automatic update

5 files changed, 84 insertions, 74 deletions

diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 5aa7361057..fb3b5cee72 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -15662,8 +15662,8 @@ CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support (hooks/ljh
 CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
 	- geoip 1.3.17-1.1 (bug #406628; low)
 	[sarge] - geoip <no-dsa> (Minor issue)
-CVE-2007-0158
-	RESERVED
+CVE-2007-0158 (thttpd 2007 has buffer underflow. ...)
+	TODO: check
 CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for neo ...)
 	- neon26 0.26.2-3.1 (medium; bug #404723)
 	NOTE: neon25 doesn't have the uri_lookup macro
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 482282a10b..857c3a1e26 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -6343,8 +6343,8 @@ CVE-2013-5029 (phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers t
 	[wheezy] - phpmyadmin <no-dsa> (Backport not feasible and X-Frame-Options protection enough on any modern browser)
 CVE-2013-5028 (SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok In ...)
 	NOT-FOR-US: Kwok Information Server
-CVE-2013-5027
-	RESERVED
+CVE-2013-5027 (Collabtive 1.0 has incorrect access control ...)
+	TODO: check
 CVE-2013-5026 (An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.o ...)
 	NOT-FOR-US: National Instruments Lookout
 CVE-2013-5025 (An ActiveX control in exlauncher.dll in the Help subsystem in National ...)
@@ -6411,15 +6411,13 @@ CVE-2013-4987 (PineApp Mail-SeCure before 3.70 allows remote authenticated users
 	NOT-FOR-US: PinApp
 CVE-2013-4986 (Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 i ...)
 	NOT-FOR-US: PDFCool
-CVE-2013-4985
-	RESERVED
+CVE-2013-4985 (Multiple Vivotek IP Cameras remote authentication bypass that could al ...)
 	NOT-FOR-US: Vivotek IP Cameras
 CVE-2013-4984 (The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos ...)
 	NOT-FOR-US: Sophos Web Protection Appliance
 CVE-2013-4983 (The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appl ...)
 	NOT-FOR-US: Sophos Web Protection Appliance
-CVE-2013-4982
-	RESERVED
+CVE-2013-4982 (AVTECH AVN801 DVR has a security bypass via the administration login c ...)
 	NOT-FOR-US: AVTECH DVR
 CVE-2013-4981 (Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with f ...)
 	NOT-FOR-US: AVTECH DVR
@@ -6431,10 +6429,10 @@ CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlie
 	NOT-FOR-US: Aloaha PDF Suite
 CVE-2013-4977 (Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E I ...)
 	NOT-FOR-US: Hikvision IP camera
-CVE-2013-4976
-	RESERVED
-CVE-2013-4975
-	RESERVED
+CVE-2013-4976 (Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded cre ...)
+	TODO: check
+CVE-2013-4975 (Hikvision DS-2CD7153-E IP Camera has Privilege Escalation ...)
+	TODO: check
 CVE-2013-4974 (RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 throug ...)
 	NOT-FOR-US: RealPlayer
 CVE-2013-4973 (Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.5 ...)
@@ -6724,10 +6722,10 @@ CVE-2013-4870 (SQL injection vulnerability in the News Search (news_search) exte
 	NOT-FOR-US: TYPO3 extension news_search
 CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and  ...)
 	NOT-FOR-US: Cisco
-CVE-2013-4868
-	RESERVED
-CVE-2013-4867
-	RESERVED
+CVE-2013-4868 (Karotz API 12.07.19.00: Session Token Information Disclosure ...)
+	TODO: check
+CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module h ...)
+	TODO: check
 CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android h ...)
 	NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android
 CVE-2013-4865
@@ -6742,8 +6740,8 @@ CVE-2013-4861
 	RESERVED
 CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does n ...)
 	NOT-FOR-US: Radio Thermostat
-CVE-2013-4859
-	RESERVED
+CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...)
+	TODO: check
 CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remo ...)
 	NOT-FOR-US: Microsoft Windows Movie Maker
 CVE-2013-4857 (D-Link DIR-865L has PHP File Inclusion in the router xml file. ...)
@@ -6880,8 +6878,8 @@ CVE-2013-4798 (Unspecified vulnerability in HP LoadRunner before 11.52 allows re
 	NOT-FOR-US: HP LoadRunner
 CVE-2013-4797 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote  ...)
 	NOT-FOR-US: HP LoadRunner
-CVE-2013-4796
-	RESERVED
+CVE-2013-4796 (ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to r ...)
