automatic update

4 files changed, 69 insertions, 48 deletions

diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 756c077d8a..775bd71a59 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -7847,8 +7847,7 @@ CVE-2010-2245 (XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and
 CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in  ...)
 	{DSA-2086-1}
 	- avahi 0.6.26-1
-CVE-2010-2243 [timekeeping oops]
-	RESERVED
+CVE-2010-2243 (A vulnerability exists in kernel/time/clocksource.c in the Linux kerne ...)
 	- linux-2.6 2.6.32-11
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improp ...)
@@ -11600,19 +11599,16 @@ CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware S
 CVE-2010-XXXX [argyll unsafe udev rules]
 	- argyll <not-affected> (issue with redhat-specific changes to the package)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050
-CVE-2010-2473 [Blocked user session regeneration]
-	RESERVED
+CVE-2010-2473 (Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly b ...)
 	{DSA-2016-1}
 	- drupal6 6.18-1 (bug #592716)
-CVE-2010-2472 [Locale module cross site scripting]
-	RESERVED
+CVE-2010-2472 (Locale module and dependent contributed modules in Drupal 6.x before 6 ...)
 	{DSA-2016-1}
 	- drupal6 6.18-1 (bug #592716)
 CVE-2010-2471 (drupal6 version 6.16 has open redirection ...)
 	{DSA-2016-1}
 	- drupal6 6.18-1 (bug #592716)
-CVE-2010-2250 [Installation cross site scripting]
-	RESERVED
+CVE-2010-2250 (Drupal 6.x before 6.16 uses a user-supplied value in output during sit ...)
 	{DSA-2016-1}
 	- drupal6 6.18-1 (bug #592716)
 CVE-2010-XXXX [linux-ftpd: null ptr dereference]
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 18f7d0e16c..b3c208332b 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -6667,8 +6667,8 @@ CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-mi
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2808 (A stale layout root is set as an input element in WebKit in Google Chr ...)
 	TODO: check
-CVE-2011-2807
-	RESERVED
+CVE-2011-2807 (Incorrect handling of timer information in Timer.cpp in WebKit in Goog ...)
+	TODO: check
 CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly handle  ...)
 	- chromium-browser <not-affected> (It's in Windows-specific code)
 CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to bypass th ...)
@@ -7959,8 +7959,8 @@ CVE-2011-2355
 	RESERVED
 CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2011-2353
-	RESERVED
+CVE-2011-2353 (Use after free vulnerability in documentloader in WebKit in Google Chr ...)
+	TODO: check
 CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...)
@@ -8005,10 +8005,10 @@ CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-mi
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2011-2337
-	RESERVED
-CVE-2011-2336
-	RESERVED
+CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in Googl ...)
+	TODO: check
+CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...)
+	TODO: check
 CVE-2011-2335
 	RESERVED
 CVE-2011-2334
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 78f7bc0609..252fcea19c 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -16503,15 +16503,13 @@ CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does no
 	- apache2 2.2.22-1 (low)
 CVE-2012-0052 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3 ...)
 	NOT-FOR-US: JBoss Operations Network
-CVE-2012-0051
-	RESERVED
+CVE-2012-0051 (Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attacke ...)
 	- tahoe-lafs <not-affected> (Only affects 1.9.0, not uploaded to the archive)
 CVE-2012-0050 (OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, ...)
 	{DSA-2392-1}
 	- openssl 1.0.0g-1
 	NOTE: http://www.openssl.org/news/secadv/20120118.txt
-CVE-2012-0049
-	RESERVED
+CVE-2012-0049 (OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) t ...)
 	{DSA-2524-1}
 	- openttd 1.1.5-1 (low)
 	NOTE: http://vcs.openttd.org/svn/changeset/23764
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index e5866b7210..9d13535fd0 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,29 @@
+CVE-2019-18817
+	RESERVED
+CVE-2019-18816 (po-admin/route.php?mod=post&amp;act=edit in PopojiCMS 2.0.1 allows pos ...)
+	TODO: check
+CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...)
+	TODO: check
+CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There is a  ...)
+	TODO: check
+CVE-2019-18813 (A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc ...)
+	TODO: check
+CVE-2019-18812 (A memory leak in the sof_dfsentry_write() function in sound/soc/sof/de ...)
+	TODO: check
+CVE-2019-18811 (A memory leak in the sof_set_get_large_ctrl_data() function in sound/s ...)
+	TODO: check
+CVE-2019-18810 (A memory leak in the komeda_wb_connector_add() function in drivers/gpu ...)
+	TODO: check
+CVE-2019-18809 (A memory leak in the af9005_identify_state() function in drivers/media ...)
+	TODO: check
+CVE-2019-18808 (A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...)
+	TODO: check
+CVE-2019-18807 (Two memory leaks in the sja1105_static_config_upload() function in dri ...)
+	TODO: check
+CVE-2019-18806 (A memory leak in the ql_alloc_large_buffers() function in drivers/net/ ...)
+	TODO: check
+CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux ker ...)
