automatic update

5 files changed, 71 insertions, 71 deletions

diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 6e9139c7da..525612b5d4 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -2827,8 +2827,7 @@ CVE-2010-4178 (MySQL-GUI-tools (mysql-administrator) leaks passwords into proces
 	- mysql-gui-tools <unfixed> (low; bug #605542)
 	[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
 	[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
-CVE-2010-4177
-	RESERVED
+CVE-2010-4177 (mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+op ...)
 	- mysql-gui-tools <unfixed> (low; bug #605542)
 	[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
 	[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
@@ -3591,8 +3590,7 @@ CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in
 CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before 2 ...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-27
-CVE-2010-3857 [JBoss BRMS XSS via UUID parameter]
-	RESERVED
+CVE-2010-3857 (JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID paramet ...)
 	- jbossas4 <not-affected> (Vulnerable code not present)
 	NOTE: JBoss 5 only; fixed in 5.1.0
 CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.1 ...)
@@ -3629,8 +3627,7 @@ CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6)
 CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS 1.1 ...)
 	- cvs <not-affected> (vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852
-CVE-2010-3844
-	RESERVED
+CVE-2010-3844 (An unchecked sscanf() call in ettercap 0.7.3 allows an insecure tempor ...)
 	- ettercap 1:0.7.4-1 (unimportant; bug #600130)
 	NOTE: Very far-fetched attack vector
 CVE-2010-3843
@@ -4747,15 +4744,12 @@ CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in sound/c
 CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote  ...)
 	- abcm2ps 5.9.13-0.1 (low; bug #577014)
 	[lenny] - abcm2ps <no-dsa> (Minor issue)
-CVE-2010-3440 [babiloo insecure downloading and unpacking of dictionary files]
-	RESERVED
+CVE-2010-3440 (babiloo 2.0.9 before 2.0.11 creates temporary files with predictable n ...)
 	- babiloo 2.0.11-1 (low; bug #591995)
-CVE-2010-3439 [alien-arena: server dos]
-	RESERVED
+CVE-2010-3439 (It is possible to cause a DoS condition by causing the server to crash ...)
 	- alien-arena 7.33-5 (low; bug #575621)
 	[lenny] - alien-arena 7.0-1+lenny2
-CVE-2010-3438 [Insufficient stripping of CR/LF allows arbitrary IRC command execution]
-	RESERVED
+CVE-2010-3438 (libpoe-component-irc-perl before v6.32 does not remove carriage return ...)
 	- libpoe-component-irc-perl 6.32+dfsg-1
 	[lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194)
 CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in dr ...)
@@ -5108,8 +5102,7 @@ CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Opensw
 	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
 CVE-2010-3307 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...)
 	NOT-FOR-US: Free Simple CMS 1.0
-CVE-2010-3305 [pixel CSRF]
-	RESERVED
+CVE-2010-3305 (Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 cou ...)
 	- pixelpost <removed> (bug #597224)
 CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...)
 	- dovecot 1.2.13-1
@@ -5125,8 +5118,7 @@ CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia3
 	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.27)
 CVE-2010-3300
 	RESERVED
-CVE-2010-3299 [ruby on rails: padding oracle attack]
-	RESERVED
+CVE-2010-3299 (The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...)
 	- rails <unfixed> (unimportant)
 	NOTE: http://seclists.org/oss-sec/2010/q3/415
 	NOTE: http://seclists.org/oss-sec/2010/q3/413
@@ -5178,8 +5170,7 @@ CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Altern
 CVE-2010-3293 (mailscanner can allow local users to prevent virus signatures from bei ...)
 	- mailscanner <removed> (bug #596397; unimportant)
 	NOTE: or even unimportant, the script is not used by default
-CVE-2010-3292 [mailscanner may use spoofed data]
-	RESERVED
+CVE-2010-3292 (The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 down ...)
 	- mailscanner <removed> (bug #596396; low)
 	[squeeze] - mailscanner <no-dsa> (Minor issue)
 CVE-2010-3278
@@ -5734,8 +5725,7 @@ CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP cli
 	NOT-FOR-US: WinFrigate Frigate 3 FTP
 CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...)
 	NOT-FOR-US: SoftX FTP Client 3.3
-CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313]
-	RESERVED
+CVE-2010-3095 (mailscanner before 4.79.11-2.1 might allow local users to overwrite ar ...)
 	- mailscanner 4.79.11-2.1 (bug #596403)
 CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...)
 	{DSA-2113-1}
@@ -7294,8 +7284,7 @@ CVE-2010-2490 (Mumble: murmur-server has DoS due to malformed client query ...)
 CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...)
 	- ruby1.8 <not-affected> (Windows-specific)
 	- ruby1.9.1 <not-affected> (Windows-specific)
-CVE-2010-2488 [znc null pointer deref]
-	RESERVED
+CVE-2010-2488 (NULL pointer dereference vulnerability in ZNC before 0.092 caused by t ...)
 	{DSA-2069-1}
 	- znc 0.090-2 (bug #584929)
 CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3  ...)
