automatic update

2 files changed, 37 insertions, 22 deletions

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 207d1be343..a741328d2f 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -4266,12 +4266,12 @@ CVE-2020-29032 (Upload of Code Without Integrity Check vulnerability in firmware
 	NOT-FOR-US: Secomea GateManager
 CVE-2020-29031 (An Insecure Direct Object Reference vulnerability exists in the web UI ...)
 	NOT-FOR-US: GateManager
-CVE-2020-29030
-	RESERVED
-CVE-2020-29029
-	RESERVED
-CVE-2020-29028
-	RESERVED
+CVE-2020-29030 (Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea  ...)
+	TODO: check
+CVE-2020-29029 (Improper Input Validation, Cross-site Scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2020-29028 (Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateMan ...)
+	TODO: check
 CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...)
 	NOT-FOR-US: Secomea
 CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...)
@@ -4286,8 +4286,8 @@ CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManag
 	NOT-FOR-US: Secomea
 CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...)
 	NOT-FOR-US: GateManager
-CVE-2020-29020
-	RESERVED
+CVE-2020-29020 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
+	TODO: check
 CVE-2020-29019 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through  ...)
 	NOT-FOR-US: Fortiguard
 CVE-2020-29018 (A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allo ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 11da8f5044..ea1c62bcb4 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,19 @@
+CVE-2021-28049
+	RESERVED
+CVE-2021-28048
+	RESERVED
+CVE-2021-28047
+	RESERVED
+CVE-2021-28046
+	RESERVED
+CVE-2021-28045
+	RESERVED
+CVE-2021-28044
+	RESERVED
+CVE-2021-28043
+	RESERVED
+CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...)
+	TODO: check
 CVE-2021-3423
 	RESERVED
 CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...)
@@ -264,8 +280,7 @@ CVE-2021-27919
 	RESERVED
 CVE-2021-27918
 	RESERVED
-CVE-2021-3420
-	RESERVED
+CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...)
 	- newlib <unfixed> (bug #984446)
 	[buster] - newlib <no-dsa> (Minor issue)
 	- picolibc 1.5-1
@@ -974,8 +989,8 @@ CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, a
 	NOT-FOR-US: Directus
 CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...)
 	NOT-FOR-US: OpenID Connect server implementation for MITREid Connect
-CVE-2021-27581
-	RESERVED
+CVE-2021-27581 (The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL inject ...)
+	TODO: check
 CVE-2021-27580
 	RESERVED
 CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on  ...)
@@ -1642,14 +1657,14 @@ CVE-2021-27259
 	RESERVED
 CVE-2021-27258
 	RESERVED
-CVE-2021-27257
-	RESERVED
-CVE-2021-27256
-	RESERVED
-CVE-2021-27255
-	RESERVED
-CVE-2021-27254
-	RESERVED
+CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...)
+	TODO: check
+CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+	TODO: check
 CVE-2021-27253
 	RESERVED
 CVE-2021-27252
@@ -2653,8 +2668,8 @@ CVE-2021-26816
 	RESERVED
 CVE-2021-26815
 	RESERVED
-CVE-2021-26814
-	RESERVED
+CVE-2021-26814 (Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to e ...)
+	TODO: check
 CVE-2021-26813 (markdown2 &gt;=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...)
 	- python-markdown2 <unfixed>
 	NOTE: https://github.com/trentm/python-markdown2/pull/387