automatic update

3 files changed, 166 insertions, 31 deletions

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 8ffead51c4..3299d0e91f 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -2,8 +2,8 @@ CVE-2018-25006
 	RESERVED
 CVE-2018-25005
 	RESERVED
-CVE-2018-25004
-	RESERVED
+CVE-2018-25004 (A user authorized to performing a specific type of query may trigger a ...)
+	TODO: check
 CVE-2018-25003
 	RESERVED
 CVE-2018-25002 (uploader.php in the KCFinder integration project through 2018-06-01 fo ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index f1cf4fba94..b9401995f9 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -39,8 +39,8 @@ CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used
 	[stretch] - gnome-autoar <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7
-CVE-2020-36240
-	RESERVED
+CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...)
+	TODO: check
 CVE-2020-36239
 	RESERVED
 CVE-2020-36238
@@ -38283,7 +38283,7 @@ CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb (regression fix)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17 (regression fix)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79 (regression fix)
-CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...)
+CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google Exposure Not ...)
 	NOT-FOR-US: Apple/Google Exposure Notification API
 CVE-2020-13701
 	RESERVED
@@ -48927,8 +48927,7 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is
 	NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c
 CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...)
 	- apache-spark <itp> (bug #802194)
-CVE-2020-9479
-	RESERVED
+CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow files to  ...)
 	NOT-FOR-US: Apache AsterixDB
 CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection  ...)
 	NOT-FOR-US: Rubrik
@@ -52608,8 +52607,8 @@ CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template pr
 	NOT-FOR-US: JFrog Artifactory
 CVE-2020-7930
 	RESERVED
-CVE-2020-7929
-	RESERVED
+CVE-2020-7929 (A user authorized to perform database queries may trigger denial of se ...)
+	TODO: check
 CVE-2020-7928 (A user authorized to perform database queries may trigger a read overr ...)
 	- mongodb <removed>
 	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 85b51ff15c..5ed3c4c835 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,141 @@
+CVE-2021-3418
+	RESERVED
+CVE-2021-27875
+	RESERVED
+CVE-2021-27874
+	RESERVED
+CVE-2021-27873
+	RESERVED
+CVE-2021-27872
+	RESERVED
+CVE-2021-27871
+	RESERVED
+CVE-2021-27870
+	RESERVED
+CVE-2021-27869
+	RESERVED
+CVE-2021-27868
+	RESERVED
+CVE-2021-27867
+	RESERVED
+CVE-2021-27866
+	RESERVED
+CVE-2021-27865
+	RESERVED
+CVE-2021-27864
+	RESERVED
+CVE-2021-27863
+	RESERVED
+CVE-2021-27862
+	RESERVED
+CVE-2021-27861
+	RESERVED
+CVE-2021-27860
+	RESERVED
+CVE-2021-27859
+	RESERVED
+CVE-2021-27858
+	RESERVED
+CVE-2021-27857
+	RESERVED
+CVE-2021-27856
+	RESERVED
+CVE-2021-27855
+	RESERVED
+CVE-2021-27854
+	RESERVED
+CVE-2021-27853
+	RESERVED
+CVE-2021-27852
+	RESERVED
+CVE-2021-27851
+	RESERVED
+CVE-2021-27850
+	RESERVED
+CVE-2021-27849
+	RESERVED
+CVE-2021-27848
+	RESERVED
+CVE-2021-27847
+	RESERVED
+CVE-2021-27846
+	RESERVED
+CVE-2021-27845
+	RESERVED
+CVE-2021-27844
+	RESERVED
+CVE-2021-27843
+	RESERVED
+CVE-2021-27842
+	RESERVED
+CVE-2021-27841
+	RESERVED
+CVE-2021-27840
+	RESERVED
+CVE-2021-27839
+	RESERVED
+CVE-2021-27838
+	RESERVED
+CVE-2021-27837
+	RESERVED
+CVE-2021-27836
+	RESERVED
+CVE-2021-27835
+	RESERVED
+CVE-2021-27834
+	RESERVED
+CVE-2021-27833
+	RESERVED
+CVE-2021-27832
+	RESERVED
+CVE-2021-27831
+	RESERVED
+CVE-2021-27830
+	RESERVED
+CVE-2021-27829
+	RESERVED
+CVE-2021-27828
+	RESERVED
+CVE-2021-27827
+	RESERVED
+CVE-2021-27826
+	RESERVED
+CVE-2021-27825
+	RESERVED
+CVE-2021-27824
+	RESERVED
+CVE-2021-27823
+	RESERVED
+CVE-2021-27822
+	RESERVED
+CVE-2021-27821
+	RESERVED
+CVE-2021-27820
+	RESERVED
+CVE-2021-27819
+	RESERVED
+CVE-2021-27818
+	RESERVED
+CVE-2021-27817
+	RESERVED
+CVE-2021-27816
+	RESERVED
+CVE-2021-27815
+	RESERVED
+CVE-2021-27814
+	RESERVED
+CVE-2021-27813
+	RESERVED
+CVE-2021-27812
+	RESERVED
+CVE-2021-27811
+	RESERVED
+CVE-2021-27810
+	RESERVED
+CVE-2021-27809
+	RESERVED
+CVE-2021-27808
+	RESERVED
 CVE-2021-27807
 	RESERVED
 CVE-2021-27806
@@ -4253,8 +4391,8 @@ CVE-2021-25916
 	RESERVED
 CVE-2021-25915
 	RESERVED
-CVE-2021-25914
-	RESERVED
+CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0  ...)
