automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-01-28 20:10:29 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-01-28 20:10:29 +0000
commit: a9fec0d63cb36103927cf2172b1a516096aa7a4e (patch)
tree: 68a444782f1e2d79f5d02396ce73b51f9fea2170
parent: 504b23ce1efd9b8fec3fa8a4c2d7a3baf0769dca (diff)
6 files changed, 541 insertions, 112 deletions
diff --git a/data/CVE/list.2012 b/data/CVE/list.2012
index 103fa65ab1..77c433bce4 100644
--- a/data/CVE/list.2012
+++ b/data/CVE/list.2012
@@ -332,10 +332,10 @@ CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor
 	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
 CVE-2012-6611
 	RESERVED
-CVE-2012-6610
-	RESERVED
-CVE-2012-6609
-	RESERVED
+CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J al ...)
+	TODO: check
+CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video ...)
+	TODO: check
 CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in  ...)
 	NOT-FOR-US: Elastix
 CVE-2012-6607 (The transform_save function in transform.c in Augeas before 1.0.0 allo ...)
@@ -1483,8 +1483,7 @@ CVE-2012-6116 (modules/certs/manifests/config.pp in katello-configure before 1.3
 	NOTE: Candlepin
 CVE-2012-6115 (The domain management tool (rhevm-manage-domains) in Red Hat Enterpris ...)
 	NOTE: RHEV management tool
-CVE-2012-6114 [temp file vulnerability in git-extras]
-	RESERVED
+CVE-2012-6114 (The git-changelog utility in git-extras 1.7.0 allows local users to ov ...)
 	- git-extras 1.7.0-1.2 (bug #698490)
 CVE-2012-6113 (The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 thr ...)
 	- php5 5.4.0~beta2-1
diff --git a/data/CVE/list.2013 b/data/CVE/list.2013
index 40fa63c73e..f36edc9a83 100644
--- a/data/CVE/list.2013
+++ b/data/CVE/list.2013
@@ -2890,8 +2890,7 @@ CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1
 	- libvirt 1.2.3-1 (bug #732394)
 	[wheezy] - libvirt <not-affected> (Vulnerable code not present, introduced in v1.0.1)
 	[squeeze] - libvirt <not-affected> (Vulnerable code not present, introduced in v1.0.1)
-CVE-2013-6455
-	RESERVED
+CVE-2013-6455 (The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1. ...)
 	NOT-FOR-US: Mediawiki CentralAuth extension
 CVE-2013-6454 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10,  ...)
 	{DSA-2891-1}
@@ -2908,8 +2907,7 @@ CVE-2013-6452 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19
 	- mediawiki 1:1.19.10+dfsg-1
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=57550
-CVE-2013-6451
-	RESERVED
+CVE-2013-6451 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1. ...)
 	- mediawiki 1:1.19.10+dfsg-1
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58088
@@ -6725,16 +6723,16 @@ CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python mod
 	NOT-FOR-US: Electronic Arts Karotz Smart Rabbit
 CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android h ...)
 	NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android
-CVE-2013-4865
-	RESERVED
-CVE-2013-4864
-	RESERVED
-CVE-2013-4863
-	RESERVED
-CVE-2013-4862
-	RESERVED
-CVE-2013-4861
-	RESERVED
+CVE-2013-4865 (Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in ...)
+	TODO: check
+CVE-2013-4864 (MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to  ...)
+	TODO: check
+CVE-2013-4863 (The HomeAutomationGateway service in MiCasaVerde VeraLite with firmwar ...)
+	TODO: check
+CVE-2013-4862 (MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict  ...)
+	TODO: check
+CVE-2013-4861 (Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasa ...)
+	TODO: check
 CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does n ...)
 	NOT-FOR-US: Radio Thermostat
 CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...)
@@ -7355,11 +7353,9 @@ CVE-2013-4584 (Perdition before 2.2 may have weak security when handling outboun
 	- perdition 2.1-1 (low; bug #729028)
 	[wheezy] - perdition <no-dsa> (Minor issue)
 	[squeeze] - perdition <no-dsa> (Minor issue)
-CVE-2013-4583
-	RESERVED
+CVE-2013-4583 (The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4 ...)