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 8b4a764a4f..806d18dfbc 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -8003,10 +8003,10 @@ CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in
 	NOTE: Historic webkit/Chromium issues
 CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...)
 	NOTE: Historic webkit/Chromium issues
-CVE-2011-2335
-	RESERVED
-CVE-2011-2334
-	RESERVED
+CVE-2011-2335 (A double-free vulnerability exists in WebKit in Google Chrome before B ...)
+	TODO: check
+CVE-2011-2334 (Use after free vulnerability exists in WebKit in Google Chrome before  ...)
+	TODO: check
 CVE-2011-2333
 	RESERVED
 CVE-2011-2329 (The rampart_timestamp_token_validate function in util/rampart_timestam ...)
@@ -9346,10 +9346,10 @@ CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as us
 	- chromium-browser 11.0.696.71~r86024-1
 	[squeeze] - chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/86448
-CVE-2011-1803
-	RESERVED
-CVE-2011-1802
-	RESERVED
+CVE-2011-1803 (An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVG ...)
+	TODO: check
+CVE-2011-1802 (WebKit in Google Chrome before Blink M11 and M12 does not properly han ...)
+	TODO: check
 CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 allows r ...)
 	- chromium-browser 11.0.696.71~r86024-1 (unimportant)
 	NOTE: http://trac.webkit.org/changeset/85977
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 9e1a11dae2..e27ccb33e4 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -4236,8 +4236,8 @@ CVE-2017-17226 (The TripAdvisor app with the versions before TAMobileApp-24.6.4
 	NOT-FOR-US: The TripAdvisor app on Huawei
 CVE-2017-17225 (The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile  ...)
 	NOT-FOR-US: Huawei
-CVE-2017-17224
-	RESERVED
+CVE-2017-17224 (Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0. ...)
+	TODO: check
 CVE-2017-17223 (Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V ...)
 	NOT-FOR-US: Huawei
 CVE-2017-17222 (Import Language Package function in Huawei eSpace 7950 V200R003C30; eS ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 27243da1e2..b191265d95 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -23410,7 +23410,7 @@ CVE-2018-12208 (Buffer overflow in HECI subsystem in Intel(R) CSME before versio
 	NOT-FOR-US: Intel
 CVE-2018-12207 [iTLB Multihit]
 	RESERVED
-	{DSA-4564-1}
+	{DSA-4564-1 DLA-1990-1}
 	- linux 5.3.9-2
 	[jessie] - linux <ignored> (Untrusted guests are no longer supportable)
 	- xen <unfixed>
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 681288917d..373f5429a4 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,11 @@
+CVE-2019-18931
+	RESERVED
+CVE-2019-18930
+	RESERVED
+CVE-2019-18929
+	RESERVED
+CVE-2019-18928
+	RESERVED
 CVE-2019-18927
 	RESERVED
 CVE-2019-18926 (Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable t ...)
@@ -3158,6 +3166,7 @@ CVE-2019-17500
 CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...)
 	NOT-FOR-US: Compal CH7465LG devices
 CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic i ...)
+	{DLA-1991-1}
 	- libssh2 <unfixed> (bug #943562)
 	NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
 	NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
@@ -3513,12 +3522,12 @@ CVE-2019-17334
 	RESERVED
 CVE-2019-17333
 	RESERVED
-CVE-2019-17332
-	RESERVED
-CVE-2019-17331
-	RESERVED
-CVE-2019-17330
-	RESERVED
+CVE-2019-17332 (The Digital Asset Manager Web Interface component of TIBCO Software In ...)
+	TODO: check
+CVE-2019-17331 (The Data Exchange Web Interface component of TIBCO Software Inc.'s TIB ...)
+	TODO: check
+CVE-2019-17330 (The Web server component of TIBCO Software Inc.'s TIBCO EBX contains m ...)
+	TODO: check
 CVE-2019-17329
 	RESERVED
 CVE-2019-17328
@@ -4495,7 +4504,7 @@ CVE-2019-16900 (Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write
 CVE-2019-16899 (In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Add ...)
 	NOT-FOR-US: Advantech
 CVE-2019-16898
-	RESERVED
+	REJECTED
 CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security  ...)
 	NOT-FOR-US: K7
 CVE-2019-16896
@@ -9442,6 +9451,7 @@ CVE-2019-14819
 	NOT-FOR-US: openshift-ansible
 CVE-2019-14818
 	RESERVED
+	{DSA-4567-1}
 	- dpdk 18.11.4-1
 	NOTE: http://mails.dpdk.org/archives/announce/2019-November/000293.html
 	NOTE: https://bugs.dpdk.org/show_bug.cgi?id=363
@@ -10669,12 +10679,12 @@ CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafI
 	NOTE: https://github.com/Exiv2/exiv2/issues/952
 	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
 	NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/c72d16f4c402a8acc2dfe06fe3d58bf6cf99069e
-CVE-2019-14367
-	RESERVED
-CVE-2019-14366
-	RESERVED
-CVE-2019-14365
-	RESERVED
+CVE-2019-14367 (Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An ...)