+	TODO: check
 CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version 1.0.0 throug ...)
 	NOT-FOR-US: Node set-or-get
 CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...)
@@ -4580,16 +4718,16 @@ CVE-2021-25835 (Cosmos Network Ethermint &lt;= v0.4.0 is affected by a cross-cha
 	NOT-FOR-US: Cosmos Network Ethermint
 CVE-2021-25834 (Cosmos Network Ethermint &lt;= v0.4.0 is affected by a transaction rep ...)
 	NOT-FOR-US: Cosmos Network Ethermint
-CVE-2021-25833
-	RESERVED
-CVE-2021-25832
-	RESERVED
-CVE-2021-25831
-	RESERVED
-CVE-2021-25830
-	RESERVED
-CVE-2021-25829
-	RESERVED
+CVE-2021-25833 (A file extension handling issue was found in [server] module of ONLYOF ...)
+	TODO: check
+CVE-2021-25832 (A heap buffer overflow vulnerability inside of BMP image processing wa ...)
+	TODO: check
+CVE-2021-25831 (A file extension handling issue was found in [core] module of ONLYOFFI ...)
+	TODO: check
+CVE-2021-25830 (A file extension handling issue was found in [core] module of ONLYOFFI ...)
+	TODO: check
+CVE-2021-25829 (An improper binary stream data handling issue was found in the [core]  ...)
+	TODO: check
 CVE-2021-25828
 	RESERVED
 CVE-2021-25827
@@ -5638,8 +5776,7 @@ CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a
 	NOTE: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
 CVE-2021-3180
 	RESERVED
-CVE-2021-25329
-	RESERVED
+CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10. ...)
 	- tomcat9 9.0.43-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -6177,8 +6314,7 @@ CVE-2021-25124 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800
 	NOT-FOR-US: HPE
 CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
 	NOT-FOR-US: HPE
-CVE-2021-25122
-	RESERVED
+CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat versions ...)
 	- tomcat9 9.0.43-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -8522,7 +8658,7 @@ CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefo
 	- firefox 86.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
 CVE-2021-23978 (Mozilla developers reported memory safety bugs present in Firefox 85 a ...)
-	{DSA-4866-1 DSA-4862-1 DLA-2575-1}
+	{DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
 	- firefox 86.0-1
 	- firefox-esr 78.8.0esr-1
 	- thunderbird 1:78.8.0-1
@@ -8542,7 +8678,7 @@ CVE-2021-23974 (The DOMParser API did not properly process '&lt;noscript&gt;' el
 	- firefox 86.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974
 CVE-2021-23973 (When trying to load a cross-origin resource in an audio/video context  ...)
-	{DSA-4866-1 DSA-4862-1 DLA-2575-1}
+	{DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
 	- firefox 86.0-1
 	- firefox-esr 78.8.0esr-1
 	- thunderbird 1:78.8.0-1
@@ -8559,7 +8695,7 @@ CVE-2021-23970 (Context-specific code was included in a shared jump table; resul
 	- firefox 86.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970
 CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when creating a ...)
-	{DSA-4866-1 DSA-4862-1 DLA-2575-1}
+	{DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
 	- firefox 86.0-1
 	- firefox-esr 78.8.0esr-1
 	- thunderbird 1:78.8.0-1
@@ -8567,7 +8703,7 @@ CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when crea
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969
 CVE-2021-23968 (If Content Security Policy blocked frame navigation, the full destinat ...)
-	{DSA-4866-1 DSA-4862-1 DLA-2575-1}
+	{DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
 	- firefox 86.0-1
 	- firefox-esr 78.8.0esr-1
 	- thunderbird 1:78.8.0-1
@@ -12460,8 +12596,8 @@ CVE-2021-22116
 	RESERVED
 CVE-2021-22115
 	RESERVED
-CVE-2021-22114
-	RESERVED
+CVE-2021-22114 (Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versio ...)
+	TODO: check
 CVE-2021-22113 (Applications using the &#8220;Sensitive Headers&#8221; functionality i ...)
 	NOT-FOR-US: Spring Cloud Netflix Zuul
 CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5. ...)