automatic update

2 files changed, 58 insertions, 49 deletions

diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index e5555115d7..679a5d8e31 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,5 @@
+CVE-2007-6763
+	RESERVED
 CVE-2007-6762 (In the Linux kernel before 2.6.20, there is an off-by-one bug in net/n ...)
 	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
 	NOTE: https://git.kernel.org/linus/2a2f11c227bdf292b3a2900ad04139d301b56ac4
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 9a6a1598f1..043ca674a6 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,17 @@
+CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...)
+	TODO: check
+CVE-2019-14451
+	RESERVED
+CVE-2019-14450
+	RESERVED
+CVE-2019-14449
+	RESERVED
+CVE-2019-14448
+	RESERVED
+CVE-2019-14447
+	RESERVED
+CVE-2019-14446
+	RESERVED
 CVE-2019-14445
 	RESERVED
 CVE-2019-14444 (apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...)
@@ -3246,8 +3260,8 @@ CVE-2019-13028 (An incorrect implementation of a local web server in eID client
 	NOT-FOR-US: local web server in eID client (Product from the Ministry of Interior of the Slovak Republic)
 CVE-2019-13027 (Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has S ...)
 	NOT-FOR-US: Realization Concerto Critical Chain Planner
-CVE-2019-13026
-	RESERVED
+CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Inject ...)
+	TODO: check
 CVE-2019-13025
 	RESERVED
 CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web be ...)
@@ -10430,28 +10444,24 @@ CVE-2019-10166 [virDomainManagedSaveDefineXML API exposed to readonly clients]
 	NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720114
 	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=db0b78457f183e4c7ac45bc94de86044a1e2056a
-CVE-2019-10165
-	RESERVED
+CVE-2019-10165 (OpenShift Container Platform before version 4.1.3 writes OAuth tokens  ...)
 	NOT-FOR-US: OpenShift
 CVE-2019-10164 (PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are ...)
 	- postgresql-11 11.4-1
 	- postgresql-9.6 <not-affected> (Only affects 10.x and later)
 	- postgresql-9.4 <not-affected> (Only affects 10.x and later)
 	NOTE: https://www.postgresql.org/about/news/1949/
-CVE-2019-10163 [Denial of service via NOTIFY packets]
-	RESERVED
+CVE-2019-10163 (A Vulnerability has been found in PowerDNS Authoritative Server before ...)
 	{DSA-4470-1 DLA-1843-1}
 	- pdns 4.1.6-3
 	NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5
 	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html
-CVE-2019-10162 [Denial of service via crafted zone records]
-	RESERVED
+CVE-2019-10162 (A vulnerability has been found in PowerDNS Authoritative Server before ...)
 	{DSA-4470-1 DLA-1843-1}
 	- pdns 4.1.6-3
 	NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5
 	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html
-CVE-2019-10161 [arbitrary file read/exec via virDomainSaveImageGetXMLDesc API]
-	RESERVED
+CVE-2019-10161 (It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would ...)
 	{DSA-4469-1 DLA-1832-1}
 	- libvirt 5.0.0-4
 	NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
@@ -10480,8 +10490,7 @@ CVE-2019-10158
 	NOT-FOR-US: infinispan
 CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did  ...)
 	NOT-FOR-US: Keycloak
-CVE-2019-10156 [templating causing an unexpected key file to be set on remote node]
-	RESERVED
+CVE-2019-10156 (A flaw was discovered in the way Ansible templating was implemented in ...)
 	- ansible <unfixed> (low; bug #930065)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
@@ -10496,16 +10505,14 @@ CVE-2019-10155 (The Libreswan Project has found a vulnerability in the processin
 	NOTE: Not vulnerable: libreswan 3.29 and later, strongswan 5.0 and later, freeswan
 CVE-2019-10154 (A flaw was found in Moodle before versions 3.7, 3.6.4. A web service f ...)
 	- moodle <removed>
-CVE-2019-10153 [mis-handling of non-ASCII characters in guest comment fields]
-	RESERVED
+CVE-2019-10153 (A flaw was discovered in fence-agents, prior to version 4.3.4, where u ...)