 	- gitlab <not-affected> (Fixed before initial upload to Debian)
-CVE-2013-4582 [Local file inclusion vulnerability]
-	RESERVED
+CVE-2013-4582 (The (1) create_branch, (2) create_tag, (3) import_project, and (4) for ...)
 	- gitlab <not-affected> (Fixed before initial upload to Debian)
 CVE-2013-4581 (GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Ed ...)
 	- gitlab <not-affected> (Fixed before initial upload to Debian)
@@ -12679,8 +12675,8 @@ CVE-2013-2573
 	RESERVED
 CVE-2013-2572
 	RESERVED
-CVE-2013-2571
-	RESERVED
+CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...)
+	TODO: check
 CVE-2013-2570
 	RESERVED
 CVE-2013-2569
@@ -14221,8 +14217,7 @@ CVE-2013-2061 (The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and ear
 	[squeeze] - openvpn 2.1.3-2+squeeze2
 	[wheezy] - openvpn 2.2.1-8+deb7u1
 	NOTE: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
-CVE-2013-2060
-	RESERVED
+CVE-2013-2060 (The download_from_url function in OpenShift Origin allows remote attac ...)
 	NOT-FOR-US: OpenShift
 CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly bef ...)
 	- keystone 2013.1.1-2 (bug #707598)
@@ -14761,8 +14756,7 @@ CVE-2013-1896 (mod_dav.c in the Apache HTTP Server before 2.2.25 does not proper
 	[wheezy] - apache2 2.2.22-13+deb7u1
 	[squeeze] - apache2 2.2.16-6+squeeze12
 	NOTE: http://www.gossamer-threads.com/lists/apache/announce/427633
-CVE-2013-1895 [concurrency issue leading to auth bypass]
-	RESERVED
+CVE-2013-1895 (The py-bcrypt module before 0.3 for Python does not properly handle co ...)
 	- python-bcrypt 0.4-1 (bug #704030)
 	[squeeze] - python-bcrypt <not-affected> (thread support only introduced after 0.1 release)
 	NOTE: https://code.google.com/p/py-bcrypt/source/detail?r=b03cc5246ea21a839fd027da5616d8d470247558
@@ -16400,8 +16394,7 @@ CVE-2013-1438 (Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used i
 	- rawstudio <removed> (unimportant; bug #721237)
 	- rawtherapee <not-affected> (unimportant; bug #721238)
 	NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
-CVE-2013-1437 [Code execution when gathering version metadata]
-	RESERVED
+CVE-2013-1437 (Eval injection vulnerability in the Module-Metadata module before 1.00 ...)
 	- perl 5.18.1-2
 	[wheezy] - perl <not-affected> (Bug was introduced later)
 	[squeeze] - perl <not-affected> (Does not yet contain Module::Metadata)
@@ -19280,8 +19273,7 @@ CVE-2013-0296 (Race condition in pigz before 2.2.5 uses permissions derived from
 	[squeeze] - pigz 2.1.6-1+squeeze1
 CVE-2013-0295 [CreateID() creates serialized packet IDs for RADIUS]
 	RESERVED
-CVE-2013-0294 [potentially predictable password hashing]
-	RESERVED
+CVE-2013-0294 (packet.py in pyrad before 2.1 uses weak random numbers to generate RAD ...)
 	- pyrad 2.0-2 (low; bug #700669)
 	[wheezy] - pyrad 1.2-1+deb7u2
 	[squeeze] - pyrad 1.2-1+deb6u1
diff --git a/data/CVE/list.2014 b/data/CVE/list.2014
index 6382cddc3d..aee3ea4805 100644
--- a/data/CVE/list.2014
+++ b/data/CVE/list.2014
@@ -16766,8 +16766,7 @@ CVE-2014-3858
 	RESERVED
 CVE-2014-3857 (Multiple SQL injection vulnerabilities in Kerio Control Statistics in  ...)
 	NOT-FOR-US: Kerio Control
-CVE-2014-3856
-	RESERVED
+CVE-2014-3856 (The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does  ...)
 	- fish 2.1.1-1 (low; bug #746259)
 	[squeeze] - fish <no-dsa> (Minor issue)
 	[wheezy] - fish <no-dsa> (Minor issue)
@@ -18185,8 +18184,8 @@ CVE-2014-3447 (BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vul
 	NOT-FOR-US: BSS Continuity CMS
 CVE-2014-3446 (SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in  ...)
