automatic update

5 files changed, 66 insertions, 40 deletions

diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 87bc232ef9..a1a5504447 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1,3 +1,5 @@
+CVE-2012-10001 (The Limit Login Attempts plugin before 1.7.1 for WordPress does not cl ...)
+	TODO: check
 CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)  ...)
 	NOT-FOR-US: SocialEngine
 CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index f5cd5cb7fa..5588f4caf5 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -11741,12 +11741,14 @@ CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in t
 CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel as it ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...)
+	{DLA-2519-1}
 	- pacemaker 2.0.1-3 (bug #927714)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
 	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
 	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
 	NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
 CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...)
+	{DLA-2519-1}
 	- pacemaker 2.0.1-3 (bug #927714)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
 	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 94a4c1accf..9429b64bdf 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -10144,8 +10144,8 @@ CVE-2019-16964 (app/call_centers/cmd.php in the Call Center Queue Module in Fusi
 	NOT-FOR-US: FusionPBX
 CVE-2019-16963
 	RESERVED
-CVE-2019-16962
-	RESERVED
+CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a ...)
+	TODO: check
 CVE-2019-16961
 	RESERVED
 CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file wit ...)
@@ -10160,8 +10160,8 @@ CVE-2019-16956 (SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type
 	NOT-FOR-US: SolarWinds
 CVE-2019-16955 (SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG documen ...)
 	NOT-FOR-US: SolarWinds
-CVE-2019-16954
-	RESERVED
+CVE-2019-16954 (SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in ...)
+	TODO: check
 CVE-2019-16953
 	RESERVED
 CVE-2019-16952
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 76a38abace..5a70751031 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,19 @@
+CVE-2020-36177 (RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-o ...)
+	TODO: check
+CVE-2020-36176 (The iThemes Security (formerly Better WP Security) plugin before 7.7.0 ...)
+	TODO: check
+CVE-2020-36175 (The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers  ...)
+	TODO: check
+CVE-2020-36174 (The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via s ...)
+	TODO: check
+CVE-2020-36173 (The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for  ...)
+	TODO: check
+CVE-2020-36172 (The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandl ...)
+	TODO: check
+CVE-2020-36171 (The Elementor Website Builder plugin before 3.0.14 for WordPress does  ...)
+	TODO: check
+CVE-2020-36170 (The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidd ...)
+	TODO: check
 CVE-2020-36169 (An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCe ...)
 	NOT-FOR-US: Veritas
 CVE-2020-36168 (An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It ...)
@@ -923,7 +939,7 @@ CVE-2020-35719
 	RESERVED
 CVE-2020-35718
 	RESERVED
-CVE-2020-35717 (zonote <=0.4.0 allows XSS via crafted note, with resultant Remote C ...)
+CVE-2020-35717 (zonote through 0.4.0 allows XSS via a crafted note, with resultant Rem ...)
 	NOT-FOR-US: zonote
 CVE-2020-35716 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attacker ...)
 	NOT-FOR-US: Belkin LINKSYS RE6500 devices
@@ -7820,20 +7836,20 @@ CVE-2020-27287
 	RESERVED
 CVE-2020-27286
 	RESERVED
-CVE-2020-27285
-	RESERVED
+CVE-2020-27285 (The default configuration of Crimson 3.1 (Build versions prior to 3119 ...)
+	TODO: check
 CVE-2020-27284
 	RESERVED
-CVE-2020-27283
-	RESERVED
+CVE-2020-27283 (An attacker could send a specially crafted message to Crimson 3.1 (Bui ...)
+	TODO: check
 CVE-2020-27282
 	RESERVED
 CVE-2020-27281
 	RESERVED
 CVE-2020-27280
 	RESERVED
-CVE-2020-27279
-	RESERVED
+CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in the prot ...)
+	TODO: check
 CVE-2020-27278
 	RESERVED
 CVE-2020-27277
@@ -9043,8 +9059,8 @@ CVE-2020-26761
 	RESERVED
 CVE-2020-26760
 	RESERVED
-CVE-2020-26759
-	RESERVED
+CVE-2020-26759 (clickhouse-driver before 0.1.5 allows a malicious clickhouse server to ...)
+	TODO: check
 CVE-2020-26758
 	RESERVED
 CVE-2020-26757
@@ -11616,7 +11632,7 @@ CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found
 CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could allow se ...)
