automatic update

6 files changed, 66 insertions, 47 deletions

diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index c6e61768a3..495d2f2295 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -41,8 +41,7 @@ CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer
 	- telepathy-idle 0.1.15-1 (low; bug #706094)
 	[wheezy] - telepathy-idle <no-dsa> (Minor issue)
 	[squeeze] - telepathy-idle <no-dsa> (Minor issue)
-CVE-2007-6745 [clamav floating point exception in OLE2 scanner DoS]
-	RESERVED
+CVE-2007-6745 (clamav 0.91.2 suffers from a floating point exception when using ScanO ...)
 	- clamav 0.91.2-1~volatile1
 	[etch] - clamav <not-affected> (Vulnerable code not present)
 	[sarge] - clamav <not-affected> (Vulnerable code not present)
@@ -2440,8 +2439,7 @@ CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before 2.4
 	- openoffice.org 2.4.0~ooh680m5-1
 CVE-2007-5744
 	RESERVED
-CVE-2007-5743
-	RESERVED
+CVE-2007-5743 (viewvc 1.0.3 allows improper access control to files in a repository w ...)
 	- viewvc 1.0.3-2.1 (bug #416696)
 CVE-2007-5742 (Directory traversal vulnerability in the WML engine preprocessor for W ...)
 	{DSA-1421-1 DTSA-90-1}
@@ -6773,8 +6771,7 @@ CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local
 	- skktools 1.2+0.20061004-3 (low)
 	[sarge] - skktools <no-dsa> (Minor issue)
 	[etch] - skktools <no-dsa> (Minor issue)
-CVE-2007-3915 [mondo insecure handling of temporary files]
-	RESERVED
+CVE-2007-3915 (Mondo 2.24 has insecure handling of temporary files. ...)
 	- mondo 2.24-2 (low)
 CVE-2007-3914
 	RESERVED
@@ -7233,8 +7230,7 @@ CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Moz
 	NOTE: MFSA2007-18
 CVE-2007-3733
 	RESERVED
-CVE-2007-3732
-	RESERVED
+CVE-2007-3732 (In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc cal ...)
 	- linux-2.6 2.6.23-1
 	NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1)
 CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid ...)
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index a5872700dc..42afa18ac2 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -938,8 +938,7 @@ CVE-2008-6919 (profileedit.php TaskDriver 1.3 and earlier allows remote attacker
 	NOT-FOR-US: TaskDriver 1.3
 CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in ThePort ...)
 	NOT-FOR-US: ThePortal2
-CVE-2008-7291 [gri: insecure temp file generation]
-	RESERVED
+CVE-2008-7291 (gri before 2.12.18 generates temporary files in an insecure way. ...)
 	- gri 2.12.18-1 (low)
 	[etch] - gri <no-dsa> (Minor issue)
 	[lenny] - gri <no-dsa> (Minor issue)
@@ -2691,8 +2690,7 @@ CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4
 	NOT-FOR-US: eChat plugin
 CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) compone ...)
 	NOT-FOR-US: Joomla!
-CVE-2008-7272 [iceweasel-firegpg: Passphrase and Cleartext Recovery]
-	RESERVED
+CVE-2008-7272 (FireGPG before 0.6 handle user&#8217;s passphrase and decrypted cleart ...)
 	- iceweasel-firegpg <removed> (bug #514386)
 CVE-2008-7273 [iceweasel-firegpg: Passphrase and Cleartext Recovery]
 	RESERVED
@@ -5092,8 +5090,7 @@ CVE-2008-5085
 	RESERVED
 CVE-2008-5084
 	RESERVED
-CVE-2008-5083
-	RESERVED
+CVE-2008-5083 (In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security  ...)
 	NOT-FOR-US: Red Hat JBoss Operations Network
 CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) componen ...)
 	NOT-FOR-US: Red Hat Certificate System
@@ -9462,8 +9459,7 @@ CVE-2008-3280
 	RESERVED
 CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...)
 	- brltty <not-affected> (RedHat-specific)
-CVE-2008-3278
-	RESERVED
+CVE-2008-3278 (frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Lin ...)
 	- frysk <removed>
 CVE-2008-3277 (Untrusted search path vulnerability in a certain Red Hat build script  ...)
 	- ibutils <not-affected> (RedHat-specific)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 775bd71a59..1aa3d10daa 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -7336,8 +7336,7 @@ CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enter
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through  ...)
 	- bugzilla <not-affected> (Only affects 3.5 to 3.7)
-CVE-2010-2476 [syscp open_basedir bypassing]
-	RESERVED
+CVE-2010-2476 (syscp 1.4.2.1 allows attackers to add arbitrary paths via the document ...)