 	NOT-FOR-US: BSS Continuity CMS
-CVE-2014-3445
-	RESERVED
+CVE-2014-3445 (backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require  ...)
+	TODO: check
 CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, ...)
 	{DSA-2934-1}
 	- python-django 1.6.5-1
@@ -19039,8 +19038,7 @@ CVE-2014-3209 (The ldns-keygen tool in ldns 1.6.x uses the current umask to set
 	- ldns 1.6.17-4 (low; bug #746758)
 	[squeeze] - ldns <no-dsa> (Minor issue)
 	[wheezy] - ldns 1.6.13-1+deb7u1
-CVE-2014-3230 [HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate verification for IO::Socket::SSL]
-	RESERVED
+CVE-2014-3230 (The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl ...)
 	- liblwp-protocol-https-perl 6.04-3 (bug #746579)
 	[wheezy] - liblwp-protocol-https-perl <not-affected> (Introduced by bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8 in 6.04)
 	NOTE: Introduced by https://github.com/dagolden/lwp-protocol-https/commit/bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8
@@ -19526,8 +19524,7 @@ CVE-2014-2917
 	RESERVED
 CVE-2014-2916 (Cross-site request forgery (CSRF) vulnerability in the subscription pa ...)
 	NOT-FOR-US: subscription page editor
-CVE-2014-2914 [remote code execution]
-	RESERVED
+CVE-2014-2914 (fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to t ...)
 	- fish 2.1.1-1 (bug #746259)
 	[wheezy] - fish <not-affected> (Web interface not yet present)
 	[squeeze] - fish <not-affected> (Web interface not yet present)
@@ -19542,8 +19539,7 @@ CVE-2014-2909 (CRLF injection vulnerability in the integrated web server on Siem
 	NOT-FOR-US: Siemens
 CVE-2014-2908 (Cross-site scripting (XSS) vulnerability in the integrated web server  ...)
 	NOT-FOR-US: Siemens
-CVE-2014-2906 [unsafe temporary file creationg leading to privilege escalation]
-	RESERVED
+CVE-2014-2906 (The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does no ...)
 	- fish 2.1.1-1 (low; bug #746259)
 	[squeeze] - fish <no-dsa> (Minor issue)
 	[wheezy] - fish <no-dsa> (Minor issue)
@@ -19639,14 +19635,11 @@ CVE-2014-2900 (wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 cert
 	- cyassl 2.9.4+dfsg-1
 CVE-2014-2899 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial  ...)
 	- cyassl 2.9.4+dfsg-1
-CVE-2014-2898
-	RESERVED
+CVE-2014-2898 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecifie ...)
 	- cyassl 2.9.4+dfsg-1
-CVE-2014-2897
-	RESERVED
+CVE-2014-2897 (The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does ...)
 	- cyassl 2.9.4+dfsg-1
-CVE-2014-2896
-	RESERVED
+CVE-2014-2896 (The DoAlert function in the (1) TLS and (2) DTLS implementations in wo ...)
 	- cyassl 2.9.4+dfsg-1
 CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html function in  ...)
 	- phpmyid <itp> (bug #492325)
@@ -20533,8 +20526,7 @@ CVE-2014-2532 (sshd in OpenSSH before 6.6 does not properly support wildcards on
 	- openssh 1:6.6p1-1
 	NOTE: Default sshd_config in Debian has AcceptEnv LANG LC_*
 	NOTE: http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2
-CVE-2014-2581 [credentials cache leak]
-	RESERVED
+CVE-2014-2581 (Smb4K before 1.1.1 allows remote attackers to obtain credentials via v ...)
 	- smb4k 1.1.2-1 (low; bug #742816)
 	[wheezy] - smb4k <no-dsa> (Minor issue)
 	[squeeze] - smb4k <no-dsa> (Minor issue)
diff --git a/data/CVE/list.2015 b/data/CVE/list.2015
index 657aa3a5e8..b6d56395ed 100644
--- a/data/CVE/list.2015
+++ b/data/CVE/list.2015
@@ -5245,8 +5245,7 @@ CVE-2015-7852 (ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows
 	- ntp 1:4.2.8p4+dfsg-1
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
 	NOTE: https://github.com/ntp-project/ntp/commit/07a5b8141e354a998a52994c3c9cd547927e56ce
-CVE-2015-7851
-	RESERVED
+CVE-2015-7851 (Directory traversal vulnerability in the save_config function in ntpd  ...)
