	RESERVED
-CVE-2019-19823
-	RESERVED
-CVE-2019-19822
-	RESERVED
+CVE-2019-19825 (On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be ...)
+	TODO: check
+CVE-2019-19824 (On certain TOTOLINK Realtek SDK based routers, an authenticated attack ...)
+	TODO: check
+CVE-2019-19823 (A certain router administration interface (that includes Realtek APMIB ...)
+	TODO: check
+CVE-2019-19822 (A certain router administration interface (that includes Realtek APMIB ...)
+	TODO: check
 CVE-2019-19821
 	RESERVED
 CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...)
@@ -2329,8 +2331,8 @@ CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in s
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb
-CVE-2019-19539
-	RESERVED
+CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01AB ...)
+	TODO: check
 CVE-2019-19538
 	RESERVED
 CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that  ...)
@@ -3343,8 +3345,8 @@ CVE-2019-19145
 	RESERVED
 CVE-2019-19144
 	RESERVED
-CVE-2019-19143
-	RESERVED
+CVE-2019-19143 (TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to  ...)
+	TODO: check
 CVE-2019-19142 (Intelbras WRN240 devices do not require authentication to replace the  ...)
 	NOT-FOR-US: Intelbras
 CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through 1.18.2.20 ...)
@@ -7900,8 +7902,8 @@ CVE-2019-17192 (** DISPUTED ** The WebRTC component in the Signal Private Messen
 	NOT-FOR-US: Signal
 CVE-2019-17191 (The Signal Private Messenger application before 4.47.7 for Android all ...)
 	NOT-FOR-US: Signal
-CVE-2019-17190
-	RESERVED
+CVE-2019-17190 (A Local Privilege Escalation issue was discovered in Avast Secure Brow ...)
+	TODO: check
 CVE-2019-17189 (totemodata 3.0.0_b936 has XSS via a folder name. ...)
 	NOT-FOR-US: totemodata
 CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in catalog/pr ...)
@@ -8090,26 +8092,26 @@ CVE-2019-17105 (The token generator in index.php in Centreon Web before 2.8.27 i
 	- centreon-web <itp> (bug #913903)
 CVE-2019-17104 (In Centreon VM through 19.04.3, the cookie configuration within the Ap ...)
 	- centreon-web <itp> (bug #913903)
-CVE-2019-17103
-	RESERVED
-CVE-2019-17102
-	RESERVED
+CVE-2019-17103 (An Incorrect Default Permissions vulnerability in the BDLDaemon compon ...)
+	TODO: check
+CVE-2019-17102 (An exploitable command execution vulnerability exists in the recovery  ...)
+	TODO: check
 CVE-2019-17101
 	RESERVED
-CVE-2019-17100
-	RESERVED
-CVE-2019-17099
-	RESERVED
+CVE-2019-17100 (An Untrusted Search Path vulnerability in bdserviceshost.exe as used i ...)
+	TODO: check
+CVE-2019-17099 (An Untrusted Search Path vulnerability in EPSecurityService.exe as use ...)
+	TODO: check
 CVE-2019-17098
 	RESERVED
 CVE-2019-17097
 	RESERVED
 CVE-2019-17096
 	RESERVED
-CVE-2019-17095
-	RESERVED
-CVE-2019-17094
-	RESERVED
+CVE-2019-17095 (A command injection vulnerability has been discovered in the bootstrap ...)
+	TODO: check
+CVE-2019-17094 (A Stack-based Buffer Overflow vulnerability in libbelkin_api.so compon ...)
+	TODO: check
 CVE-2019-17093 (An issue was discovered in Avast antivirus before 19.8 and AVG antivir ...)
 	NOT-FOR-US: Avast
 CVE-2019-17092 (An XSS vulnerability in project list in OpenProject before 9.0.4 and 1 ...)
@@ -12496,8 +12498,8 @@ CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privile
 	NOT-FOR-US: Valve Steam Client for Windows
 CVE-2019-15314 (tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to uplo ...)
 	- tikiwiki <removed>
-CVE-2019-15313
-	RESERVED
+CVE-2019-15313 (In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persiste ...)
+	TODO: check
 CVE-2019-15312
 	RESERVED
 CVE-2019-15311
@@ -20227,8 +20229,8 @@ CVE-2019-12428 [Mandatory External Authentication Provider Sign-In Restrictions
 	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12427
-	RESERVED
+CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-pers ...)