 	- syscp <removed> (bug #587481)
 CVE-2010-2469 (The Linear eMerge 50 and 5000 uses a default password of eMerge for th ...)
 	NOT-FOR-US: Linear eMerge
@@ -9593,8 +9592,7 @@ CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9
 	NOT-FOR-US: IBM DB2
 CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) c ...)
 	NOT-FOR-US: com_sermonspeaker component for joomla!
-CVE-2010-2447 [gitolite "not filtering src/ or hooks/ from pathnames"]
-	RESERVED
+CVE-2010-2447 (gitolite before 1.4.1 does not filter src/ or hooks/ from path names. ...)
 	- gitolite 1.4.2-1 (low)
 	NOTE: http://secunia.com/advisories/39587/
 CVE-2010-2448 (znc.cpp in ZNC before 0.092 allows remote authenticated users to cause ...)
@@ -10201,8 +10199,7 @@ CVE-2010-1373 (Cross-site scripting (XSS) vulnerability in Help Viewer in Apple
 CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI  ...)
 	- sun-java6 6.20-1 (high)
 	[lenny] - sun-java6 6-20-0lenny1
-CVE-2010-2449 [gource: predictable log file located in /tmp]
-	RESERVED
+CVE-2010-2449 (Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID. ...)
 	- gource 0.26-2 (low; bug #577958)
 CVE-2010-1564
 	REJECTED
@@ -11585,8 +11582,7 @@ CVE-2010-XXXX [esmtp: world-readable config file]
 	NOTE: Documentation advises against adding password data to the respective config file
 CVE-2010-XXXX [irssi emote leak]
 	- irssi-plugin-otr 1.0.0~alpha2-1 (unimportant; bug #569506)
-CVE-2010-2450 [shibboleth-sp2: world-readable key]
-	RESERVED
+CVE-2010-2450 (The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/s ...)
 	- shibboleth-sp2 2.3.1+dfsg-2 (low; bug #571631)
 	[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
 	- shibboleth-sp <not-affected> (Vulnerable code not present)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index e1a1d8db26..a7aab11c99 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -15121,15 +15121,13 @@ CVE-2013-1812 (The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID pr
 	- ruby-openid 2.1.8debian-6 (bug #702217)
 	- libopenid-ruby <removed> (bug #702217)
 	[squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1
-CVE-2013-1811 [Reporter can change issue status to 'new']
-	RESERVED
+CVE-2013-1811 (An access control issue in MantisBT before 1.2.13 allows users with "R ...)
 	{DSA-3120-1}
 	- mantis <removed> (low; bug #698481)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 CVE-2013-1810 (Multiple cross-site scripting (XSS) vulnerabilities in core/summary_ap ...)
 	- mantis <not-affected> (only affects MantisBT 1.2.12)
-CVE-2013-1809 [Gambas creates hijackable directory in /tmp]
-	RESERVED
+CVE-2013-1809 (Gambas before 3.4.0 allows remote attackers to move or manipulate dire ...)
 	- gambas3 3.5.1-1 (low; bug #702184)
 	- gambas2 <removed>
 	[wheezy] - gambas3 <no-dsa> (Minor issue)
@@ -15237,8 +15235,7 @@ CVE-2013-1773 (Buffer overflow in the VFAT filesystem implementation in the Linu
 CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3.x bef ...)
 	- linux 3.2.39-1
 	- linux-2.6 <not-affected> (Vulnerability exposed since 3.0)
-CVE-2013-1771 [monkey: world-readable logdir]
-	RESERVED
+CVE-2013-1771 (The web server Monkeyd produces a world-readable log (/var/log/monkeyd ...)
 	- monkey <removed> (low)
 	[squeeze] - monkey <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/02/24/5
@@ -15309,8 +15306,7 @@ CVE-2013-1753
 	NOTE: preliminary patch: http://bugs.python.org/file28796/xmlrpc_gzip_27.patch
 CVE-2013-1752
 	REJECTED
-CVE-2013-1751
-	RESERVED
+CVE-2013-1751 (TWiki before 5.1.4 allows remote attackers to execute arbitrary shell  ...)
 	- twiki <removed>
 	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751
 CVE-2013-1750 (Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 ...)
@@ -16510,8 +16506,7 @@ CVE-2013-1430 (An issue was discovered in xrdp before 0.9.1. When successfully l
 	NOTE: ~/.vnc/sesman_${username}_passwd is created.  Its content is the
 	NOTE: equivalent of the users clear text password, DES encrypted with a known
 	NOTE: key.
-CVE-2013-1429 [Lintian unsafe symlinks]
-	RESERVED
+CVE-2013-1429 (Lintian before 2.5.12 allows remote attackers to gather information ab ...)