 	{DSA-3388-1 DLA-335-1}
 	- ntp 1:4.2.8p4+dfsg-1
 	[jessie] - ntp <no-dsa> (Vulnerability only affects VMS)
@@ -5392,16 +5391,14 @@ CVE-2015-7812 (The hypercall_create_continuation function in arch/arm/domain.c i
 	[wheezy] - xen <not-affected> (arm not yet supported)
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://xenbits.xen.org/xsa/advisory-145.html
-CVE-2015-8011 [lldpd: buffer overflow when handling management address TLV]
-	RESERVED
+CVE-2015-8011 (Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c ...)
 	- lldpd 0.7.19-1
 	[jessie] - lldpd 0.7.11-2+deb8u1
 	[wheezy] - lldpd <not-affected> (Vulnerable code not present)
 	[squeeze] - lldpd <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/16/2
-CVE-2015-8012 [lldpd: asserts triggered by malformed packets]
-	RESERVED
+CVE-2015-8012 (lldpd before 0.8.0 allows remote attackers to cause a denial of servic ...)
 	- lldpd 0.7.19-1
 	[jessie] - lldpd 0.7.11-2+deb8u1
 	[wheezy] - lldpd <not-affected> (Vulnerable code not present)
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index 5d74846fa1..6c62a4aa5d 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -7616,8 +7616,8 @@ CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is
 	NOT-FOR-US: JFinal
 CVE-2019-17339
 	RESERVED
-CVE-2019-17338
-	RESERVED
+CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO Patterns - ...)
+	TODO: check
 CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-17336 (The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfir ...)
@@ -8131,8 +8131,8 @@ CVE-2019-17098
 	RESERVED
 CVE-2019-17097
 	RESERVED
-CVE-2019-17096
-	RESERVED
+CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of Bitdefe ...)
+	TODO: check
 CVE-2019-17095 (A command injection vulnerability has been discovered in the bootstrap ...)
 	NOT-FOR-US: Bitdefender BOX 2
 CVE-2019-17094 (A Stack-based Buffer Overflow vulnerability in libbelkin_api.so compon ...)
@@ -18373,7 +18373,7 @@ CVE-2019-13128 (An issue was discovered on D-Link DIR-823G devices with firmware
 	NOT-FOR-US: D-Link
 CVE-2019-13127 (An issue was discovered in mxGraph through 4.0.0, related to the "draw ...)
 	NOT-FOR-US: mxGraph
-CVE-2019-13126 (An integer overflow in NATS Server 2.0.0 allows a remote attacker to c ...)
+CVE-2019-13126 (An integer overflow in NATS Server before 2.0.2 allows a remote attack ...)
 	NOT-FOR-US: NATS Server
 CVE-2019-13125 (HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evad ...)
 	NOT-FOR-US: Tencent
@@ -40958,8 +40958,8 @@ CVE-2019-4709
 	RESERVED
 CVE-2019-4708
 	RESERVED
-CVE-2019-4707
-	RESERVED
+CVE-2019-4707 (IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML  ...)
+	TODO: check
 CVE-2019-4706
 	RESERVED
 CVE-2019-4705
@@ -41014,8 +41014,8 @@ CVE-2019-4681
 	RESERVED
 CVE-2019-4680
 	RESERVED
-CVE-2019-4679
-	RESERVED
+CVE-2019-4679 (IBM Content Navigator 3.0CD could allow an authenticated user to gain  ...)
+	TODO: check
 CVE-2019-4678
 	RESERVED
 CVE-2019-4677
@@ -41094,24 +41094,24 @@ CVE-2019-4641
 	RESERVED
 CVE-2019-4640
 	RESERVED
-CVE-2019-4639
-	RESERVED
-CVE-2019-4638
-	RESERVED
-CVE-2019-4637
-	RESERVED
-CVE-2019-4636
-	RESERVED
-CVE-2019-4635
-	RESERVED
+CVE-2019-4639 (IBM Security Secret Server 10.7 uses weaker than expected cryptographi ...)
