automatic update

5 files changed, 80 insertions, 45 deletions

diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 4621ef156e..9616b91fa9 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -4993,7 +4993,7 @@ CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 an
 	{DSA-809-1}
 	- squid 2.5.10-5 (medium)
 CVE-2005-2795
-	RESERVED
+	REJECTED
 CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to c ...)
 	{DSA-809-3 DSA-809-1}
 	- squid 2.5.10-5 (medium)
@@ -10621,7 +10621,7 @@ CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in
 CVE-2005-0395
 	REJECTED
 CVE-2005-0394
-	RESERVED
+	REJECTED
 CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, w ...)
 	{DSA-733-1}
 	- crip 3.5-1sarge2 (low)
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 95da8f847e..cf4b610bc8 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -7239,7 +7239,7 @@ CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Moz
 	- xulrunner 1.8.1.5-1 (high)
 	NOTE: MFSA2007-18
 CVE-2007-3733
-	RESERVED
+	REJECTED
 CVE-2007-3732 (In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc cal ...)
 	- linux-2.6 2.6.23-1
 	NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index f40231ff6e..35c53678dc 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -17663,7 +17663,7 @@ CVE-2018-14641 (A security flaw was found in the ip_frag_reasm() function in net
 CVE-2018-14640
 	RESERVED
 CVE-2018-14639
-	RESERVED
+	REJECTED
 CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ...)
 	- 389-ds-base 1.4.0.18-1 (bug #908859)
 	[stretch] - 389-ds-base <no-dsa> (Minor issue)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 117438783d..81a35241f7 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -27878,8 +27878,8 @@ CVE-2020-18444
 	RESERVED
 CVE-2020-18443
 	RESERVED
-CVE-2020-18442
-	RESERVED
+CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a d ...)
+	TODO: check
 CVE-2020-18441
 	RESERVED
 CVE-2020-18440
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 5fc0d1827f..e6566d5c80 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,33 @@
+CVE-2021-3611
+	RESERVED
+CVE-2021-3610
+	RESERVED
+CVE-2021-35053
+	RESERVED
+CVE-2021-35052
+	RESERVED
+CVE-2021-35051
+	RESERVED
+CVE-2021-35050
+	RESERVED
+CVE-2021-35049
+	RESERVED
+CVE-2021-35048
+	RESERVED
+CVE-2021-35047
+	RESERVED
+CVE-2021-35046
+	RESERVED
+CVE-2021-35045
+	RESERVED
+CVE-2021-35044
+	RESERVED
+CVE-2021-35043
+	RESERVED
+CVE-2021-35042
+	RESERVED
+CVE-2021-35041
+	RESERVED
 CVE-2021-3609
 	RESERVED
 CVE-2021-35040
@@ -465,8 +495,8 @@ CVE-2021-34817
 	RESERVED
 CVE-2021-34816
 	RESERVED
-CVE-2021-34815
-	RESERVED
+CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...)
+	TODO: check
 CVE-2021-34814
 	RESERVED
 CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...)
@@ -506,8 +536,8 @@ CVE-2021-34799
 	RESERVED
 CVE-2021-34798
 	RESERVED
-CVE-2021-3604
-	RESERVED
+CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...)
+	TODO: check
 CVE-2021-34797
 	RESERVED
 CVE-2021-34796
@@ -1071,16 +1101,19 @@ CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution i
 	TODO: check
 CVE-2021-34550 [out-of-bounds memory access in v3 onion service descriptor parsing]
 	RESERVED
+	{DSA-4932-1}
 	- tor 0.4.5.9-1 (bug #990000)
 	[stretch] - tor <end-of-life> (See DSA 4644)
 	NOTE: https://blog.torproject.org/node/2041
 CVE-2021-34549 [hashtable-based CPU denial-of-service attack against relays]
 	RESERVED
+	{DSA-4932-1}
 	- tor 0.4.5.9-1 (bug #990000)
 	[stretch] - tor <end-of-life> (See DSA 4644)
 	NOTE: https://blog.torproject.org/node/2041
 CVE-2021-34548
 	RESERVED
+	{DSA-4932-1}
 	- tor 0.4.5.9-1 (bug #990000)
 	[stretch] - tor <end-of-life> (See DSA 4644)
 	NOTE: https://blog.torproject.org/node/2041
@@ -2548,6 +2581,7 @@ CVE-2021-3581
 	RESERVED
 CVE-2021-3580 [Remote crash in RSA decryption via manipulated ciphertext]
 	RESERVED
+	{DSA-4933-1}
 	- nettle 3.7.3-1 (bug #989631)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983
 	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
@@ -2605,20 +2639,20 @@ CVE-2021-33826
 	RESERVED
 CVE-2021-33825
 	RESERVED
-CVE-2021-33824
-	RESERVED
-CVE-2021-33823
-	RESERVED
-CVE-2021-33822
-	RESERVED
+CVE-2021-33824 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...)
