automatic update

4 files changed, 106 insertions, 62 deletions

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index aa1feb8072..ab93fff68a 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1420,7 +1420,7 @@ CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in color_templ
 CVE-2018-20722
 	RESERVED
 CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bound ...)
-	{DLA-1682-1}
+	{DLA-2834-1 DLA-1682-1}
 	- uriparser 0.9.1-1 (low)
 	NOTE: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
 CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...)
@@ -41580,7 +41580,7 @@ CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packe
 CVE-2018-5765
 	RESERVED
 CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before 3. ...)
-	{DLA-1725-1 DLA-1247-1}
+	{DLA-2833-1 DLA-1725-1 DLA-1247-1}
 	- rsync 3.1.2-2.2 (bug #887588)
 	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
 CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7  ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index fcbc14737c..50f465ada7 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -10177,12 +10177,12 @@ CVE-2019-17044 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execut
 CVE-2019-17043 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...)
 	NOT-FOR-US: BMC Patrol Agent
 CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...)
-	{DLA-1952-1}
+	{DLA-2835-1 DLA-1952-1}
 	- rsyslog 8.1910.0-1 (bug #942065)
 	[buster] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
 	NOTE: https://github.com/rsyslog/rsyslog/pull/3883
 CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...)
-	{DLA-1952-1}
+	{DLA-2835-1 DLA-1952-1}
 	- rsyslog 8.1910.0-1 (bug #942067)
 	[buster] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
 	NOTE: https://github.com/rsyslog/rsyslog/pull/3884
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index fe4f277c2b..9a6c99d6c7 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,27 @@
+CVE-2021-44470
+	RESERVED
+CVE-2021-4037
+	RESERVED
+CVE-2021-4036
+	RESERVED
+CVE-2021-37409
+	RESERVED
+CVE-2021-37405
+	RESERVED
+CVE-2021-33847
+	RESERVED
+CVE-2021-26950
+	RESERVED
+CVE-2021-26258
+	RESERVED
+CVE-2021-26257
+	RESERVED
+CVE-2021-26251
+	RESERVED
+CVE-2021-23223
+	RESERVED
+CVE-2021-23179
+	RESERVED
 CVE-2021-44464
 	RESERVED
 CVE-2021-44453
@@ -476,8 +500,8 @@ CVE-2021-4028 [use-after-free in RDMA listen()]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027201
 CVE-2021-4027
 	RESERVED
-CVE-2021-4026
-	RESERVED
+CVE-2021-4026 (bookstack is vulnerable to Improper Access Control ...)
+	TODO: check
 CVE-2021-4025
 	RESERVED
 CVE-2021-44235
@@ -2584,12 +2608,12 @@ CVE-2021-43362
 	RESERVED
 CVE-2021-43361
 	RESERVED
-CVE-2021-43360
-	RESERVED
-CVE-2021-43359
-	RESERVED
-CVE-2021-43358
-	RESERVED
+CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule&#8217;s serialization functi ...)
+	TODO: check
+CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...)
+	TODO: check
+CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...)
+	TODO: check
 CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
 	- vim <unfixed>
 	[stretch] - vim <no-dsa> (Minor issue)
@@ -2686,7 +2710,7 @@ CVE-2021-43322
 CVE-2021-43321
 	RESERVED
 CVE-2021-43320
-	RESERVED
+	REJECTED
 CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-43318
@@ -4370,8 +4394,8 @@ CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
 	NOT-FOR-US: myfactory.FMS
 CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
 	NOT-FOR-US: myfactory.FMS
-CVE-2021-42564
-	RESERVED
+CVE-2021-42564 (An open redirect through HTML injection in confidential messages in Cr ...)
+	TODO: check
 CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...)
 	NOT-FOR-US: NI Service Locator
 CVE-2021-3893
@@ -7467,8 +7491,8 @@ CVE-2021-41258 (Kirby is an open source file structured CMS. In affected version
 	NOT-FOR-US: Kirby
 CVE-2021-41257
 	RESERVED
-CVE-2021-41256
-	RESERVED
+CVE-2021-41256 (nextcloud news-android is an Android client for the Nextcloud news/fee ...)
+	TODO: check
 CVE-2021-41255
 	RESERVED
 CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running  ...)
@@ -8566,8 +8590,8 @@ CVE-2021-40811
 	RESERVED
 CVE-2021-40810
 	RESERVED
-CVE-2021-40809
-	RESERVED
+CVE-2021-40809 (An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An  ...)