+	TODO: check
+CVE-2019-4638 (IBM Security Secret Server 10.7 does not set the secure attribute on a ...)
+	TODO: check
+CVE-2019-4637 (IBM Security Secret Server 10.7 uses incomplete blacklisting for input ...)
+	TODO: check
+CVE-2019-4636 (IBM Security Secret Server 10.7 could disclose sensitive information t ...)
+	TODO: check
+CVE-2019-4635 (IBM Security Secret Server 10.7 could allow a privileged user to perfo ...)
+	TODO: check
 CVE-2019-4634
 	RESERVED
-CVE-2019-4633
-	RESERVED
-CVE-2019-4632
-	RESERVED
-CVE-2019-4631
-	RESERVED
+CVE-2019-4633 (IBM Security Secret Server 10.7 could allow an attacker to obtain sens ...)
+	TODO: check
+CVE-2019-4632 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...)
+	TODO: check
+CVE-2019-4631 (IBM Security Secret Server 10.7 could allow a remote attacker to condu ...)
+	TODO: check
 CVE-2019-4630
 	RESERVED
 CVE-2019-4629
@@ -41132,8 +41132,8 @@ CVE-2019-4622
 	RESERVED
 CVE-2019-4621 (IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2 ...)
 	NOT-FOR-US: IBM
-CVE-2019-4620
-	RESERVED
+CVE-2019-4620 (IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypas ...)
+	TODO: check
 CVE-2019-4619
 	RESERVED
 CVE-2019-4618
@@ -41144,8 +41144,8 @@ CVE-2019-4616
 	RESERVED
 CVE-2019-4615
 	RESERVED
-CVE-2019-4614
-	RESERVED
+CVE-2019-4614 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Que ...)
+	TODO: check
 CVE-2019-4613
 	RESERVED
 CVE-2019-4612 (IBM Planning Analytics 2.0 is vulnerable to malicious file upload in t ...)
@@ -41236,8 +41236,8 @@ CVE-2019-4570 (IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an err
 	NOT-FOR-US: IBM
 CVE-2019-4569 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cr ...)
 	NOT-FOR-US: IBM
-CVE-2019-4568
-	RESERVED
+CVE-2019-4568 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attac ...)
+	TODO: check
 CVE-2019-4567
 	RESERVED
 CVE-2019-4566 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentia ...)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index a06e67a414..107b92119e 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -1,3 +1,451 @@
+CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...)
+	TODO: check
+CVE-2020-8314
+	RESERVED
+CVE-2020-8313
+	RESERVED
+CVE-2020-8312
+	RESERVED
+CVE-2020-8311
+	RESERVED
+CVE-2020-8310
+	RESERVED
+CVE-2020-8309
+	RESERVED
+CVE-2020-8308
+	RESERVED
+CVE-2020-8307
+	RESERVED
+CVE-2020-8306
+	RESERVED
+CVE-2020-8305
+	RESERVED
+CVE-2020-8304
+	RESERVED
+CVE-2020-8303
+	RESERVED
+CVE-2020-8302
+	RESERVED