+	TODO: check
 CVE-2019-12426
 	RESERVED
 CVE-2019-12425
@@ -23287,8 +23289,8 @@ CVE-2019-11320 (In Motorola CX2 1.01 and M2 1.01, users can access the router's
 	NOT-FOR-US: Motorola
 CVE-2019-11319 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...)
 	NOT-FOR-US: Motorola
-CVE-2019-11318
-	RESERVED
+CVE-2019-11318 (Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. ...)
+	TODO: check
 CVE-2019-11317
 	RESERVED
 CVE-2019-11316
@@ -23351,8 +23353,8 @@ CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all q
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not properly  ...)
 	NOT-FOR-US: Cloud Foundry Routing
-CVE-2019-11288
-	RESERVED
+CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions pr ...)
+	TODO: check
 CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...)
 	- rabbitmq-server <unfixed> (bug #945600)
 	[buster] - rabbitmq-server <no-dsa> (Minor issue)
@@ -30757,12 +30759,12 @@ CVE-2019-8949
 	RESERVED
 CVE-2019-8948 (PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script i ...)
 	NOT-FOR-US: PaperCut MF
-CVE-2019-8947
-	RESERVED
-CVE-2019-8946
-	RESERVED
-CVE-2019-8945
-	RESERVED
+CVE-2019-8947 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. ...)
+	TODO: check
+CVE-2019-8946 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ...)
+	TODO: check
+CVE-2019-8945 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ...)
+	TODO: check
 CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in Octo ...)
 	NOT-FOR-US: Terraform
 CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...)
@@ -37843,8 +37845,8 @@ CVE-2019-6038
 	RESERVED
 CVE-2019-6037
 	RESERVED
-CVE-2019-6036
-	RESERVED
+CVE-2019-6036 (Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 p ...)
+	TODO: check
 CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier allows remot ...)
 	NOT-FOR-US: Athenz
 CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver ...)
@@ -48376,8 +48378,7 @@ CVE-2019-1354 (A remote code execution vulnerability exists when Git for Visual
 	[buster] - git 1:2.20.1-2+deb10u1
 	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e1d911dd4c7b76a5a8cec0f5c8de15981e34da83
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
-CVE-2019-1353
-	REJECTED
+CVE-2019-1353 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...)
 	{DSA-4581-1 DLA-2059-1}
 	- git 1:2.24.0-2
 	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=9102f958ee5254b10c0be72672aa3305bf4f4704
@@ -48404,8 +48405,7 @@ CVE-2019-1349 (A remote code execution vulnerability exists when Git for Visual
 	- git 1:2.24.0-2
 	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=0060fd1511b94c918928fa3708f69a3f33895a4a
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
-CVE-2019-1348
-	REJECTED
+CVE-2019-1348 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...)
 	{DSA-4581-1 DLA-2059-1}
 	- git 1:2.24.0-2
 	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=68061e3470210703cb15594194718d35094afdc0
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 60516dd124..c192c79bca 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -1,3 +1,169 @@
+CVE-2020-8086
+	RESERVED
+CVE-2020-8085
+	RESERVED
+CVE-2020-8084
+	RESERVED
+CVE-2020-8083
+	RESERVED
+CVE-2020-8082
+	RESERVED
+CVE-2020-8081
+	RESERVED
+CVE-2020-8080
+	RESERVED
+CVE-2020-8079
+	RESERVED
+CVE-2020-8078
+	RESERVED
+CVE-2020-8077
+	RESERVED
+CVE-2020-8076
+	RESERVED
+CVE-2020-8075
+	RESERVED
+CVE-2020-8074
+	RESERVED
+CVE-2020-8073
+	RESERVED
+CVE-2020-8072
+	RESERVED
+CVE-2020-8071
+	RESERVED
+CVE-2020-8070
+	RESERVED
+CVE-2020-8069
+	RESERVED
+CVE-2020-8068
+	RESERVED
+CVE-2020-8067
+	RESERVED
+CVE-2020-8066
+	RESERVED
+CVE-2020-8065
+	RESERVED
+CVE-2020-8064
+	RESERVED
+CVE-2020-8063
