automatic update

3 files changed, 54 insertions, 58 deletions

diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index c218530496..189351bf18 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -369,8 +369,7 @@ CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function
 	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
 CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache  ...)
 	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
-CVE-2009-5004
-	RESERVED
+CVE-2009-5004 (qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 m ...)
 	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
 CVE-2009-5003 (SQL injection vulnerability in click.php in e-soft24 Banner Exchange S ...)
 	NOT-FOR-US: e-soft24 Banner Exchange Script
@@ -2738,8 +2737,7 @@ CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x th
 CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow contex ...)
 	{DSA-1971-1}
 	- libthai 0.1.13-1
-CVE-2009-4011 [dtc-xen race condition]
-	RESERVED
+CVE-2009-4011 (dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an atta ...)
 	- dtc-xen 0.5.4-1
 	[lenny] - dtc-xen <not-affected> (Only affects 0.5.x)
 CVE-2009-4010 (Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows r ...)
@@ -3975,8 +3973,7 @@ CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and
 	{DSA-1932-1}
 	- pidgin 2.6.3-1
 	NOTE: http://pidgin.im/news/security/?id=41
-CVE-2009-3614 [oping suid 0 arbitrary file disclosure]
-	RESERVED
+CVE-2009-3614 (liboping 1.3.2 allows users reading arbitrary files upon the local sys ...)
 	- liboping 1.3.3-1 (low; bug #548684)
 	[lenny] - liboping <not-affected> (doesn't have -f option yet)
 	[etch] - liboping <not-affected> (doesn't have -f option yet)
@@ -4240,8 +4237,7 @@ CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor hand
 	[lenny] - cups <no-dsa> (Minor issue)
 	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
 	NOTE: http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
-CVE-2009-3552
-	RESERVED
+CVE-2009-3552 (In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not ver ...)
 	NOT-FOR-US: Red Hat Enterprise Virtualization Manager
 CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in packet-sm ...)
 	- wireshark 1.2.3-1 (low; bug #553583)
@@ -6140,8 +6136,7 @@ CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to ex ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2009-2802
-	RESERVED
+CVE-2009-2802 (MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME ty ...)
 	- mantis <not-affected> (Only affects 1.2.x)
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
 	NOTE: http://www.mantisbt.org/blog/?p=113
@@ -13552,8 +13547,7 @@ CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19
 CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in proxy/libvirt ...)
 	- libvirt 0.5.1-7 (unimportant)
 	NOTE: not building libvirt proxy from libvirt source package
-CVE-2009-0035 [alsainfo insecure temp file usage]
-	RESERVED
+CVE-2009-0035 (alsa-utils 1.0.19 and later versions allows local users to overwrite a ...)
 	- alsa-driver 1.0.20-1 (unimportant)
 	NOTE: alsainfo not built into source package
 CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret  ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 052df7e135..9b464a4bc7 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -50487,8 +50487,8 @@ CVE-2018-1723 (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 an
 	NOT-FOR-US: IBM
 CVE-2018-1722 (IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow  ...)
 	NOT-FOR-US: IBM
-CVE-2018-1721
-	RESERVED
+CVE-2018-1721 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Ent ...)
+	TODO: check
 CVE-2018-1720 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0 ...)
 	NOT-FOR-US: IBM
 CVE-2018-1719 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 6fce43fd03..15e3265e4a 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,5 @@
+CVE-2019-18838
+	RESERVED
 CVE-2019-18837
 	RESERVED
 CVE-2019-18836
@@ -12455,16 +12457,16 @@ CVE-2019-13537
 	RESERVED
 CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-bas ...)
 	NOT-FOR-US: Delta Electronics TPEditor
-CVE-2019-13535
-	RESERVED
+CVE-2019-13535 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0  ...)
+	TODO: check
 CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
 	NOT-FOR-US: Philips
 CVE-2019-13533
 	RESERVED
 CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
 	NOT-FOR-US: CODESYS
-CVE-2019-13531
-	RESERVED
+CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0  ...)
+	TODO: check
 CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
 	NOT-FOR-US: Philips
 CVE-2019-13529 (An attacker could send a malicious link to an authenticated operator,  ...)
@@ -33739,32 +33741,32 @@ CVE-2019-5703
 	RESERVED
 CVE-2019-5702
 	RESERVED
-CVE-2019-5701
-	RESERVED
+CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...)
+	TODO: check
 CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software con ...)
 	NOT-FOR-US: NVIDIA Shield TV Experience
 CVE-2019-5699 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader c ...)