+CVE-2020-8301
+	RESERVED
+CVE-2020-8300
+	RESERVED
+CVE-2020-8299
+	RESERVED
+CVE-2020-8298
+	RESERVED
+CVE-2020-8297
+	RESERVED
+CVE-2020-8296
+	RESERVED
+CVE-2020-8295
+	RESERVED
+CVE-2020-8294
+	RESERVED
+CVE-2020-8293
+	RESERVED
+CVE-2020-8292
+	RESERVED
+CVE-2020-8291
+	RESERVED
+CVE-2020-8290
+	RESERVED
+CVE-2020-8289
+	RESERVED
+CVE-2020-8288
+	RESERVED
+CVE-2020-8287
+	RESERVED
+CVE-2020-8286
+	RESERVED
+CVE-2020-8285
+	RESERVED
+CVE-2020-8284
+	RESERVED
+CVE-2020-8283
+	RESERVED
+CVE-2020-8282
+	RESERVED
+CVE-2020-8281
+	RESERVED
+CVE-2020-8280
+	RESERVED
+CVE-2020-8279
+	RESERVED
+CVE-2020-8278
+	RESERVED
+CVE-2020-8277
+	RESERVED
+CVE-2020-8276
+	RESERVED
+CVE-2020-8275
+	RESERVED
+CVE-2020-8274
+	RESERVED
+CVE-2020-8273
+	RESERVED
+CVE-2020-8272
+	RESERVED
+CVE-2020-8271
+	RESERVED
+CVE-2020-8270
+	RESERVED
+CVE-2020-8269
+	RESERVED
+CVE-2020-8268
+	RESERVED
+CVE-2020-8267
+	RESERVED
+CVE-2020-8266
+	RESERVED
+CVE-2020-8265
+	RESERVED
+CVE-2020-8264
+	RESERVED
+CVE-2020-8263
+	RESERVED
+CVE-2020-8262
+	RESERVED
+CVE-2020-8261
+	RESERVED
+CVE-2020-8260
+	RESERVED
+CVE-2020-8259
+	RESERVED
+CVE-2020-8258
+	RESERVED
+CVE-2020-8257
+	RESERVED
+CVE-2020-8256
+	RESERVED
+CVE-2020-8255
+	RESERVED
+CVE-2020-8254
+	RESERVED
+CVE-2020-8253
+	RESERVED
+CVE-2020-8252
+	RESERVED
+CVE-2020-8251
+	RESERVED
+CVE-2020-8250
+	RESERVED
+CVE-2020-8249
+	RESERVED
+CVE-2020-8248
+	RESERVED
+CVE-2020-8247
+	RESERVED
+CVE-2020-8246
+	RESERVED
+CVE-2020-8245
+	RESERVED
+CVE-2020-8244
+	RESERVED
+CVE-2020-8243
+	RESERVED
+CVE-2020-8242
+	RESERVED
+CVE-2020-8241
+	RESERVED
+CVE-2020-8240
+	RESERVED
+CVE-2020-8239
+	RESERVED
+CVE-2020-8238
+	RESERVED
+CVE-2020-8237
+	RESERVED
+CVE-2020-8236
+	RESERVED
+CVE-2020-8235
+	RESERVED
+CVE-2020-8234
+	RESERVED
+CVE-2020-8233
+	RESERVED
+CVE-2020-8232
+	RESERVED
+CVE-2020-8231
+	RESERVED
+CVE-2020-8230
+	RESERVED
+CVE-2020-8229
+	RESERVED
+CVE-2020-8228
+	RESERVED
+CVE-2020-8227
+	RESERVED
+CVE-2020-8226
+	RESERVED
+CVE-2020-8225
+	RESERVED
+CVE-2020-8224
+	RESERVED
+CVE-2020-8223
+	RESERVED
+CVE-2020-8222
+	RESERVED
+CVE-2020-8221
+	RESERVED
+CVE-2020-8220
+	RESERVED
+CVE-2020-8219
+	RESERVED
+CVE-2020-8218
+	RESERVED
+CVE-2020-8217
+	RESERVED
+CVE-2020-8216
+	RESERVED
+CVE-2020-8215
+	RESERVED
+CVE-2020-8214
+	RESERVED
+CVE-2020-8213
+	RESERVED
+CVE-2020-8212
+	RESERVED
+CVE-2020-8211
+	RESERVED
+CVE-2020-8210
+	RESERVED
+CVE-2020-8209
+	RESERVED
+CVE-2020-8208
+	RESERVED
+CVE-2020-8207
+	RESERVED
+CVE-2020-8206
