automatic update

10 files changed, 153 insertions, 18 deletions

diff --git a/data/CVE/list.2008 b/data/CVE/list.2008
index 06824e3b56..88cbbb700c 100644
--- a/data/CVE/list.2008
+++ b/data/CVE/list.2008
@@ -1,3 +1,5 @@
+CVE-2008-7321
+	RESERVED
 CVE-2008-7320 (** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...)
 	- seahorse <unfixed> (unimportant)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774
diff --git a/data/CVE/list.2009 b/data/CVE/list.2009
index 3941088dac..c55ccacd3d 100644
--- a/data/CVE/list.2009
+++ b/data/CVE/list.2009
@@ -1,3 +1,5 @@
+CVE-2009-5158
+	RESERVED
 CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated command inj ...)
 	NOT-FOR-US: Linksys
 CVE-2009-5156 (An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Co ...)
diff --git a/data/CVE/list.2012 b/data/CVE/list.2012
index d2c3a04260..8167fd98f8 100644
--- a/data/CVE/list.2012
+++ b/data/CVE/list.2012
@@ -1,3 +1,5 @@
+CVE-2012-6716
+	RESERVED
 CVE-2012-6715 (The formbuilder plugin before 0.9.1 for WordPress has XSS via a Refere ...)
 	NOT-FOR-US: formbuilder plugin for WordPress
 CVE-2012-6714 (The count-per-day plugin before 3.2.3 for WordPress has XSS via search ...)
diff --git a/data/CVE/list.2013 b/data/CVE/list.2013
index f80084b150..06f4b3e96c 100644
--- a/data/CVE/list.2013
+++ b/data/CVE/list.2013
@@ -1,3 +1,17 @@
+CVE-2013-7483
+	RESERVED
+CVE-2013-7482
+	RESERVED
+CVE-2013-7481
+	RESERVED
+CVE-2013-7480
+	RESERVED
+CVE-2013-7479
+	RESERVED
+CVE-2013-7478
+	RESERVED
+CVE-2013-7477
+	RESERVED
 CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...)
 	NOT-FOR-US: simple-fields plugin for WordPress
 CVE-2013-7475 (The contact-form-plugin plugin before 3.52 for WordPress has XSS. ...)
diff --git a/data/CVE/list.2014 b/data/CVE/list.2014
index 992e8dceea..ecf6502cb2 100644
--- a/data/CVE/list.2014
+++ b/data/CVE/list.2014
@@ -1,3 +1,11 @@
+CVE-2014-10385
+	RESERVED
+CVE-2014-10384
+	RESERVED
+CVE-2014-10383
+	RESERVED
+CVE-2014-10382
+	RESERVED
 CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2014-10380 (The profile-builder plugin before 1.1.66 for WordPress has multiple XS ...)
diff --git a/data/CVE/list.2015 b/data/CVE/list.2015
index 12d07dabd4..929cd37c38 100644
--- a/data/CVE/list.2015
+++ b/data/CVE/list.2015
@@ -1,3 +1,13 @@
+CVE-2015-9337
+	RESERVED
+CVE-2015-9336
+	RESERVED
+CVE-2015-9335
+	RESERVED
+CVE-2015-9334
+	RESERVED
+CVE-2015-9333
+	RESERVED
 CVE-2015-9332 (The uninstall plugin before 1.2 for WordPress has CSRF to delete all t ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2015-9331 (The wp-all-import plugin before 3.2.4 for WordPress has no prevention  ...)
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016
index 87ad88c818..cc934a793b 100644
--- a/data/CVE/list.2016
+++ b/data/CVE/list.2016
@@ -1,3 +1,31 @@
+CVE-2016-10929
+	RESERVED
+CVE-2016-10928
+	RESERVED
+CVE-2016-10927
+	RESERVED
+CVE-2016-10926
+	RESERVED
+CVE-2016-10925
+	RESERVED
+CVE-2016-10924
+	RESERVED
+CVE-2016-10923
+	RESERVED
+CVE-2016-10922
+	RESERVED
+CVE-2016-10921
+	RESERVED
+CVE-2016-10920
+	RESERVED
+CVE-2016-10919
+	RESERVED
+CVE-2016-10918
+	RESERVED
+CVE-2016-10917
+	RESERVED
+CVE-2016-10916
+	RESERVED
 CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...)
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 50457aa165..186ed3bd87 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -1,3 +1,35 @@
+CVE-2017-18585
+	RESERVED
+CVE-2017-18584
+	RESERVED
+CVE-2017-18583
+	RESERVED
+CVE-2017-18582
+	RESERVED
+CVE-2017-18581
+	RESERVED
+CVE-2017-18580
+	RESERVED
+CVE-2017-18579
+	RESERVED
+CVE-2017-18578
+	RESERVED
+CVE-2017-18577
+	RESERVED
+CVE-2017-18576
+	RESERVED
+CVE-2017-18575
+	RESERVED
+CVE-2017-18574
+	RESERVED
+CVE-2017-18573
+	RESERVED
+CVE-2017-18572
+	RESERVED
+CVE-2017-18571
+	RESERVED
+CVE-2017-18570
+	RESERVED
 CVE-2017-18569 (The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2017-18568 (The my-wp-translate plugin before 1.0.4 for WordPress has XSS. ...)
