automatic update

2 files changed, 54 insertions, 48 deletions

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index e5ec45e865..d2c45d4d78 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -50,8 +50,8 @@ CVE-2020-36234 (Affected versions of Atlassian Jira Server and Data Center allow
 	NOT-FOR-US: Atlassian
 CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server and Dat ...)
 	NOT-FOR-US: Atlassian
-CVE-2020-36232
-	RESERVED
+CVE-2020-36232 (The MessageBundleWhiteList class of atlassian-gadgets before version 4 ...)
+	TODO: check
 CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-36230 (A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertio ...)
@@ -957,8 +957,8 @@ CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in t
 	NOT-FOR-US: Textpattern CMS
 CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by cross-si ...)
 	NOT-FOR-US: 4images Image Gallery Management System
-CVE-2020-35852
-	RESERVED
+CVE-2020-35852 (Chatbox is affected by cross-site scripting (XSS). An attacker has to  ...)
+	TODO: check
 CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properly. Att ...)
 	NOT-FOR-US: HGiga MailSherlock
 CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...)
@@ -4150,8 +4150,8 @@ CVE-2020-29077
 	RESERVED
 CVE-2020-29076
 	RESERVED
-CVE-2020-29075
-	RESERVED
+CVE-2020-29075 (Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.3001 ...)
+	TODO: check
 CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which all ...)
 	{DSA-4799-1 DLA-2490-1}
 	- x11vnc 0.9.16-5 (bug #975875)
@@ -7007,8 +7007,7 @@ CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the
 CVE-2020-27820 [use-after-free in nouveau kernel module]
 	RESERVED
 	- linux <unfixed>
-CVE-2020-27819 [NULL pointer dereference via crafted xls file]
-	RESERVED
+CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 when read ...)
 	- r-cran-readxl <not-affected> (Embeds libxls, but not affected)
 	NOTE: https://github.com/libxls/libxls/issues/84
 CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. ...)
@@ -7194,8 +7193,7 @@ CVE-2020-27769
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1740
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7b058696133c6d36e0b48a454e357482db71982e
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7661113a654c9c822c23a8fb8aa1b021fc7fbe9d
-CVE-2020-27768
-	RESERVED
+CVE-2020-27768 (In ImageMagick, there is an outside the range of representable values  ...)
 	- imagemagick 8:6.9.11.24+dfsg-1
 	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
@@ -12002,8 +12000,7 @@ CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer ove
 	NOTE: Fixed by: https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505
 CVE-2020-25691
 	RESERVED
-CVE-2020-25690
-	RESERVED
+CVE-2020-25690 (An out-of-bounds write flaw was found in FontForge in versions before  ...)
 	- fontforge <not-affected> (Insufficient patch for CVE-2020-5395 not applied)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188
 CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 2122ef6b49..805eb4b914 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,21 @@
+CVE-2021-27574
+	RESERVED
+CVE-2021-27573
+	RESERVED
+CVE-2021-27572
+	RESERVED
+CVE-2021-27571
+	RESERVED
+CVE-2021-27570
+	RESERVED
+CVE-2021-27569
+	RESERVED
+CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...)
+	TODO: check
+CVE-2021-27567
+	RESERVED
+CVE-2021-27566
+	RESERVED
 CVE-2021-3414
 	RESERVED
 	NOT-FOR-US: Red Hat Satellite
@@ -788,8 +806,8 @@ CVE-2021-3408
 	RESERVED
 CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...)
 	NOT-FOR-US: PEEL Shopping cart
-CVE-2021-27189
-	RESERVED
+CVE-2021-27189 (The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certifica ...)
+	TODO: check
 CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...)
 	NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
 CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...)
@@ -1300,7 +1318,7 @@ CVE-2021-26940
 	RESERVED
 CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriquedorna ...)
 	NOT-FOR-US: henriquedornas
-CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online live cha ...)
+CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via  ...)
 	NOT-FOR-US: henriquedornas
 CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a denial of  ...)
 	{DLA-2558-1}
@@ -1810,10 +1828,10 @@ CVE-2021-26727
 	RESERVED
 CVE-2021-26726
 	RESERVED
-CVE-2021-26725
-	RESERVED
-CVE-2021-26724
-	RESERVED
+CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)
+	TODO: check
+CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...)
+	TODO: check
 CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&amp;query= XSS. ...)
 	NOT-FOR-US: Jenzabar
 CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because  ...)
@@ -2819,7 +2837,7 @@ CVE-2021-3338
 	RESERVED
 CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...)
 	NOT-FOR-US: MyBB
-CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not  ...)
+CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not c ...)
 	- wolfssl 4.6.0-3
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/3676
 CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for Rust. A use ...)
@@ -8419,8 +8437,8 @@ CVE-2021-23829
 	RESERVED
 CVE-2021-23828
 	RESERVED
-CVE-2021-23827
-	RESERVED
+CVE-2021-23827 (Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5 ...)
+	TODO: check
 CVE-2021-23826
 	RESERVED
 CVE-2021-23825
@@ -10802,20 +10820,20 @@ CVE-2021-22651
 	RESERVED
 CVE-2021-22650
 	RESERVED
-CVE-2021-22649
-	RESERVED
+CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
+	TODO: check
 CVE-2021-22648
 	RESERVED
-CVE-2021-22647
-	RESERVED
+CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
+	TODO: check
 CVE-2021-22646
 	RESERVED
-CVE-2021-22645
-	RESERVED
+CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
+	TODO: check
 CVE-2021-22644
 	RESERVED
-CVE-2021-22643
-	RESERVED
+CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
+	TODO: check
 CVE-2021-22642
 	RESERVED
 CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the  ...)
@@ -13897,48 +13915,39 @@ CVE-2021-21159
 	RESERVED
 CVE-2021-21158
 	RESERVED
-CVE-2021-21157
-	RESERVED
+CVE-2021-21157 (Use after free in Web Sockets in Google Chrome on Linux prior to 88.0. ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21156
-	RESERVED
+CVE-2021-21156 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 all ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21155
-	RESERVED
+CVE-2021-21155 (Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21154
-	RESERVED
+CVE-2021-21154 (Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324. ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21153
-	RESERVED
+CVE-2021-21153 (Stack buffer overflow in GPU Process in Google Chrome on Linux prior t ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21152
-	RESERVED
+CVE-2021-21152 (Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0. ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21151
-	RESERVED
+CVE-2021-21151 (Use after free in Payments in Google Chrome prior to 88.0.4324.182 all ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21150
-	RESERVED
+CVE-2021-21150 (Use after free in Downloads in Google Chrome on Windows prior to 88.0. ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21149
-	RESERVED
+CVE-2021-21149 (Stack buffer overflow in Data Transfer in Google Chrome on Linux prior ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)