+	RESERVED
+CVE-2020-8205
+	RESERVED
+CVE-2020-8204
+	RESERVED
+CVE-2020-8203
+	RESERVED
+CVE-2020-8202
+	RESERVED
+CVE-2020-8201
+	RESERVED
+CVE-2020-8200
+	RESERVED
+CVE-2020-8199
+	RESERVED
+CVE-2020-8198
+	RESERVED
+CVE-2020-8197
+	RESERVED
+CVE-2020-8196
+	RESERVED
+CVE-2020-8195
+	RESERVED
+CVE-2020-8194
+	RESERVED
+CVE-2020-8193
+	RESERVED
+CVE-2020-8192
+	RESERVED
+CVE-2020-8191
+	RESERVED
+CVE-2020-8190
+	RESERVED
+CVE-2020-8189
+	RESERVED
+CVE-2020-8188
+	RESERVED
+CVE-2020-8187
+	RESERVED
+CVE-2020-8186
+	RESERVED
+CVE-2020-8185
+	RESERVED
+CVE-2020-8184
+	RESERVED
+CVE-2020-8183
+	RESERVED
+CVE-2020-8182
+	RESERVED
+CVE-2020-8181
+	RESERVED
+CVE-2020-8180
+	RESERVED
+CVE-2020-8179
+	RESERVED
+CVE-2020-8178
+	RESERVED
+CVE-2020-8177
+	RESERVED
+CVE-2020-8176
+	RESERVED
+CVE-2020-8175
+	RESERVED
+CVE-2020-8174
+	RESERVED
+CVE-2020-8173
+	RESERVED
+CVE-2020-8172
+	RESERVED
+CVE-2020-8171
+	RESERVED
+CVE-2020-8170
+	RESERVED
+CVE-2020-8169
+	RESERVED
+CVE-2020-8168
+	RESERVED
+CVE-2020-8167
+	RESERVED
+CVE-2020-8166
+	RESERVED
+CVE-2020-8165
+	RESERVED
+CVE-2020-8164
+	RESERVED
+CVE-2020-8163
+	RESERVED
+CVE-2020-8162
+	RESERVED
+CVE-2020-8161
+	RESERVED
+CVE-2020-8160
+	RESERVED
+CVE-2020-8159
+	RESERVED
+CVE-2020-8158
+	RESERVED
+CVE-2020-8157
+	RESERVED
+CVE-2020-8156
+	RESERVED
+CVE-2020-8155
+	RESERVED
+CVE-2020-8154
+	RESERVED
+CVE-2020-8153
+	RESERVED
+CVE-2020-8152
+	RESERVED
+CVE-2020-8151
+	RESERVED
+CVE-2020-8150
+	RESERVED
+CVE-2020-8149
+	RESERVED
+CVE-2020-8148
+	RESERVED
+CVE-2020-8147
+	RESERVED
+CVE-2020-8146
+	RESERVED
+CVE-2020-8145
+	RESERVED
+CVE-2020-8144
+	RESERVED
+CVE-2020-8143
+	RESERVED
+CVE-2020-8142
+	RESERVED
+CVE-2020-8141
+	RESERVED
+CVE-2020-8140
+	RESERVED
+CVE-2020-8139
+	RESERVED
+CVE-2020-8138
+	RESERVED
+CVE-2020-8137
+	RESERVED
+CVE-2020-8136
+	RESERVED
+CVE-2020-8135
+	RESERVED
+CVE-2020-8134
+	RESERVED
+CVE-2020-8133
+	RESERVED
+CVE-2020-8132
+	RESERVED
+CVE-2020-8131
+	RESERVED
+CVE-2020-8130
+	RESERVED
+CVE-2020-8129
+	RESERVED
+CVE-2020-8128
+	RESERVED
+CVE-2020-8127
+	RESERVED
+CVE-2020-8126
+	RESERVED
+CVE-2020-8125
+	RESERVED
+CVE-2020-8124
+	RESERVED
+CVE-2020-8123
+	RESERVED
+CVE-2020-8122
+	RESERVED
+CVE-2020-8121
+	RESERVED
+CVE-2020-8120
+	RESERVED
+CVE-2020-8119
+	RESERVED
+CVE-2020-8118
+	RESERVED
+CVE-2020-8117
+	RESERVED
+CVE-2020-8116
+	RESERVED
+CVE-2020-8115
+	RESERVED
+CVE-2020-8114
+	RESERVED
+CVE-2020-8113
+	RESERVED
+CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...)