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 7dd32b191e..2223477189 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -1,3 +1,19 @@
+CVE-2018-20986
+	RESERVED
+CVE-2018-20985
+	RESERVED
+CVE-2018-20984
+	RESERVED
+CVE-2018-20983
+	RESERVED
+CVE-2018-20982
+	RESERVED
+CVE-2018-20981
+	RESERVED
+CVE-2018-20980
+	RESERVED
+CVE-2018-20979
+	RESERVED
 CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2018-20977 (The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPre ...)
@@ -8763,8 +8779,8 @@ CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "py
 	NOTE: No real security impact. 3rd party requested CVE rejection
 CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...)
 	NOT-FOR-US: MDaemon Webmail
-CVE-2018-17791
-	RESERVED
+CVE-2018-17791 (Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an " ...)
+	TODO: check
 CVE-2018-17790 (Prospecta Master Data Online (MDO) 2.0 has Stored XSS. ...)
 	NOT-FOR-US: Prospecta Master Data Online (MDO)
 CVE-2018-17789
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index 5ef97808d5..fbb0f53788 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -1,3 +1,23 @@
+CVE-2019-15324
+	RESERVED
+CVE-2019-15323
+	RESERVED
+CVE-2019-15322
+	RESERVED
+CVE-2019-15321
+	RESERVED
+CVE-2019-15320
+	RESERVED
+CVE-2019-15319
+	RESERVED
+CVE-2019-15318
+	RESERVED
+CVE-2019-15317
+	RESERVED
+CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folder perm ...)
+	TODO: check
+CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...)
+	TODO: check
 CVE-2019-15314
 	RESERVED
 CVE-2019-15313
@@ -1192,6 +1212,7 @@ CVE-2019-14776
 CVE-2019-14775
 	RESERVED
 CVE-2019-12625 [clamav zip DoS]
+	RESERVED
 	- clamav <unfixed> (bug #934359)
 	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
 	[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
@@ -1401,10 +1422,10 @@ CVE-2019-14688
 	RESERVED
 CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
 	NOT-FOR-US: Trend Micro
-CVE-2019-14686
-	RESERVED
-CVE-2019-14685
-	RESERVED
+CVE-2019-14686 (A DLL hijacking vulnerability exists in the Trend Micro Security's 201 ...)
+	TODO: check
+CVE-2019-14685 (A local privilege escalation vulnerability exists in Trend Micro Secur ...)
+	TODO: check
 CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
 	NOT-FOR-US: Trend Micro
 CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...)
@@ -9031,12 +9052,12 @@ CVE-2019-11605
 	RESERVED
 CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management Appliance bef ...)
 	NOT-FOR-US: Quest KACE Systems Management Appliance
-CVE-2019-11603
-	RESERVED
-CVE-2019-11602
-	RESERVED
-CVE-2019-11601
-	RESERVED
+CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 ...)
+	TODO: check
+CVE-2019-11602 (Leakage of stack traces in remote access to backup &amp; restore in ea ...)
+	TODO: check
+CVE-2019-11601 (A directory traversal vulnerability in remote access to backup &amp; r ...)
+	TODO: check
 CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProject bef ...)
 	NOT-FOR-US: OpenProject
 CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an un ...)
@@ -11480,8 +11501,8 @@ CVE-2019-10689 (VVX products using UCS software version 5.9.2 and earlier with B
 	NOT-FOR-US: VVX products using UCS software
 CVE-2019-10688 (VVX products with software versions including and prior to, UCS 5.9.2  ...)
 	NOT-FOR-US: VVX products using UCS
-CVE-2019-10687
-	RESERVED
+CVE-2019-10687 (KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=r ...)
+	TODO: check
 CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo through 1. ...)
 	NOT-FOR-US: Ctrip Apollo
 CVE-2019-10685 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
@@ -23490,8 +23511,8 @@ CVE-2019-6179
 	RESERVED
 CVE-2019-6178 (An information leakage vulnerability in Iomega and LenovoEMC NAS produ ...)
 	NOT-FOR-US: Iomega and LenovoEMC NAS products
-CVE-2019-6177
-	RESERVED
+CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.003,  ...)
+	TODO: check
 CVE-2019-6176
 	RESERVED
 CVE-2019-6175
@@ -24814,8 +24835,8 @@ CVE-2019-5640
 	RESERVED
 CVE-2019-5639
 	RESERVED
-CVE-2019-5638
-	RESERVED
+CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...)
+	TODO: check
 CVE-2019-5637
 	RESERVED
 CVE-2019-5636