+	TODO: check
 CVE-2013-4795 (Cross-site scripting (XSS) vulnerability in the Submitters list in Rev ...)
 	- reviewboard <itp> (bug #653113)
 CVE-2013-4794
@@ -6948,10 +6946,10 @@ CVE-2013-4766 (The gather log service in Eucalyptus before 3.3.1 allows remote a
 	- eucalyptus <removed>
 CVE-2013-4765
 	RESERVED
-CVE-2013-4764
-	RESERVED
-CVE-2013-4763
-	RESERVED
+CVE-2013-4764 (Samsung Galaxy S3/S4 exposes an unprotected component allowing an unpr ...)
+	TODO: check
+CVE-2013-4763 (Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitra ...)
+	TODO: check
 CVE-2013-4762 (Puppet Enterprise before 3.0.1 does not sufficiently invalidate a sess ...)
 	- puppet <not-affected> (Only affects Puppet Enterprise)
 CVE-2013-4761 (Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x befo ...)
@@ -6997,8 +6995,8 @@ CVE-2013-4745 (SQL injection vulnerability in the My quiz and poll (myquizpoll)
 	NOT-FOR-US: My quiz and poll TYPO3 extension
 CVE-2013-4744 (Cross-site scripting (XSS) vulnerability in the PHPUnit extension befo ...)
 	NOT-FOR-US: PHPUnit TYPO3 extension
-CVE-2013-4743
-	RESERVED
+CVE-2013-4743 (Static HTTP Server 1.0 has a Local Overflow ...)
+	TODO: check
 CVE-2013-4742 (Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers ...)
 	NOT-FOR-US: SurgeFTP
 CVE-2013-4741
@@ -7102,16 +7100,16 @@ CVE-2013-4698 (Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users
 	NOT-FOR-US: Cybozu Mailwise
 CVE-2013-4697 (Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Managem ...)
 	NOT-FOR-US: Hitachi
-CVE-2013-4695
-	RESERVED
+CVE-2013-4695 (Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Exe ...)
+	TODO: check
 CVE-2013-4694 (Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Bu ...)
 	NOT-FOR-US: Winamp
-CVE-2013-4693
-	RESERVED
-CVE-2013-4692
-	RESERVED
-CVE-2013-4691
-	RESERVED
+CVE-2013-4693 (WordPress Xorbin Digital Flash Clock 1.0 has XSS ...)
+	TODO: check
+CVE-2013-4692 (Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS ...)
+	TODO: check
+CVE-2013-4691 (Sencha Labs Connect has XSS with connect.methodOverride() ...)
+	TODO: check
 CVE-2013-4690 (Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before  ...)
 	NOT-FOR-US: Juniper Junos
 CVE-2013-4689 (J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R befor ...)
@@ -7163,10 +7161,10 @@ CVE-2013-4667
 	RESERVED
 CVE-2013-4666
 	RESERVED
-CVE-2013-4665
-	RESERVED
-CVE-2013-4664
-	RESERVED
+CVE-2013-4665 (SPBAS Business Automation Software 2012 has CSRF. ...)
+	TODO: check
+CVE-2013-4664 (SPBAS Business Automation Software 2012 has XSS. ...)
+	TODO: check
 CVE-2013-4663 (git_http_controller.rb in the redmine_git_hosting plugin for Redmine a ...)
 	NOT-FOR-US: Redmine plugin redmine_git_hosting
 CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through  ...)
@@ -7261,8 +7259,8 @@ CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1
 	- polarssl 1.2.8-1 (low; bug #719954)
 CVE-2013-4622 (The 3G Mobile Hotspot feature on the HTC Droid Incredible has a defaul ...)
 	NOT-FOR-US: HTC Droid Incredible
-CVE-2013-4621
-	RESERVED
+CVE-2013-4621 (Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities ...)
+	TODO: check
 CVE-2013-4620 (Cross-site scripting (XSS) vulnerability in interface/main/onotes/offi ...)
 	NOT-FOR-US: OpenEMR
 CVE-2013-4619 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote a ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 871bd2d682..4bbac1070a 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -15055,8 +15055,8 @@ CVE-2014-4594 (Cross-site scripting (XSS) vulnerability in index.php in the Word
 	NOT-FOR-US: WordPress plugin Responsive Preview
 CVE-2014-4593 (Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php i ...)
 	NOT-FOR-US: WordPress plugin WP Plugin Manager
-CVE-2014-4592
-	RESERVED
+CVE-2014-4592 (Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_d ...)