 	- fence-agents 4.3.3-2 (low; bug #930887)
 	[stretch] - fence-agents <no-dsa> (Minor issue)
 	[jessie] - fence-agents <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1670460
 	NOTE: https://github.com/ClusterLabs/fence-agents/pull/255
 	NOTE: https://github.com/ClusterLabs/fence-agents/pull/272
-CVE-2019-10152
-	RESERVED
+CVE-2019-10152 (A path traversal vulnerability has been discovered in podman before ve ...)
 	NOT-FOR-US: Podman
 CVE-2019-10151
 	RESERVED
@@ -17585,19 +17592,19 @@ CVE-2019-7618
 	RESERVED
 CVE-2019-7617
 	RESERVED
-CVE-2019-7616
-	RESERVED
-CVE-2019-7615
-	RESERVED
-CVE-2019-7614
-	RESERVED
+CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side request f ...)
+	TODO: check
+CVE-2019-7615 (A TLS certificate validation flaw was found in Elastic APM agent for R ...)
+	TODO: check
+CVE-2019-7614 (A race condition flaw was found in the response headers Elasticsearch  ...)
+	TODO: check
 CVE-2019-7613 (Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient loggin ...)
 	NOT-FOR-US: Winlogbeat
 CVE-2019-7612 (A sensitive data disclosure flaw was found in the way Logstash version ...)
 	- logstash <itp> (bug #664841)
 CVE-2019-7611 (A permission issue was found in Elasticsearch versions before 5.6.15 a ...)
 	- elasticsearch <removed>
-CVE-2019-7610 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code exec ...)
+CVE-2019-7610 (Kibana versions before 6.6.1 contain an arbitrary code execution flaw  ...)
 	- kibana <itp> (bug #700337)
 CVE-2019-7609 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code exec ...)
 	- kibana <itp> (bug #700337)
@@ -22733,32 +22740,32 @@ CVE-2019-5461 [GitHub Integration SSRF]
 	RESERVED
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
-CVE-2019-5460
-	RESERVED
-CVE-2019-5459
-	RESERVED
-CVE-2019-5458
-	RESERVED
-CVE-2019-5457
-	RESERVED
-CVE-2019-5456
-	RESERVED
-CVE-2019-5455
-	RESERVED
-CVE-2019-5454
-	RESERVED
-CVE-2019-5453
-	RESERVED
-CVE-2019-5452
-	RESERVED
-CVE-2019-5451
-	RESERVED
-CVE-2019-5450
-	RESERVED
-CVE-2019-5449
-	RESERVED
-CVE-2019-5448
-	RESERVED
+CVE-2019-5460 (Double Free in VLC versions &lt;= 3.0.6 leads to a crash. ...)
+	TODO: check
+CVE-2019-5459 (An Integer underflow in VLC Media Player versions &lt; 3.0.7 leads to  ...)
+	TODO: check
+CVE-2019-5458 (Cross-site scripting (XSS) vulnerability in http-file-server (all vers ...)
+	TODO: check
+CVE-2019-5457 (Cross-site scripting (XSS) vulnerability in min-http-server (all versi ...)
+	TODO: check
+CVE-2019-5456 (SMTP MITM refers to a malicious actor setting up an SMTP proxy server  ...)
+	TODO: check
+CVE-2019-5455 (Bypassing lock protection exists in Nextcloud Android app 3.6.0 when c ...)
+	TODO: check
+CVE-2019-5454 (SQL Injection in the Nextcloud Android app prior to version 3.0.0 allo ...)
+	TODO: check
+CVE-2019-5453 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...)
+	TODO: check
+CVE-2019-5452 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...)
+	TODO: check
+CVE-2019-5451 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...)
+	TODO: check
+CVE-2019-5450 (Improper sanitization of HTML in directory names in the Nextcloud Andr ...)
+	TODO: check
+CVE-2019-5449 (A missing check in the Nextcloud Server prior to version 15.0.1 causes ...)
+	TODO: check
+CVE-2019-5448 (Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ...)
+	TODO: check
 CVE-2019-5447 (A path traversal vulnerability in &lt;= v0.2.6 of http-file-server npm ...)
 	NOT-FOR-US: http-file-server Node.js module
 CVE-2019-5446 (Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin  ...)