 	NOT-FOR-US: NVIDIA Shield TV Experience
-CVE-2019-5698
-	RESERVED
-CVE-2019-5697
-	RESERVED
-CVE-2019-5696
-	RESERVED
+CVE-2019-5698 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in  ...)
+	TODO: check
+CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in  ...)
+	TODO: check
+CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in  ...)
+	TODO: check
 CVE-2019-5695
 	RESERVED
-CVE-2019-5694
-	RESERVED
-CVE-2019-5693
-	RESERVED
-CVE-2019-5692
-	RESERVED
-CVE-2019-5691
-	RESERVED
-CVE-2019-5690
-	RESERVED
-CVE-2019-5689
-	RESERVED
+CVE-2019-5694 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+	TODO: check
+CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+	TODO: check
+CVE-2019-5692 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+	TODO: check
+CVE-2019-5691 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+	TODO: check
+CVE-2019-5690 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+	TODO: check
+CVE-2019-5689 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...)
+	TODO: check
 CVE-2019-5688
 	RESERVED
 CVE-2019-5687 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
@@ -36050,8 +36052,8 @@ CVE-2019-4647
 	RESERVED
 CVE-2019-4646
 	RESERVED
-CVE-2019-4645
-	RESERVED
+CVE-2019-4645 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
+	TODO: check
 CVE-2019-4644
 	RESERVED
 CVE-2019-4643
@@ -36178,8 +36180,8 @@ CVE-2019-4583
 	RESERVED
 CVE-2019-4582
 	RESERVED
-CVE-2019-4581
-	RESERVED
+CVE-2019-4581 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
+	TODO: check
 CVE-2019-4580
 	RESERVED
 CVE-2019-4579
@@ -36228,8 +36230,8 @@ CVE-2019-4558 (A security vulnerability has been identified in all levels of IBM
 	NOT-FOR-US: IBM
 CVE-2019-4557
 	RESERVED
-CVE-2019-4556
-	RESERVED
+CVE-2019-4556 (IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting fo ...)
+	TODO: check
 CVE-2019-4555
 	RESERVED
 CVE-2019-4554
@@ -36322,8 +36324,8 @@ CVE-2019-4511
 	RESERVED
 CVE-2019-4510
 	RESERVED
-CVE-2019-4509
-	RESERVED
+CVE-2019-4509 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authoriza ...)
+	TODO: check
 CVE-2019-4508
 	RESERVED
 CVE-2019-4507
@@ -36400,8 +36402,8 @@ CVE-2019-4472
 	RESERVED
 CVE-2019-4471
 	RESERVED
-CVE-2019-4470
-	RESERVED
+CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
+	TODO: check
 CVE-2019-4469
 	RESERVED
 CVE-2019-4468
@@ -36432,16 +36434,16 @@ CVE-2019-4456 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 5.0.5 and
 	NOT-FOR-US: IBM
 CVE-2019-4455
 	RESERVED
-CVE-2019-4454
-	RESERVED
+CVE-2019-4454 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
+	TODO: check
 CVE-2019-4453
 	RESERVED
 CVE-2019-4452
 	RESERVED
 CVE-2019-4451
 	RESERVED
-CVE-2019-4450
-	RESERVED
+CVE-2019-4450 (IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. T ...)
+	TODO: check
 CVE-2019-4449
 	RESERVED
 CVE-2019-4448 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1 ...)
@@ -36516,10 +36518,10 @@ CVE-2019-4414
 	RESERVED
 CVE-2019-4413
 	RESERVED
-CVE-2019-4412
-	RESERVED
-CVE-2019-4411
-	RESERVED
+CVE-2019-4412 (IBM Cognos Controller stores sensitive information in URL parameters.  ...)
+	TODO: check
+CVE-2019-4411 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow a ...)
+	TODO: check
 CVE-2019-4410 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19. ...)
 	NOT-FOR-US: IBM
 CVE-2019-4409 (HCL Traveler versions 9.x and earlier are susceptible to cross-site sc ...)
@@ -36672,8 +36674,8 @@ CVE-2019-4336 (IBM Robotic Process Automation with Automation Anywhere 11 uses a
 	NOT-FOR-US: IBM
 CVE-2019-4335
 	RESERVED
-CVE-2019-4334
-	RESERVED
+CVE-2019-4334 (IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information  ...)
+	TODO: check
 CVE-2019-4333
 	RESERVED
 CVE-2019-4332