+	RESERVED
+CVE-2020-8062
+	RESERVED
+CVE-2020-8061
+	RESERVED
+CVE-2020-8060
+	RESERVED
+CVE-2020-8059
+	RESERVED
+CVE-2020-8058
+	RESERVED
+CVE-2020-8057
+	RESERVED
+CVE-2020-8056
+	RESERVED
+CVE-2020-8055
+	RESERVED
+CVE-2020-8054
+	RESERVED
+CVE-2020-8053
+	RESERVED
+CVE-2020-8052
+	RESERVED
+CVE-2020-8051
+	RESERVED
+CVE-2020-8050
+	RESERVED
+CVE-2020-8049
+	RESERVED
+CVE-2020-8048
+	RESERVED
+CVE-2020-8047
+	RESERVED
+CVE-2020-8046
+	RESERVED
+CVE-2020-8045
+	RESERVED
+CVE-2020-8044
+	RESERVED
+CVE-2020-8043
+	RESERVED
+CVE-2020-8042
+	RESERVED
+CVE-2020-8041
+	RESERVED
+CVE-2020-8040
+	RESERVED
+CVE-2020-8039
+	RESERVED
+CVE-2020-8038
+	RESERVED
+CVE-2020-8037
+	RESERVED
+CVE-2020-8036
+	RESERVED
+CVE-2020-8035
+	RESERVED
+CVE-2020-8034
+	RESERVED
+CVE-2020-8033
+	RESERVED
+CVE-2020-8032
+	RESERVED
+CVE-2020-8031
+	RESERVED
+CVE-2020-8030
+	RESERVED
+CVE-2020-8029
+	RESERVED
+CVE-2020-8028
+	RESERVED
+CVE-2020-8027
+	RESERVED
+CVE-2020-8026
+	RESERVED
+CVE-2020-8025
+	RESERVED
+CVE-2020-8024
+	RESERVED
+CVE-2020-8023
+	RESERVED
+CVE-2020-8022
+	RESERVED
+CVE-2020-8021
+	RESERVED
+CVE-2020-8020
+	RESERVED
+CVE-2020-8019
+	RESERVED
+CVE-2020-8018
+	RESERVED
+CVE-2020-8017
+	RESERVED
+CVE-2020-8016
+	RESERVED
+CVE-2020-8015
+	RESERVED
+CVE-2020-8014
+	RESERVED
+CVE-2020-8013
+	RESERVED
+CVE-2020-8012
+	RESERVED
+CVE-2020-8011
+	RESERVED
+CVE-2020-8010
+	RESERVED
+CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as  ...)
+	TODO: check
+CVE-2020-8008
+	RESERVED
+CVE-2020-8007
+	RESERVED
+CVE-2020-8006
+	RESERVED
+CVE-2020-8005
+	RESERVED
+CVE-2020-8004
+	RESERVED
 CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...)
 	- virglrenderer <unfixed> (bug #949954)
 	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42
@@ -103,14 +269,14 @@ CVE-2020-7954
 	RESERVED
 CVE-2020-7953
 	RESERVED
-CVE-2020-7952
-	RESERVED
-CVE-2020-7951
-	RESERVED
-CVE-2020-7950
-	RESERVED
-CVE-2020-7949
-	RESERVED
+CVE-2020-7952 (rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attacke ...)
+	TODO: check
+CVE-2020-7951 (meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to ...)
+	TODO: check
+CVE-2020-7950 (meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to ...)
+	TODO: check
+CVE-2020-7949 (schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers  ...)
+	TODO: check
 CVE-2020-7948
 	RESERVED
 CVE-2020-7947
@@ -1533,8 +1699,8 @@ CVE-2020-7240 (Meinberg Lantime M300 and M1000 devices allow attackers (with pri
 	NOT-FOR-US: Meinberg Lantime M300 and M1000 devices
 CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...)
 	NOT-FOR-US: conversation-watson plugin for WordPress
-CVE-2020-7238
-	RESERVED
+CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...)
+	TODO: check
 CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...)
 	- cacti <unfixed>
 	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
@@ -5068,12 +5234,12 @@ CVE-2020-5524
 	RESERVED
 CVE-2020-5523
 	RESERVED
-CVE-2020-5522
-	RESERVED
-CVE-2020-5521
-	RESERVED
-CVE-2020-5520
-	RESERVED
+CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify  ...)
+	TODO: check
+CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...)
+	TODO: check
+CVE-2020-5520 (The netprint App for iOS 3.2.3 and earlier does not verify X.509 certi ...)
+	TODO: check
 CVE-2020-5519 (The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly  ...)
 	NOT-FOR-US: OpenLiteSpeed
 CVE-2020-5518
author	security tracker role <sectracker@soriano.debian.org>	2020-01-27 20:10:29 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-01-27 20:10:29 +0000
commit	a59703149cf62526da91796c2586921ba0e21bdc (patch)
tree	3a885ddc452b3d0deab785e6c5192dfa4b70e15b
parent	184c6ad7af56619ece4e911182c12dfb24431fe1 (diff)