+	TODO: check
+CVE-2019-14366 (WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access T ...)
+	TODO: check
+CVE-2019-14365 (The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access T ...)
+	TODO: check
 CVE-2019-14364 (An XSS vulnerability in the "Email Subscribers &amp; Newsletters" plug ...)
 	NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
 CVE-2019-14363 (A stack-based buffer overflow in the upnpd binary running on NETGEAR W ...)
@@ -19136,6 +19146,7 @@ CVE-2019-11140 (Insufficient session validation in system firmware for Intel(R)
 	NOT-FOR-US: Intel
 CVE-2019-11139
 	RESERVED
+	{DSA-4565-1}
 	- intel-microcode 3.20191112.1
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html
 CVE-2019-11138
@@ -19146,7 +19157,7 @@ CVE-2019-11136
 	RESERVED
 CVE-2019-11135 [TSX Asynchronous Abort]
 	RESERVED
-	{DSA-4565-1 DSA-4564-1}
+	{DSA-4565-1 DSA-4564-1 DLA-1990-1 DLA-1989-1}
 	- linux 5.3.9-2
 	- intel-microcode 3.20191112.1
 	- xen <unfixed>
@@ -32888,8 +32899,8 @@ CVE-2019-6190
 	RESERVED
 CVE-2019-6189
 	RESERVED
-CVE-2019-6188
-	RESERVED
+CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
+	TODO: check
 CVE-2019-6187
 	RESERVED
 CVE-2019-6186
@@ -32920,12 +32931,12 @@ CVE-2019-6174
 	RESERVED
 CVE-2019-6173
 	RESERVED
-CVE-2019-6172
-	RESERVED
+CVE-2019-6172 (A potential vulnerability in the SMI callback function in some Lenovo  ...)
+	TODO: check
 CVE-2019-6171 (A vulnerability was reported in various BIOS versions of older ThinkPa ...)
 	NOT-FOR-US: Lenovo
-CVE-2019-6170
-	RESERVED
+CVE-2019-6170 (A potential vulnerability in some Lenovo ThinkPads may allow an attack ...)
+	TODO: check
 CVE-2019-6169 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
 	NOT-FOR-US: Lenovo Service Bridge
 CVE-2019-6168 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
@@ -34147,8 +34158,8 @@ CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerabilit
 	NOT-FOR-US: NVIDIA Virtual GPU Manager
 CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in  ...)
 	NOT-FOR-US: NVIDIA Virtual GPU Manager
-CVE-2019-5695
-	RESERVED
+CVE-2019-5695 (NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Dr ...)
+	TODO: check
 CVE-2019-5694 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
 	NOT-FOR-US: NVIDIA Windows GPU Display Driver
 CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
@@ -35159,8 +35170,8 @@ CVE-2019-5248
 	RESERVED
 CVE-2019-5247
 	RESERVED
-CVE-2019-5246
-	RESERVED
+CVE-2019-5246 (Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0 ...)
+	TODO: check
 CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulner ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) ve ...)
@@ -35185,18 +35196,18 @@ CVE-2019-5235
 	RESERVED
 CVE-2019-5234
 	RESERVED
-CVE-2019-5233
-	RESERVED
+CVE-2019-5233 (Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(S ...)
+	TODO: check
 CVE-2019-5232
 	RESERVED
-CVE-2019-5231
-	RESERVED
-CVE-2019-5230
-	RESERVED
-CVE-2019-5229
-	RESERVED
-CVE-2019-5228
-	RESERVED
+CVE-2019-5231 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E18 ...)
+	TODO: check
+CVE-2019-5230 (P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte ...)
+	TODO: check
+CVE-2019-5229 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E19 ...)
+	TODO: check
+CVE-2019-5228 (Certain detection module of P30, P30 Pro, Honor V20 smartphone whith V ...)
+	TODO: check
 CVE-2019-5227
 	RESERVED
 CVE-2019-5226
@@ -35225,8 +35236,8 @@ CVE-2019-5215 (There is a man-in-the-middle (MITM) vulnerability on Huawei P30 s
 	NOT-FOR-US: Huawei
 CVE-2019-5214 (There is a use after free vulnerability on certain driver component in ...)
 	NOT-FOR-US: Huawei
-CVE-2019-5213
-	RESERVED
+CVE-2019-5213 (Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0. ...)
+	TODO: check
 CVE-2019-5212
 	RESERVED
 CVE-2019-5211
@@ -46247,12 +46258,12 @@ CVE-2019-0156
 	RESERVED
 CVE-2019-0155
 	RESERVED
-	{DSA-4564-1}
+	{DSA-4564-1 DLA-1990-1}
 	- linux 5.3.9-2
 	[jessie] - linux <not-affected> (Driver doesn't support this hardware)
 CVE-2019-0154
 	RESERVED
-	{DSA-4564-1}
+	{DSA-4564-1 DLA-1990-1 DLA-1989-1}
 	- linux 5.3.9-2
 CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 m ...)
 	NOT-FOR-US: Intel(R) CSME