+	TODO: check
+CVE-2020-8111
+	RESERVED
+CVE-2020-8110
+	RESERVED
+CVE-2020-8109
+	RESERVED
+CVE-2020-8108
+	RESERVED
+CVE-2020-8107
+	RESERVED
+CVE-2020-8106
+	RESERVED
+CVE-2020-8105
+	RESERVED
+CVE-2020-8104
+	RESERVED
+CVE-2020-8103
+	RESERVED
+CVE-2020-8102
+	RESERVED
+CVE-2020-8101
+	RESERVED
+CVE-2020-8100
+	RESERVED
+CVE-2020-8099
+	RESERVED
+CVE-2020-8098
+	RESERVED
+CVE-2020-8097
+	RESERVED
+CVE-2020-8096
+	RESERVED
+CVE-2020-8095
+	RESERVED
+CVE-2020-8094
+	RESERVED
+CVE-2020-8093
+	RESERVED
+CVE-2020-8092
+	RESERVED
 CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...)
 	NOT-FOR-US: TYPO3
 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB  ...)
@@ -8,8 +456,8 @@ CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login by
 	NOT-FOR-US: UseBB
 CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...)
 	NOT-FOR-US: SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices
-CVE-2020-8086
-	RESERVED
+CVE-2020-8086 (The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01 ...)
+	TODO: check
 CVE-2020-8085
 	RESERVED
 CVE-2020-8084
@@ -315,8 +763,8 @@ CVE-2020-7936 (An open redirect on the login form (and possibly other places) in
 	NOT-FOR-US: Plone
 CVE-2020-7935
 	RESERVED
-CVE-2020-7934
-	RESERVED
+CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, ...)
+	TODO: check
 CVE-2020-7933
 	RESERVED
 CVE-2020-7932
@@ -585,8 +1033,8 @@ CVE-2020-7801
 	RESERVED
 CVE-2020-7800
 	RESERVED
-CVE-2020-7799
-	RESERVED
+CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated  ...)
+	TODO: check
 CVE-2020-7798
 	RESERVED
 CVE-2020-7797
@@ -1695,7 +2143,7 @@ CVE-2020-7247
 	RESERVED
 CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1 and ear ...)
 	NOT-FOR-US: qdPM
-CVE-2020-7245 (Incorrect username validation in the registration processes of CTFd th ...)
+CVE-2020-7245 (Incorrect username validation in the registration process of CTFd v2.0 ...)
 	NOT-FOR-US: CTFd
 CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...)
 	NOT-FOR-US: Comtech Stampede FX-1010 devices
@@ -2533,6 +2981,7 @@ CVE-2020-6853
 CVE-2020-6852
 	RESERVED
 CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...)
+	{DLA-2081-1}
 	- openjpeg2 <unfixed> (bug #950000)
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
 	[stretch] - openjpeg2 <no-dsa> (Minor issue)
@@ -5898,18 +6347,18 @@ CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection
 	NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0
 CVE-2020-5215
 	RESERVED
-CVE-2020-5214
-	RESERVED
-CVE-2020-5213
-	RESERVED
-CVE-2020-5212
-	RESERVED
-CVE-2020-5211
-	RESERVED
-CVE-2020-5210
-	RESERVED
-CVE-2020-5209
-	RESERVED
+CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...)
+	TODO: check
+CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...)
+	TODO: check
+CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...)
+	TODO: check
+CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the  ...)
+	TODO: check
+CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...)
+	TODO: check
+CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can  ...)
+	TODO: check
 CVE-2020-5208
 	RESERVED
 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...)
@@ -7918,8 +8367,8 @@ CVE-2020-4209
 	RESERVED
 CVE-2020-4208
 	RESERVED
-CVE-2020-4207
-	RESERVED
+CVE-2020-4207 (IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2  ...)
+	TODO: check
 CVE-2020-4206
 	RESERVED
 CVE-2020-4205
@@ -12512,8 +12961,8 @@ CVE-2020-1942
 	RESERVED
 CVE-2020-1941
 	RESERVED
-CVE-2020-1940
-	RESERVED
+CVE-2020-1940 (The optional initial password change and password expiration features  ...)
+	TODO: check
 CVE-2020-1939
 	RESERVED
 CVE-2020-1938
author	security tracker role <sectracker@soriano.debian.org>	2020-01-28 20:10:29 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-01-28 20:10:29 +0000
commit	a9fec0d63cb36103927cf2172b1a516096aa7a4e (patch)
tree	68a444782f1e2d79f5d02396ce73b51f9fea2170
parent	504b23ce1efd9b8fec3fa8a4c2d7a3baf0769dca (diff)