 	NOT-FOR-US: Red Hat open-cluster-management
 CVE-2020-25654 (An ACL bypass flaw was found in pacemaker. An attacker having a local  ...)
-	{DSA-4791-1}
+	{DSA-4791-1 DLA-2519-1}
 	- pacemaker 2.0.5~rc2-1 (bug #973254)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191
@@ -38052,10 +38068,10 @@ CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine o
 	NOT-FOR-US: Foxit
 CVE-2020-13546
 	RESERVED
-CVE-2020-13545
-	RESERVED
-CVE-2020-13544
-	RESERVED
+CVE-2020-13545 (An exploitable signed conversion vulnerability exists in the TextMaker ...)
+	TODO: check
+CVE-2020-13544 (An exploitable sign extension vulnerability exists in the TextMaker do ...)
+	TODO: check
 CVE-2020-13543 (A code execution vulnerability exists in the WebSocket functionality o ...)
 	{DSA-4797-1}
 	- webkit2gtk 2.30.3-1
@@ -45622,14 +45638,14 @@ CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.
 	NOT-FOR-US: HashiCorp Vault
 CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...)
 	NOT-FOR-US: Entrust Entelligence Security Provider (ESP)
-CVE-2020-10658
-	RESERVED
-CVE-2020-10657
-	RESERVED
-CVE-2020-10656
-	RESERVED
-CVE-2020-10655
-	RESERVED
+CVE-2020-10658 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+	TODO: check
+CVE-2020-10657 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+	TODO: check
+CVE-2020-10656 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+	TODO: check
+CVE-2020-10655 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+	TODO: check
 CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...)
 	NOT-FOR-US: Ping Identity PingID
 CVE-2020-10653
@@ -49622,8 +49638,8 @@ CVE-2020-8886
 	RESERVED
 CVE-2020-8885
 	RESERVED
-CVE-2020-8884
-	RESERVED
+CVE-2020-8884 (rcdsvc in the Proofpoint Insider Threat Management Windows Agent (form ...)
+	TODO: check
 CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -51422,8 +51438,8 @@ CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 tha
 	NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
 	NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa
 	NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94
-CVE-2020-8160
-	RESERVED
+CVE-2020-8160 (MendixSSO <= 2.1.1 contains endpoints that make use of the openid h ...)
+	TODO: check
 CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...)
 	- ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
 	[buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
@@ -52310,7 +52326,7 @@ CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The
 	NOT-FOR-US: phpoffice/phpspreadsheet
 CVE-2020-7775
 	RESERVED
-CVE-2020-7774 (This affects the package y18n before 4.0.1 and 5.0.5. PoC by po6ix: co ...)
+CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...)
 	- node-y18n 4.0.0-3 (bug #976390)
 	[buster] - node-y18n <no-dsa> (Minor issue)
 	[stretch] - node-y18n <no-dsa> (Minor issue)
@@ -58826,15 +58842,15 @@ CVE-2020-5108
 CVE-2020-5107
 	RESERVED
 CVE-2020-5106
-	RESERVED
+	REJECTED
 CVE-2020-5105
-	RESERVED
+	REJECTED
 CVE-2020-5104
-	RESERVED
+	REJECTED
 CVE-2020-5103
-	RESERVED
+	REJECTED
 CVE-2020-5102
-	RESERVED
+	REJECTED
 CVE-2020-5101
 	REJECTED
 CVE-2020-5100
@@ -60368,8 +60384,8 @@ CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive inf
 	NOT-FOR-US: IBM
 CVE-2020-4337 (IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker ...)
 	NOT-FOR-US: IBM
-CVE-2020-4336
-	RESERVED
+CVE-2020-4336 (IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL  ...)
+	TODO: check
 CVE-2020-4335
 	RESERVED
 CVE-2020-4334
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 3c45a81cc1..dbe77d8fc7 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,9 @@
+CVE-2021-3029
+	RESERVED
+CVE-2021-3028
+	RESERVED
+CVE-2021-22696
+	RESERVED
 CVE-2021-3027
 	RESERVED
 CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...)
@@ -2970,8 +2976,8 @@ CVE-2021-21238
 	RESERVED
 CVE-2021-21237
 	RESERVED
-CVE-2021-21236
-	RESERVED
+CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...)
+	TODO: check
 CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust. In kamad ...)
 	- rust-kamadak-exif <unfixed>
 	NOTE: https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2