automatic update

2 files changed, 46 insertions, 41 deletions

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index b1f15d313b..023dab478c 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -63386,8 +63386,8 @@ CVE-2020-4148
 	RESERVED
 CVE-2020-4147
 	RESERVED
-CVE-2020-4146
-	RESERVED
+CVE-2020-4146 (IBM Security SiteProtector System 3.1.1 could allow a remote attacker  ...)
+	TODO: check
 CVE-2020-4145
 	RESERVED
 CVE-2020-4144
@@ -63398,8 +63398,8 @@ CVE-2020-4142
 	RESERVED
 CVE-2020-4141
 	RESERVED
-CVE-2020-4140
-	RESERVED
+CVE-2020-4140 (IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site sc ...)
+	TODO: check
 CVE-2020-4139
 	RESERVED
 CVE-2020-4138
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 34e80e84ed..f842e680ec 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,11 +1,18 @@
-CVE-2021-43578
+CVE-2021-43582
 	RESERVED
-	NOT-FOR-US: Jenkins plugin
-CVE-2021-43577
+CVE-2021-43581
 	RESERVED
-	NOT-FOR-US: Jenkins plugin
-CVE-2021-43576
+CVE-2021-43580
 	RESERVED
+CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC before 1. ...)
+	TODO: check
+CVE-2021-3950
+	RESERVED
+CVE-2021-43578 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier  ...)
+	NOT-FOR-US: Jenkins plugin
+CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not confi ...)
+	NOT-FOR-US: Jenkins plugin
+CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure its XML p ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2021-42744
 	RESERVED
@@ -167,8 +174,8 @@ CVE-2021-3936
 	RESERVED
 CVE-2021-3935
 	RESERVED
-CVE-2021-3934
-	RESERVED
+CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...)
+	TODO: check
 CVE-2021-3933
 	RESERVED
 	- openexr <unfixed>
@@ -232,16 +239,16 @@ CVE-2021-43498
 	RESERVED
 CVE-2021-43497
 	RESERVED
-CVE-2021-43496
-	RESERVED
+CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...)
+	TODO: check
 CVE-2021-43495
 	RESERVED
-CVE-2021-43494
-	RESERVED
-CVE-2021-43493
-	RESERVED
-CVE-2021-43492
-	RESERVED
+CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...)
+	TODO: check
+CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...)
+	TODO: check
+CVE-2021-43492 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...)
+	TODO: check
 CVE-2021-43491
 	RESERVED
 CVE-2021-43490
@@ -666,7 +673,7 @@ CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Rest
 	NOT-FOR-US: Grav CMS
 CVE-2021-23222
 	RESERVED
-	{DSA-5007-1 DSA-5006-1}
+	{DSA-5007-1 DSA-5006-1 DLA-2817-1}
 	- postgresql-14 14.1-1
 	- postgresql-13 <unfixed>
 	- postgresql-11 <removed>
@@ -674,7 +681,7 @@ CVE-2021-23222
 	NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
 CVE-2021-23214
 	RESERVED
-	{DSA-5007-1 DSA-5006-1}
+	{DSA-5007-1 DSA-5006-1 DLA-2817-1}
 	- postgresql-14 14.1-1
 	- postgresql-13 <unfixed>
 	- postgresql-11 <removed>
@@ -2813,6 +2820,7 @@ CVE-2021-3886
 CVE-2021-3885
 	RESERVED
 CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
+	{DSA-5009-1}
 	- tomcat9 9.0.54-1
 	[buster] - tomcat9 <not-affected> (Vulnerable code introduced later)
 	- tomcat8 <removed>
@@ -3684,8 +3692,8 @@ CVE-2021-3857
 	RESERVED
 CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
 	NOT-FOR-US: Apache MINA
-CVE-2021-41972
-	RESERVED
+CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
+	TODO: check
 CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
 	NOT-FOR-US: Apache Superset
 CVE-2021-3856
@@ -5319,8 +5327,8 @@ CVE-2021-41266
 	RESERVED
 CVE-2021-41265
 	RESERVED
-CVE-2021-41264
-	RESERVED
+CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...)
+	TODO: check
 CVE-2021-41263
 	RESERVED
 CVE-2021-41262
@@ -5329,8 +5337,8 @@ CVE-2021-41261
 	RESERVED
 CVE-2021-41260
 	RESERVED
-CVE-2021-41259
-	RESERVED
+CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...)
+	TODO: check
 CVE-2021-41258
 	RESERVED
 CVE-2021-41257
@@ -5339,8 +5347,8 @@ CVE-2021-41256
 	RESERVED
 CVE-2021-41255
 	RESERVED
-CVE-2021-41254
-	RESERVED
+CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running  ...)
+	TODO: check
 CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...)
 	- zydis <unfixed> (bug #999431)
 	NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
@@ -10753,8 +10761,8 @@ CVE-2021-38987
 	RESERVED
 CVE-2021-38986
 	RESERVED
-CVE-2021-38985
-	RESERVED
+CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+	TODO: check
 CVE-2021-38984
 	RESERVED
 CVE-2021-38983
@@ -10777,10 +10785,10 @@ CVE-2021-38975
 	RESERVED
 CVE-2021-38974
 	RESERVED
-CVE-2021-38973
-	RESERVED
-CVE-2021-38972
-	RESERVED
+CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+	TODO: check
+CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+	TODO: check
 CVE-2021-38971
 	RESERVED
 CVE-2021-38970
@@ -51934,14 +51942,11 @@ CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x
 	- php7.0 <removed>
 	NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27
 	NOTE: PHP Bug: https://bugs.php.net/80672
-CVE-2021-21701
-	RESERVED
+CVE-2021-21701 (Jenkins Performance Plugin 3.20 and earlier does not configure its XML ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2021-21700
-	RESERVED
+CVE-2021-21700 (Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of s ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2021-21699
-	RESERVED
+CVE-2021-21699 (Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the pa ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2021-21698 (Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the nam ...)
 	NOT-FOR-US: Jenkins plugin