+	TODO: check
 CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
 	- djvulibre <unfixed>
 	NOTE: https://sourceforge.net/p/djvu/bugs/309/
@@ -244,7 +270,7 @@ CVE-2019-18686
 	REJECTED
 CVE-2019-18685
 	REJECTED
-CVE-2019-18684 (Sudo through 1.8.29 allows local users to escalate to root if they hav ...)
+CVE-2019-18684 (** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to r ...)
 	- sudo <unfixed> (unimportant)
 	NOTE: https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd
 	NOTE: Issue is bogus and a non-security issue (confirmed by upstream and in progress
@@ -2548,10 +2574,10 @@ CVE-2019-17607 (HongCMS 3.0.0 has XSS via the install/index.php servername param
 	NOT-FOR-US: HongCMS
 CVE-2019-17606 (The Post editor functionality in the hexo-admin plugin versions 2.3.0  ...)
 	NOT-FOR-US: hexo-admin Node module
-CVE-2019-17605
-	RESERVED
-CVE-2019-17604
-	RESERVED
+CVE-2019-17605 (A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15  ...)
+	TODO: check
+CVE-2019-17604 (An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms e ...)
+	TODO: check
 CVE-2019-17603
 	RESERVED
 CVE-2019-17602 (An issue was discovered in Zoho ManageEngine OpManager before 12.4 bui ...)
@@ -2679,7 +2705,7 @@ CVE-2019-17553 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Inj
 	NOT-FOR-US: MetInfo
 CVE-2019-17552 (An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_ ...)
 	NOT-FOR-US: idreamsoft iCMS
-CVE-2019-17551 (Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5 allows XSS  ...)
+CVE-2019-17551 (In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an atta ...)
 	NOT-FOR-US: Apak Wholesale Floorplanning Finance
 CVE-2019-17550
 	RESERVED
@@ -2699,6 +2725,7 @@ CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL throug
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
 	NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1 (#684233)
 CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...)
+	{DLA-1984-1}
 	- gdal 2.4.2+dfsg-2
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
 	NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
@@ -3435,8 +3462,8 @@ CVE-2019-17224 (The web interface of the Compal Broadband CH7465LG modem (versio
 	NOT-FOR-US: Compal Broadband CH7465LG modem
 CVE-2019-17223 (There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 v ...)
 	- dolibarr <removed>
-CVE-2019-17222
-	RESERVED
+CVE-2019-17222 (An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is  ...)
+	TODO: check
 CVE-2019-17221 (PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as d ...)
 	- phantomjs <unfixed>
 	NOTE: https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/
@@ -4224,20 +4251,20 @@ CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rus
 	NOT-FOR-US: Rust linea crate
 CVE-2019-16879
 	RESERVED
-CVE-2019-16878
-	RESERVED
-CVE-2019-16877
-	RESERVED
-CVE-2019-16876
-	RESERVED
+CVE-2019-16878 (Portainer before 1.22.1 has XSS (issue 2 of 2). ...)
+	TODO: check
+CVE-2019-16877 (Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). ...)
+	TODO: check
+CVE-2019-16876 (Portainer before 1.22.1 allows Directory Traversal. ...)
+	TODO: check
 CVE-2019-16875
 	RESERVED
-CVE-2019-16874
-	RESERVED
-CVE-2019-16873
-	RESERVED
-CVE-2019-16872
-	RESERVED
+CVE-2019-16874 (Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). ...)
+	TODO: check
+CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue 1 of 2). ...)
+	TODO: check
+CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). ...)
+	TODO: check
 CVE-2019-16871
 	RESERVED
 CVE-2019-16870
@@ -15549,8 +15576,8 @@ CVE-2019-12333
 	RESERVED
 CVE-2019-12332
 	RESERVED
-CVE-2019-12331
-	RESERVED
+CVE-2019-12331 (PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner ...)
+	TODO: check
 CVE-2019-12330
 	RESERVED
 CVE-2019-12329
@@ -16388,8 +16415,8 @@ CVE-2019-11998
 	RESERVED
 CVE-2019-11997
 	RESERVED
-CVE-2019-11996
-	RESERVED
+CVE-2019-11996 (Potential security vulnerabilities have been identified with HPE Nimbl ...)
+	TODO: check
 CVE-2019-11995
 	RESERVED
 CVE-2019-11994
@@ -32022,8 +32049,8 @@ CVE-2019-6342
 CVE-2019-6340 (Some field types do not properly sanitize data from non-form sources i ...)
 	- drupal7 <not-affected> (Drupal 7 core not affected)
 	NOTE: https://www.drupal.org/sa-core-2019-003
-CVE-2019-6337
-	RESERVED
+CVE-2019-6337 (For the printers listed a maliciously crafted print file might cause c ...)
+	TODO: check
 CVE-2019-6336
 	RESERVED
 CVE-2019-6335 (A potential security vulnerability has been identified with Samsung La ...)
@@ -37969,8 +37996,8 @@ CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restri
 	NOT-FOR-US: EMC
 CVE-2019-3765 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...)
 	NOT-FOR-US: EMC
-CVE-2019-3764
-	RESERVED
+CVE-2019-3764 (Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior ...)
+	TODO: check
 CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
 	NOT-FOR-US: RSA
 CVE-2019-3762