automatic update

5 files changed, 67 insertions, 64 deletions

diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index f77ca77177..02910271a1 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -2103,8 +2103,7 @@ CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moo
 	{DSA-1986-1}
 	- moodle 1.8.2.dfsg-6 (bug #559531)
 	NOTE: MSA-09-0022
-CVE-2009-5042 [docutils insecure usage of temporary files]
-	RESERVED
+CVE-2009-5042 (python-docutils allows insecure usage of temporary files ...)
 	- python-docutils 0.6-2 (low; bug #560755)
 	[etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5)
 	[lenny] - python-docutils 0.5-2+lenny1
@@ -4327,8 +4326,7 @@ CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does no
 	NOTE: This is an enhancement, not a security issue.
 	NOTE: A user must have access to a guest hard drive image in order to boot it,
 	NOTE: so he can simply mount the drive and remove the password option.
-CVE-2009-5041 [buffer overflow in overkill]
-	RESERVED
+CVE-2009-5041 (overkill has buffer overflow via long player names that can corrupt da ...)
 	- overkill 0.16-14.1 (bug #549310; low)
 	[lenny] - overkill <no-dsa> (Minor issue)
 	[etch] - overkill <no-dsa> (Minor issue)
@@ -5945,8 +5943,7 @@ CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are
 	- backuppc 3.1.0-8 (low; bug #542218)
 	[etch] - backuppc <not-affected> (No configuration GUI)
 	[lenny] - backuppc 3.1.0-4lenny2
-CVE-2009-5043 [burn: Insecure escaping of file names]
-	RESERVED
+CVE-2009-5043 (burn allows file names to escape via mishandled quotation marks ...)
 	- burn 0.4.5-1 (low; bug #542329)
 	[lenny] - burn 0.4.3-2.1+lenny1
 	[etch] - burn <no-dsa> (Minor issue)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index a397a915e5..7a4f57dffc 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -7306,8 +7306,7 @@ CVE-2010-2491 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roun
 	- roundup 1.4.13-3.1 (bug #590769)
 	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=326395
 	NOTE: http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
-CVE-2010-2490 [murmur DoS via malformed client query]
-	RESERVED
+CVE-2010-2490 (Mumble: murmur-server has DoS due to malformed client query ...)
 	- mumble 1.2.2-4 (bug #587713)
 	[lenny] - mumble <no-dsa> (Minor issue)
 	- qt4-x11 <not-affected> (low; bug #587713)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 7b80493b7a..b193da2fa7 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -14735,23 +14735,19 @@ CVE-2013-1936
 CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel package bef ...)
 	- linux <not-affected> (RHEL-specific backport regression)
 	- linux-2.6 <not-affected> (RHEL-specific backport regression)
-CVE-2013-1934 [mantis: XSS issue in adm_config_report.php when displaying complex value]
-	RESERVED
+CVE-2013-1934 (A cross-site scripting (XSS) vulnerability in the configuration report ...)
 	{DSA-3120-1}
 	- mantis <removed> (low; bug #717482)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb in the ...)
 	NOT-FOR-US: Karteek Docsplit Ruby Gem
-CVE-2013-1932 [mantis: XSS vulnerability on Configuration Report page]
-	RESERVED
+CVE-2013-1932 (A cross-site scripting (XSS) vulnerability in the configuration report ...)
 	- mantis <not-affected> (affects Mantis 1.2.13 only)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
-CVE-2013-1931 [mantis: XSS vulnerability when deleting a version]
-	RESERVED
+CVE-2013-1931 (A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows r ...)
 	- mantis <not-affected> (affects Mantis 1.2.14 only)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
-CVE-2013-1930 [mantis: Close button available to users despite workflow restrictions]
-	RESERVED
+CVE-2013-1930 (MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the wor ...)
 	- mantis <not-affected> (affects only Mantis 1.2.12 and later)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
 CVE-2013-1929 (Heap-based buffer overflow in the tg3_read_vpd function in drivers/net ...)
@@ -14820,8 +14816,7 @@ CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through
 	NOTE: http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=dc80672211
 CVE-2013-1911 (lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attack ...)
 	NOT-FOR-US: ldoce ruby gem
-CVE-2013-1910 [Not removing bad metadata and using it in next run]
-	RESERVED
+CVE-2013-1910 (yum does not properly handle bad metadata, which allows an attacker to ...)
 	- yum <unfixed> (unimportant)
 	NOTE: http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=c148eb10b798270b3d15087433c8efb2a79a69d0
 	NOTE: Only used for bootstraps of chroots, see README.Debian
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index ada58813ad..6c7081ec42 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,3 +1,5 @@
+CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...)
+	TODO: check
 CVE-2018-21029 (systemd 239 through 243 accepts any certificate signed by a trusted ce ...)
 	- systemd <unfixed>
 	[buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled by default)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index b64bff40e4..f0214200e5 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,19 @@
+CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via the url  ...)
+	TODO: check
+CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBu ...)
+	TODO: check
+CVE-2019-18655
+	RESERVED
+CVE-2019-18654
+	RESERVED
+CVE-2019-18653
+	RESERVED
+CVE-2019-18652
+	RESERVED
+CVE-2019-18651
+	RESERVED
+CVE-2019-18650
+	RESERVED
 CVE-2019-18649
 	RESERVED
 CVE-2019-18648
@@ -373,10 +389,10 @@ CVE-2019-18602 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an info
 CVE-2019-18603 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information l ...)