+	TODO: check
 CVE-2014-4591 (Cross-site scripting (XSS) vulnerability in picasa_upload.php in the W ...)
 	NOT-FOR-US: WordPress plugin WP-Picasa-Image
 CVE-2014-4590 (Cross-site scripting (XSS) vulnerability in get.php in the WP Microblo ...)
@@ -15105,8 +15105,8 @@ CVE-2014-4569 (Cross-site scripting (XSS) vulnerability in ls/vv_login.php in th
 	NOT-FOR-US: WordPress plugin VideoWhisper Live Streaming Integration
 CVE-2014-4568 (Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logou ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2014-4567
-	RESERVED
+CVE-2014-4567 (Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_l ...)
+	TODO: check
 CVE-2014-4566 (Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2014-4565 (Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in t ...)
@@ -15121,10 +15121,10 @@ CVE-2014-4561
 	RESERVED
 CVE-2014-4560 (Cross-site scripting (XSS) vulnerability in includes/getTipo.php in th ...)
 	NOT-FOR-US: WordPress plugin ToolPage
-CVE-2014-4559
-	RESERVED
-CVE-2014-4558
-	RESERVED
+CVE-2014-4559 (Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php ...)
+	TODO: check
+CVE-2014-4558 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...)
+	TODO: check
 CVE-2014-4557 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...)
 	NOT-FOR-US: WordPress plugin Swipe Checkout for Jigoshop
 CVE-2014-4556 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...)
@@ -15143,16 +15143,16 @@ CVE-2014-4550
 	RESERVED
 CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplet ...)
 	NOT-FOR-US: WordPress plugin WooCommerce SagePay Direct Payment Gateway
-CVE-2014-4548
-	RESERVED
+CVE-2014-4548 (Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the R ...)
+	TODO: check
 CVE-2014-4547 (Multiple cross-site scripting (XSS) vulnerabilities in templates/defau ...)
 	NOT-FOR-US: WordPress plugin Rezgo Online Booking
 CVE-2014-4546 (Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo ...)
 	NOT-FOR-US: WordPress plugin Rezgo
 CVE-2014-4545 (Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php i ...)
 	NOT-FOR-US: WordPress plugin Pro Quoter
-CVE-2014-4544
-	RESERVED
+CVE-2014-4544 (Cross-site scripting (XSS) vulnerability in the Podcast Channels plugi ...)
+	TODO: check
 CVE-2014-4543 (Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.p ...)
 	NOT-FOR-US: WordPress plugin Pay Per Media Player
 CVE-2014-4542 (Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl  ...)
@@ -15161,14 +15161,14 @@ CVE-2014-4541 (Cross-site scripting (XSS) vulnerability in shortcode-generator/p
 	NOT-FOR-US: WordPress plugin OMFG Mobile Pro
 CVE-2014-4540 (Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_log ...)
 	NOT-FOR-US: WordPress plugin Oleggo LiveStream
-CVE-2014-4539
-	RESERVED
+CVE-2014-4539 (Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and  ...)
+	TODO: check
 CVE-2014-4538 (Cross-site scripting (XSS) vulnerability in process.php in the Malware ...)
 	NOT-FOR-US: WordPress plugin Malware Finder
 CVE-2014-4537 (Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyw ...)
 	NOT-FOR-US: WordPress plugin Keyword Strategy Internal Links
-CVE-2014-4536
-	RESERVED
+CVE-2014-4536 (Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_t ...)
+	TODO: check
 CVE-2014-4535
 	RESERVED
 CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/aut ...)
@@ -15189,20 +15189,20 @@ CVE-2014-4527 (Multiple cross-site scripting (XSS) vulnerabilities in paginas/vi
 	NOT-FOR-US: WordPress plugin envialosimple-email-marketing-y-newsletters-gratis
 CVE-2014-4526 (Multiple cross-site scripting (XSS) vulnerabilities in callback.php in ...)
 	NOT-FOR-US: WordPress plugin efence
-CVE-2014-4525
-	RESERVED
+CVE-2014-4525 (Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slas ...)
+	TODO: check
 CVE-2014-4524 (Cross-site scripting (XSS) vulnerability in classes/custom-image/media ...)
 	NOT-FOR-US: WordPress plugin WP Easy Post Types
-CVE-2014-4523
-	RESERVED
+CVE-2014-4523 (Cross-site scripting (XSS) vulnerability in the Easy Career Openings p ...)
