automatic update

6 files changed, 51 insertions, 49 deletions

diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 454f869138..000cbf1909 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -24,8 +24,7 @@ CVE-2005-4892
 	RESERVED
 CVE-2005-4891
 	RESERVED
-CVE-2005-4890 [login: tty hijacking possible in "su" via TIOCSTI ioctl]
-	RESERVED
+CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo  ...)
 	- shadow 1:4.1.5-1 (low; bug #628843)
 	[squeeze] - shadow <no-dsa> (Minor issue)
 	[lenny] - shadow <no-dsa> (Minor issue)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index a63dae54f6..65a38b960e 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -7661,8 +7661,7 @@ CVE-2013-4520 (xslt.c in libxslt before 1.1.25 allows context-dependent attacker
 	- libxslt <not-affected> (The versions in wheezy and squeeze contain the full patch)
 CVE-2013-4519 (Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1. ...)
 	- reviewboard <itp> (bug #653113)
-CVE-2013-4518
-	RESERVED
+CVE-2013-4518 (RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI enti ...)
 	NOT-FOR-US: Red Hat Update Infrastructure
 CVE-2013-4517 (Apache Santuario XML Security for Java before 1.5.6, when applying Tra ...)
 	- libxml-security-java 1.5.6-1 (bug #733938)
@@ -8007,8 +8006,7 @@ CVE-2013-4425 (The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when s
 	NOT-FOR-US: Osirix
 CVE-2013-4424 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Port ...)
 	NOT-FOR-US: GateIn
-CVE-2013-4423
-	RESERVED
+CVE-2013-4423 (CloudForms stores user passwords in recoverable format ...)
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 ...)
 	- quassel 0.9.1-1
@@ -8044,8 +8042,7 @@ CVE-2013-4414 (Cross-site scripting (XSS) vulnerability in the web interface for
 	NOT-FOR-US: Cumin
 CVE-2013-4413 (Directory traversal vulnerability in controller/concerns/render_redire ...)
 	NOT-FOR-US: Wicked Ruby Gem
-CVE-2013-4412 [NULL ptr dereference]
-	RESERVED
+CVE-2013-4412 (slim has NULL pointer dereference when using crypt() method from glibc ...)
 	- slim 1.3.6-0.1 (bug #725902)
 	[wheezy] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
 	[squeeze] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
@@ -8545,8 +8542,7 @@ CVE-2013-4282 (Stack-based buffer overflow in the reds_handle_ticket function in
 	NOTE: http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
 CVE-2013-4281
 	RESERVED
-CVE-2013-4280
-	RESERVED
+CVE-2013-4280 (Insecure temporary file vulnerability in RedHat vsdm 4.9.6. ...)
 	- vdsm <itp> (bug #668538)
 CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which  ...)
 	- imapsync <removed>
@@ -9159,23 +9155,17 @@ CVE-2013-4107
 CVE-2013-4106
 	RESERVED
 	NOT-FOR-US: Cryptocat
-CVE-2013-4105
-	RESERVED
+CVE-2013-4105 (Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information D ...)
 	NOT-FOR-US: Cryptocat
-CVE-2013-4104
-	RESERVED
+CVE-2013-4104 (Cryptocat before 2.0.22 has weak encryption in the Socialist Millionna ...)
 	NOT-FOR-US: Cryptocat
-CVE-2013-4103
-	RESERVED
+CVE-2013-4103 (Cryptocat before 2.0.22 has Remote Script Injection due to improperly  ...)
 	NOT-FOR-US: Cryptocat
-CVE-2013-4102
-	RESERVED
+CVE-2013-4102 (Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generat ...)
 	NOT-FOR-US: Cryptocat
-CVE-2013-4101
-	RESERVED
+CVE-2013-4101 (Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness ...)
 	NOT-FOR-US: Cryptocat
-CVE-2013-4100
-	RESERVED
+CVE-2013-4100 (Cryptocat before 2.0.22 has Remote Denial of Service via username ...)
 	NOT-FOR-US: Cryptocat
 CVE-2013-4099 (Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, ...)
 	NOT-FOR-US: JOGAMP
@@ -13600,23 +13590,17 @@ CVE-2013-2264 (The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.2
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-21013
 CVE-2013-2263 (Unspecified vulnerability in Citrix Access Gateway Standard Edition 5. ...)
 	NOT-FOR-US: Citrix Access Gateway
-CVE-2013-2262
-	RESERVED
+CVE-2013-2262 (Cryptocat strophe.js before 2.0.22 has information disclosure ...)
 	NOT-FOR-US: Cryptocat
-CVE-2013-2261
-	RESERVED
+CVE-2013-2261 (Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Informat ...)
 	NOT-FOR-US: Cryptocat
-CVE-2013-2260
-	RESERVED
+CVE-2013-2260 (Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Ent ...)
 	NOT-FOR-US: Cryptocat
-CVE-2013-2259
-	RESERVED
+CVE-2013-2259 (Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conver ...)