 	- lintian 2.5.10.5 (bug #705553; unimportant)
 CVE-2013-1428 (Stack-based buffer overflow in the receive_tcppacket function in net_p ...)
 	{DSA-2663-1}
@@ -16519,14 +16514,12 @@ CVE-2013-1428 (Stack-based buffer overflow in the receive_tcppacket function in
 CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighttpd before ...)
 	{DSA-2649-1}
 	- lighttpd 1.4.31-4
-CVE-2013-1426 [mahara: stored XSS in tinyMCE editor]
-	RESERVED
+CVE-2013-1426 (Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6 ...)
 	- mahara <removed> (low)
 	[wheezy] - mahara <no-dsa> (Minor issue)
 	[squeeze] - mahara <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/mahara/+bug/1153423
-CVE-2013-1425 [ldap-git-backup: Incorrect directory permissions exposes password hashes]
-	RESERVED
+CVE-2013-1425 (ldap-git-backup before 1.0.4 exposes password hashes due to incorrect  ...)
 	- ldap-git-backup 1.0.4-1 (bug #699227)
 CVE-2013-1424 [matplotlib buffer overrun]
 	RESERVED
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index bcd78715d9..bc162497f1 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -6644,8 +6644,8 @@ CVE-2018-18676 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject
 	NOT-FOR-US: GNU Board
 CVE-2018-18675 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
 	NOT-FOR-US: GNU Board
-CVE-2018-18674
-	RESERVED
+CVE-2018-18674 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
+	TODO: check
 CVE-2018-18673 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
 	NOT-FOR-US: GNU Board
 CVE-2018-18672 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index e36713bc72..8ba4d6f3b8 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,41 @@
+CVE-2019-18836
+	RESERVED
+CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...)
+	TODO: check
+CVE-2019-18834
+	RESERVED
+CVE-2019-18833
+	RESERVED
+CVE-2019-18832
+	RESERVED
+CVE-2019-18831
+	RESERVED
+CVE-2019-18830
+	RESERVED
+CVE-2019-18829
+	RESERVED
+CVE-2019-18828
+	RESERVED
+CVE-2019-18827
+	RESERVED
+CVE-2019-18826
+	RESERVED
+CVE-2019-18825
+	RESERVED
+CVE-2019-18824
+	RESERVED
+CVE-2019-18823
+	RESERVED
+CVE-2019-18822
+	RESERVED
+CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCu ...)
+	TODO: check
+CVE-2019-18820 (Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!Rtlp ...)
+	TODO: check
+CVE-2019-18819 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVe ...)
+	TODO: check
+CVE-2019-18818 (strapi before 3.0.0-beta.17.5 mishandles password resets within packag ...)
+	TODO: check
 CVE-2019-18817
 	RESERVED
 CVE-2019-18816 (po-admin/route.php?mod=post&amp;act=edit in PopojiCMS 2.0.1 allows pos ...)
@@ -5,7 +43,7 @@ CVE-2019-18816 (po-admin/route.php?mod=post&amp;act=edit in PopojiCMS 2.0.1 allo
 CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...)
 	NOT-FOR-US: PopojiCMS
 CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There is a  ...)
-	 - linux <unfixed>
+	- linux <unfixed>
 	NOTE: https://lore.kernel.org/patchwork/patch/1142523/
 CVE-2019-18813 (A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc ...)
 	- linux <unfixed>
@@ -933,6 +971,7 @@ CVE-2019-18398
 	RESERVED
 CVE-2019-18397
 	RESERVED
+	{DSA-4561-1}
 	- fribidi <unfixed> (bug #944327)
 	[stretch] - fribidi <not-affected> (Vulnerable code not present)
 	[jessie] - fribidi <not-affected> (Vulnerable code not present)
@@ -8644,8 +8683,8 @@ CVE-2019-15007
 	RESERVED
 CVE-2019-15006
 	RESERVED
-CVE-2019-15005
-	RESERVED
+CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior to versio ...)
+	TODO: check
 CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk Server and  ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk Server and  ...)
@@ -38644,8 +38683,7 @@ CVE-2019-3467
 	RESERVED
 CVE-2019-3466
 	RESERVED
-CVE-2019-3465
-	RESERVED
+CVE-2019-3465 (Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for exa ...)
 	{DSA-4560-1 DLA-1983-1}
 	- simplesamlphp 1.17.6-2 (bug #944107)
 	NOTE: https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ
@@ -38748,8 +38786,8 @@ CVE-2019-3424
 	RESERVED
 CVE-2019-3423
 	RESERVED
-CVE-2019-3422
-	RESERVED
+CVE-2019-3422 (Security researcher Shen Ying from the Sec Consult Security Lab report ...)
+	TODO: check
 CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3420