+	TODO: check
 CVE-2014-4522 (Cross-site scripting (XSS) vulnerability in client-assist.php in the d ...)
 	NOT-FOR-US: WordPress plugin dsSearchAgent: WordPress Edition
 CVE-2014-4521 (Cross-site scripting (XSS) vulnerability in client-assist.php in the d ...)
 	NOT-FOR-US: WordPress plugin dsIDXpress IDX
 CVE-2014-4520 (Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA Wa ...)
 	NOT-FOR-US: WordPress plugin DMCA WaterMarker
-CVE-2014-4519
-	RESERVED
+CVE-2014-4519 (Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.6 ...)
+	TODO: check
 CVE-2014-4518 (Cross-site scripting (XSS) vulnerability in xd_resize.php in the Conta ...)
 	NOT-FOR-US: WordPress plugin Contact Form by ContactMe.com
 CVE-2014-4517 (Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the ...)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index eaebd4023e..074f07d94c 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -14461,10 +14461,10 @@ CVE-2016-6251
 	REJECTED
 CVE-2016-6248
 	RESERVED
-CVE-2016-1000029
-	RESERVED
-CVE-2016-1000028
-	RESERVED
+CVE-2016-1000029 (Tenable Nessus before 6.8 has a stored XSS issue that requires admin-l ...)
+	TODO: check
+CVE-2016-1000028 (Tenable Nessus before 6.8 has a stored XSS issue that requires admin-l ...)
+	TODO: check
 CVE-2016-6247 (OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of se ...)
 	NOT-FOR-US: OpenBSD kernel
 CVE-2016-6246 (OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount pri ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 8e855b9ff9..e5cda359fe 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,15 @@
+CVE-2019-20049 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A re ...)
+	TODO: check
+CVE-2019-20048 (An issue was discovered on Alcatel-Lucent OmniVista 8770 devices befor ...)
+	TODO: check
+CVE-2019-20047 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and  ...)
+	TODO: check
+CVE-2019-20046
+	RESERVED
+CVE-2019-20045
+	RESERVED
+CVE-2019-20044
+	RESERVED
 CVE-2019-20040
 	RESERVED
 CVE-2019-20039
@@ -58,7 +70,7 @@ CVE-2019-20018 (A stack-based buffer over-read was discovered in ReadNextCell in
 CVE-2019-20017 (A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5  ...)
 	- libmatio <unfixed>
 	NOTE: https://github.com/tbeu/matio/issues/127
-CVE-2019-20016 (libmysofa 0.9 does not properly restrict recursive function calls, as  ...)
+CVE-2019-20016 (libmysofa before 2019-11-24 does not properly restrict recursive funct ...)
 	- libmysofa 0.9~dfsg0-1
 	[buster] - libmysofa <no-dsa> (Minor issue)
 	NOTE: https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f
@@ -510,17 +522,17 @@ CVE-2019-19835
 	RESERVED
 CVE-2019-19834
 	RESERVED
-CVE-2019-20043
+CVE-2019-20043 (WordPress before 5.3.1 allowed an unauthenticated user to make a post  ...)
 	- wordpress <unfixed> (bug #946905)
 	NOTE: https://core.trac.wordpress.org/changeset/46893/trunk
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9
 	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
-CVE-2019-20042
+CVE-2019-20042 (WordPress before 5.3.1 allowed an attacker to create a cross-site scri ...)
 	- wordpress <unfixed> (bug #946905)
 	NOTE: https://core.trac.wordpress.org/changeset/46894/trunk
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d
 	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
-CVE-2019-20041
+CVE-2019-20041 (wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 ...)
 	- wordpress <unfixed> (bug #946905)
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53
 	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
@@ -665,8 +677,8 @@ CVE-2019-19783 (An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x befor
 	NOTE: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html#security-fixes
 CVE-2019-19782 (The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long  ...)
 	NOT-FOR-US: AceaXe Plus
-CVE-2019-19781
-	RESERVED
+CVE-2019-19781 (An issue was discovered in Citrix Application Delivery Controller (ADC ...)
+	TODO: check
 CVE-2019-19780
 	RESERVED
 CVE-2019-19779
@@ -7522,8 +7534,8 @@ CVE-2019-16898
 	REJECTED
 CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security  ...)
 	NOT-FOR-US: K7
-CVE-2019-16896
-	RESERVED
+CVE-2019-16896 (In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the ba ...)
+	TODO: check
 CVE-2019-16895
 	REJECTED
 CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through insecure dese ...)