 	NOT-FOR-US: Cryptocat
-CVE-2013-2258
-	RESERVED
+CVE-2013-2258 (Cryptocat before 2.0.22 has Nickname User Impersonation ...)
 	NOT-FOR-US: Cryptocat
-CVE-2013-2257
-	RESERVED
+CVE-2013-2257 (Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brut ...)
 	NOT-FOR-US: Cryptocat
 CVE-2013-2256 (OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 do ...)
 	- nova 2013.1.2-3 (bug #718905)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 9e26c7602e..76e846ff5e 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -17326,8 +17326,7 @@ CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to caus
 CVE-2014-3650
 	RESERVED
 	NOT-FOR-US: JBoss AeroGear
-CVE-2014-3649
-	RESERVED
+CVE-2014-3649 (JBoss AeroGear has reflected XSS via the password field ...)
 	NOT-FOR-US: JBoss AeroGear
 CVE-2014-3648
 	RESERVED
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 09766e610b..d9f83a2dab 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -42261,7 +42261,7 @@ CVE-2017-3991
 CVE-2017-3990
 	REJECTED
 CVE-2017-3989
-	RESERVED
+	REJECTED
 CVE-2017-3988
 	RESERVED
 CVE-2017-3987
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 8fb9dcd941..b3882ef461 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -5828,8 +5828,8 @@ CVE-2018-19033
 	RESERVED
 CVE-2018-19032
 	RESERVED
-CVE-2018-19031
-	RESERVED
+CVE-2018-19031 (A command injection vulnerability exists when the authorized user pass ...)
+	TODO: check
 CVE-2018-19030
 	RESERVED
 CVE-2018-19029 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 9d48324584..5cc63f7d7d 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,4 +1,20 @@
-CVE-2019-18683 [media: vivid: Fix wrong locking that causes race conditions on streaming stop]
+CVE-2019-18684 (Sudo through 1.8.29 allows local users to escalate to root if they hav ...)
+	TODO: check
+CVE-2019-18682
+	RESERVED
+CVE-2019-18681
+	RESERVED
+CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195. Ther ...)
+	TODO: check
+CVE-2019-18679
+	RESERVED
+CVE-2019-18678
+	RESERVED
+CVE-2019-18677
+	RESERVED
+CVE-2019-18676
+	RESERVED
+CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the Linux k ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1
 CVE-2019-18675
@@ -25,8 +41,8 @@ CVE-2019-18665 (The Log module in SECUDOS DOMOS before 5.6 allows local file inc
 	NOT-FOR-US: SECUDOS DOMOS
 CVE-2019-18664 (The Log module in SECUDOS DOMOS before 5.6 allows XSS. ...)
 	NOT-FOR-US: SECUDOS DOMOS
-CVE-2019-18663
-	RESERVED
+CVE-2019-18663 (A SQL injection vulnerability in a /login/forgot1 POST request in ARP- ...)
+	TODO: check
 CVE-2019-18662 (An issue was discovered in YouPHPTube through 7.7. User input passed t ...)
 	NOT-FOR-US: YouPHPTube
 CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by ...)
@@ -6693,7 +6709,7 @@ CVE-2019-15712
 	RESERVED
 CVE-2019-15711
 	RESERVED
-CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.1 and below ...)
+CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, ...)
 	NOT-FOR-US: FortiExtender
 CVE-2019-15709
 	RESERVED
@@ -12152,10 +12168,10 @@ CVE-2019-13499
 	RESERVED
 CVE-2019-13498 (One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Trans ...)
 	NOT-FOR-US: One Identity Cloud Access Manager
-CVE-2019-13497
-	RESERVED
-CVE-2019-13496
-	RESERVED
+CVE-2019-13497 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF fo ...)
+	TODO: check
+CVE-2019-13496 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP byp ...)
+	TODO: check
 CVE-2019-13495
 	RESERVED
 CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0. ...)
@@ -25774,6 +25790,7 @@ CVE-2019-8772
 	RESERVED
 CVE-2019-8771
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -25782,6 +25799,7 @@ CVE-2019-8770
 	RESERVED
 CVE-2019-8769
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -25906,6 +25924,7 @@ CVE-2019-8721
 	RESERVED
 CVE-2019-8720
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -26230,6 +26249,7 @@ CVE-2019-8626
 	RESERVED
 CVE-2019-8625
 	RESERVED
+	{DSA-4558-1}
 	- webkit2gtk 2.26.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -44883,8 +44903,8 @@ CVE-2019-0352 (In SAP Business Objects Business Intelligence Platform, before ve
 	NOT-FOR-US: SAP
 CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...)
 	NOT-FOR-US: SAP
-CVE-2019-0350
-	RESERVED
+CVE-2019-0350 (SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker  ...)
+	TODO: check
 CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7. ...)
 	NOT-FOR-US: SAP
 CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence), ...)