+	TODO: check
+CVE-2021-33823 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...)
+	TODO: check
+CVE-2021-33822 (An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 ...)
+	TODO: check
 CVE-2021-33821
 	RESERVED
-CVE-2021-33820
-	RESERVED
+CVE-2021-33820 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...)
+	TODO: check
 CVE-2021-33819
 	RESERVED
-CVE-2021-33818
-	RESERVED
+CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...)
+	TODO: check
 CVE-2021-33817
 	RESERVED
 CVE-2021-33816
@@ -3170,10 +3204,10 @@ CVE-2021-33579
 	RESERVED
 CVE-2021-33578
 	RESERVED
-CVE-2021-33577
-	RESERVED
-CVE-2021-33576
-	RESERVED
+CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...)
+	TODO: check
+CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...)
+	TODO: check
 CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...)
 	NOT-FOR-US: ruby-jss gem
 CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32  ...)
@@ -3687,8 +3721,8 @@ CVE-2021-33349
 	RESERVED
 CVE-2021-33348
 	RESERVED
-CVE-2021-33347
-	RESERVED
+CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...)
+	TODO: check
 CVE-2021-33346
 	RESERVED
 CVE-2021-33345
@@ -4580,12 +4614,12 @@ CVE-2021-32958
 	RESERVED
 CVE-2021-32957
 	RESERVED
-CVE-2021-32956
-	RESERVED
+CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...)
+	TODO: check
 CVE-2021-32955
 	RESERVED
-CVE-2021-32954
-	RESERVED
+CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a  ...)
+	TODO: check
 CVE-2021-32953
 	RESERVED
 CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure  ...)
@@ -5527,8 +5561,8 @@ CVE-2021-32538
 	RESERVED
 CVE-2021-32537
 	RESERVED
-CVE-2021-32536
-	RESERVED
+CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...)
+	TODO: check
 CVE-2021-32535
 	RESERVED
 CVE-2021-32534
@@ -18869,10 +18903,10 @@ CVE-2021-26837
 	RESERVED
 CVE-2021-26836
 	RESERVED
-CVE-2021-26835
-	RESERVED
-CVE-2021-26834
-	RESERVED
+CVE-2021-26835 (No filtering of cross-site scripting (XSS) payloads in the markdown-ed ...)
+	TODO: check
+CVE-2021-26834 (A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An a ...)
+	TODO: check
 CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills  ...)
 	NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills
 CVE-2021-26832 (Cross Site Scripting (XSS) in the "Reset Password" page form of Priori ...)
@@ -19485,7 +19519,7 @@ CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability in
 	NOT-FOR-US: Synology
 CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability in synor ...)
 	NOT-FOR-US: Synology
-CVE-2021-26563 (Improper access control vulnerability in synoagentregisterd in Synolog ...)
+CVE-2021-26563 (Incorrect authorization vulnerability in synoagentregisterd in Synolog ...)
 	NOT-FOR-US: Synology
 CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in Synology Di ...)
 	NOT-FOR-US: Synology
@@ -25906,10 +25940,10 @@ CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a refle
 	NOT-FOR-US: Bosch
 CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...)
 	NOT-FOR-US: Bosch
-CVE-2021-23846
-	RESERVED
-CVE-2021-23845
-	RESERVED
+CVE-2021-23846 (When using http protocol, the user password is transmitted as a clear  ...)
+	TODO: check
+CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session while a ...)
+	TODO: check
 CVE-2021-23844
 	RESERVED
 CVE-2021-23843
@@ -29844,8 +29878,8 @@ CVE-2021-21999
 	RESERVED
 CVE-2021-21998
 	RESERVED
-CVE-2021-21997
-	RESERVED
+CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of ...)
+	TODO: check
 CVE-2021-21996
 	RESERVED
 CVE-2021-21995
@@ -30527,8 +30561,8 @@ CVE-2021-21671
 	RESERVED
 CVE-2021-21670
 	RESERVED
-CVE-2021-21669
-	RESERVED
+CVE-2021-21669 (Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not confi ...)
+	TODO: check
 CVE-2021-21668 (Jenkins Scriptler Plugin 3.1 and earlier does not escape script conten ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2021-21667 (Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter nam ...)
@@ -33731,6 +33765,7 @@ CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in li
 CVE-2021-20306 (A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any  ...)
 	NOT-FOR-US: Red Hat Business Central
 CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...)
+	{DSA-4933-1}
 	- nettle 3.7.2-1 (bug #985652)
 	[stretch] - nettle <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html