 	- openafs 1.8.5-1 (bug #943587)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt
-CVE-2019-18465
-	RESERVED
-CVE-2019-18464
-	RESERVED
+CVE-2019-18465 (In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has be ...)
+	TODO: check
+CVE-2019-18464 (In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 1 ...)
+	TODO: check
 CVE-2019-18463
 	RESERVED
 	[experimental] - gitlab 12.2.9-1
@@ -506,28 +522,22 @@ CVE-2019-18427
 	RESERVED
 CVE-2019-18426
 	RESERVED
-CVE-2019-18425 [missing descriptor table limit checking in x86 PV emulation]
-	RESERVED
+CVE-2019-18425 (An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-298.html
-CVE-2019-18424 [passed through PCI devices may corrupt host memory after deassignment]
-	RESERVED
+CVE-2019-18424 (An issue was discovered in Xen through 4.12.x allowing attackers to ga ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-302.html
-CVE-2019-18423 [add-to-physmap can be abused to DoS Arm hosts]
-	RESERVED
+CVE-2019-18423 (An issue was discovered in Xen through 4.12.x allowing ARM guest OS us ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-301.html
-CVE-2019-18422 [ARM: Interrupts are unconditionally unmasked in exception handlers]
-	RESERVED
+CVE-2019-18422 (An issue was discovered in Xen through 4.12.x allowing ARM guest OS us ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-303.html
-CVE-2019-18421 [Issues with restartable PV type change operations]
-	RESERVED
+CVE-2019-18421 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-299.html
-CVE-2019-18420 [VCPUOP_initialise DoS]
-	RESERVED
+CVE-2019-18420 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-296.html
 CVE-2019-18419 (A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB  ...)
@@ -633,26 +643,26 @@ CVE-2019-18371 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.2
 	NOT-FOR-US: Xiaomi
 CVE-2019-18370 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...)
 	NOT-FOR-US: Xiaomi
-CVE-2019-18369
-	RESERVED
-CVE-2019-18368
-	RESERVED
-CVE-2019-18367
-	RESERVED
-CVE-2019-18366
-	RESERVED
-CVE-2019-18365
-	RESERVED
-CVE-2019-18364
-	RESERVED
-CVE-2019-18363
-	RESERVED
-CVE-2019-18362
-	RESERVED
-CVE-2019-18361
-	RESERVED
-CVE-2019-18360
-	RESERVED
+CVE-2019-18369 (In JetBrains YouTrack before 2019.2.55152, removing tags from the issu ...)
+	TODO: check
+CVE-2019-18368 (In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escal ...)
+	TODO: check
+CVE-2019-18367 (In JetBrains TeamCity before 2019.1.2, a non-destructive operation cou ...)
+	TODO: check
+CVE-2019-18366 (In JetBrains TeamCity before 2019.1.2, secure values could be exposed  ...)
+	TODO: check
+CVE-2019-18365 (In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible ...)
+	TODO: check
+CVE-2019-18364 (In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization c ...)
+	TODO: check
+CVE-2019-18363 (In JetBrains TeamCity before 2019.1.2, access could be gained to the h ...)
+	TODO: check
+CVE-2019-18362 (JetBrains MPS before 2019.2.2 exposed listening ports to the network. ...)
+	TODO: check
+CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user privilege esca ...)
+	TODO: check
+CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username enumerat ...)
+	TODO: check
 CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...)
 	- mp3gain <removed>
 CVE-2019-18358
@@ -5258,8 +5268,8 @@ CVE-2019-16253 (The Text-to-speech Engine (aka SamsungTTS) application before 3.
 	NOT-FOR-US: Samsung
 CVE-2019-16252
 	RESERVED
-CVE-2019-16251
-	RESERVED
+CVE-2019-16251 (plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework thro ...)
+	TODO: check
 CVE-2019-16250 (includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for ...)
 	NOT-FOR-US: Ocean Extra plugin for WordPress
 CVE-2019-16249 (OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core ...)
@@ -10012,8 +10022,8 @@ CVE-2019-14358
 	RESERVED
 CVE-2019-14357 (** DISPUTED ** On Mooltipass Mini devices, a side channel for the row- ...)
 	NOT-FOR-US: Mooltipass Mini devices
-CVE-2019-14356
-	RESERVED
+CVE-2019-14356 (** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the ...)
+	TODO: check
 CVE-2019-14355 (** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the r ...)
 	NOT-FOR-US: ShapeShift KeepKey devices
 CVE-2019-14354 (On Ledger Nano S and Nano X devices, a side channel for the row-based  ...)
@@ -14414,8 +14424,8 @@ CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerabil
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec
 CVE-2019-12613
 	REJECTED
-CVE-2019-12612
-	RESERVED
+CVE-2019-12612 (An issue was discovered in Bitdefender BOX firmware versions before 2. ...)
+	TODO: check
 CVE-2019-12611 (An issue was discovered in Bitdefender BOX firmware versions before 2. ...)
 	NOT-FOR-US: Bitdefender BOX firmware
 CVE-2019-12610
@@ -38296,12 +38306,12 @@ CVE-2019-3423
 	RESERVED
 CVE-2019-3422
 	RESERVED
-CVE-2019-3421
-	RESERVED
+CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
+	TODO: check
 CVE-2019-3420
 	RESERVED
-CVE-2019-3419
-	RESERVED
+CVE-2019-3419 (A security vulnerability exists in a management port in the version of ...)
+	TODO: check
 CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3417 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)