+	TODO: check
 CVE-2021-40808
 	RESERVED
 CVE-2021-40807
@@ -10276,8 +10300,8 @@ CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Trav
 	NOT-FOR-US: Concrete CMS
 CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File  ...)
 	NOT-FOR-US: Concrete CMS
-CVE-2021-40101
-	RESERVED
+CVE-2021-40101 (An issue was discovered in Concrete CMS before 8.5.7. The Dashboard al ...)
+	TODO: check
 CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can  ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...)
@@ -12053,7 +12077,7 @@ CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
 	NOT-FOR-US: firefly-iii
 CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: firefly-iii
-CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has a vulnerability affecting in ...)
+CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka P ...)
 	NOT-FOR-US: Jamf Pro
 CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the  ...)
 	NOT-FOR-US: MISP
@@ -19130,16 +19154,16 @@ CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and
 	NOT-FOR-US: EMC
 CVE-2021-36331
 	RESERVED
-CVE-2021-36330
-	RESERVED
-CVE-2021-36329
-	RESERVED
-CVE-2021-36328
-	RESERVED
-CVE-2021-36327
-	RESERVED
-CVE-2021-36326
-	RESERVED
+CVE-2021-36330 (Dell EMC Streaming Data Platform versions before 1.3 contain an Insuff ...)
+	TODO: check
+CVE-2021-36329 (Dell EMC Streaming Data Platform versions before 1.3 contain an Indire ...)
+	TODO: check
+CVE-2021-36328 (Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Inj ...)
+	TODO: check
+CVE-2021-36327 (Dell EMC Streaming Data Platform versions before 1.3 contain a Server  ...)
+	TODO: check
+CVE-2021-36326 (Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL ...)
+	TODO: check
 CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. A local ...)
 	NOT-FOR-US: Dell
 CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. A local ...)
@@ -56315,42 +56339,42 @@ CVE-2021-20866
 	RESERVED
 CVE-2021-20865
 	RESERVED
-CVE-2021-20864
-	RESERVED
-CVE-2021-20863
-	RESERVED
-CVE-2021-20862
-	RESERVED
-CVE-2021-20861
-	RESERVED
-CVE-2021-20860
-	RESERVED
-CVE-2021-20859
-	RESERVED
-CVE-2021-20858
-	RESERVED
-CVE-2021-20857
-	RESERVED
-CVE-2021-20856
-	RESERVED
-CVE-2021-20855
-	RESERVED
-CVE-2021-20854
-	RESERVED
-CVE-2021-20853
-	RESERVED
-CVE-2021-20852
-	RESERVED
-CVE-2021-20851
-	RESERVED
+CVE-2021-20864 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2  ...)
+	TODO: check
+CVE-2021-20863 (OS command injection vulnerability in ELECOM routers (WRC-1167GST2 fir ...)
+	TODO: check
+CVE-2021-20862 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2  ...)
+	TODO: check
+CVE-2021-20861 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...)
+	TODO: check
+CVE-2021-20860 (Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers  ...)
+	TODO: check
+CVE-2021-20859 (ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST ...)
+	TODO: check
+CVE-2021-20858 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...)
+	TODO: check
+CVE-2021-20857 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...)
+	TODO: check
+CVE-2021-20856 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...)
+	TODO: check
+CVE-2021-20855 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...)
+	TODO: check
+CVE-2021-20854 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...)
+	TODO: check
+CVE-2021-20853 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...)
+	TODO: check
+CVE-2021-20852 (Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmwa ...)
+	TODO: check
+CVE-2021-20851 (Cross-site request forgery (CSRF) vulnerability in Browser and Operati ...)
+	TODO: check
 CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and ea ...)
 	NOT-FOR-US: PowerCMS
 CVE-2021-20849
 	RESERVED
 CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 a ...)
 	NOT-FOR-US: rwtxt
-CVE-2021-20847
-	RESERVED
+CVE-2021-20847 (Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G ...)
+	TODO: check
 CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push Notifications  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap G ...)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 24adba79a0..004073da1b 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,23 @@
+CVE-2022-21240
+	RESERVED
+CVE-2022-21237
+	RESERVED
+CVE-2022-21218
+	RESERVED
+CVE-2022-21212
+	RESERVED
+CVE-2022-21197
+	RESERVED
+CVE-2022-21172
+	RESERVED
+CVE-2022-21160
+	RESERVED
+CVE-2022-21140
+	RESERVED
+CVE-2022-21139
+	RESERVED
+CVE-2022-21133
+	RESERVED
 CVE-2022-21792
 	RESERVED
 CVE-2022-21791