automatic update

3 files changed, 87 insertions, 63 deletions

diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index f01d5de663..0a7197608c 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -3935,8 +3935,8 @@ CVE-2018-19959
 	RESERVED
 CVE-2018-19958
 	RESERVED
-CVE-2018-19957
-	RESERVED
+CVE-2018-19957 (A vulnerability involving insufficient HTTP security headers has been  ...)
+	TODO: check
 CVE-2018-19956 (The cross-site scripting vulnerability has been reported to affect ear ...)
 	NOT-FOR-US: QNAP
 CVE-2018-19955 (The cross-site scripting vulnerability has been reported to affect ear ...)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 52d82c2d98..2dc80ec8c2 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -16134,7 +16134,7 @@ CVE-2020-24383 (An issue was discovered in FNET through 4.6.4. The code for proc
 	NOT-FOR-US: FNET
 CVE-2020-24382
 	RESERVED
-CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9 ...)
+CVE-2020-24381 (GUnet Open eClass Platform (aka openeclass) before 3.11 might allow re ...)
 	NOT-FOR-US: GUnet Open eClass Platform
 CVE-2020-24380
 	RESERVED
@@ -26767,38 +26767,38 @@ CVE-2020-19297
 	RESERVED
 CVE-2020-19296
 	RESERVED
-CVE-2020-19295
-	RESERVED
-CVE-2020-19294
-	RESERVED
-CVE-2020-19293
-	RESERVED
-CVE-2020-19292
-	RESERVED
-CVE-2020-19291
-	RESERVED
-CVE-2020-19290
-	RESERVED
-CVE-2020-19289
-	RESERVED
-CVE-2020-19288
-	RESERVED
-CVE-2020-19287
-	RESERVED
-CVE-2020-19286
-	RESERVED
-CVE-2020-19285
-	RESERVED
-CVE-2020-19284
-	RESERVED
-CVE-2020-19283
-	RESERVED
-CVE-2020-19282
-	RESERVED
-CVE-2020-19281
-	RESERVED
-CVE-2020-19280
-	RESERVED
+CVE-2020-19295 (A reflected cross-site scripting (XSS) vulnerability in the /weibo/top ...)
+	TODO: check
+CVE-2020-19294 (A stored cross-site scripting (XSS) vulnerability in the /article/comm ...)
+	TODO: check
+CVE-2020-19293 (A stored cross-site scripting (XSS) vulnerability in the /article/add  ...)
+	TODO: check
+CVE-2020-19292 (A stored cross-site scripting (XSS) vulnerability in the /question/ask ...)
+	TODO: check
+CVE-2020-19291 (A stored cross-site scripting (XSS) vulnerability in the /weibo/publis ...)
+	TODO: check
+CVE-2020-19290 (A stored cross-site scripting (XSS) vulnerability in the /weibo/commen ...)
+	TODO: check
+CVE-2020-19289 (A stored cross-site scripting (XSS) vulnerability in the /member/pictu ...)
+	TODO: check
+CVE-2020-19288 (A stored cross-site scripting (XSS) vulnerability in the /localhost/u  ...)
+	TODO: check
+CVE-2020-19287 (A stored cross-site scripting (XSS) vulnerability in the /group/post c ...)
+	TODO: check
+CVE-2020-19286 (A stored cross-site scripting (XSS) vulnerability in the /question/det ...)
+	TODO: check
+CVE-2020-19285 (A stored cross-site scripting (XSS) vulnerability in the /group/apply  ...)
+	TODO: check
+CVE-2020-19284 (A stored cross-site scripting (XSS) vulnerability in the /group/commen ...)
+	TODO: check
+CVE-2020-19283 (A reflected cross-site scripting (XSS) vulnerability in the /newVersio ...)
+	TODO: check
+CVE-2020-19282 (A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 a ...)
+	TODO: check
+CVE-2020-19281 (A stored cross-site scripting (XSS) vulnerability in the /manage/login ...)
+	TODO: check
+CVE-2020-19280 (Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows ...)
+	TODO: check
 CVE-2020-19279
 	RESERVED
 CVE-2020-19278
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 317621c095..c07e666a33 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,27 @@
+CVE-2021-40849
+	RESERVED
+CVE-2021-40848
+	RESERVED
+CVE-2021-40847
+	RESERVED
+CVE-2021-40846
+	RESERVED
+CVE-2021-40845
+	RESERVED
+CVE-2021-40844
+	RESERVED
+CVE-2021-40843
+	RESERVED
+CVE-2021-40842
+	RESERVED
+CVE-2021-40841
+	RESERVED
+CVE-2021-40840
+	RESERVED
+CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...)
+	TODO: check
+CVE-2021-40838
+	RESERVED
 CVE-2021-40837
 	RESERVED
 CVE-2021-40836
@@ -3698,20 +3722,20 @@ CVE-2021-39208
 	RESERVED
 CVE-2021-39207
 	RESERVED
-CVE-2021-39206
-	RESERVED
+CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+	TODO: check
 CVE-2021-39205
 	RESERVED
-CVE-2021-39204
-	RESERVED
-CVE-2021-39203
-	RESERVED
-CVE-2021-39202
-	RESERVED
-CVE-2021-39201
-	RESERVED
-CVE-2021-39200
-	RESERVED
+CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+	TODO: check
+CVE-2021-39203 (WordPress is a free and open-source content management system written  ...)
+	TODO: check
+CVE-2021-39202 (WordPress is a free and open-source content management system written  ...)
+	TODO: check
+CVE-2021-39201 (WordPress is a free and open-source content management system written  ...)
+	TODO: check
+CVE-2021-39200 (WordPress is a free and open-source content management system written  ...)
+	TODO: check
 CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...)
 	NOT-FOR-US: Node remark-html
 CVE-2021-39198
@@ -3797,8 +3821,8 @@ CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging and
 	- matrix-synapse 1.41.1-1
 	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
 	NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1)
-CVE-2021-39162
-	RESERVED
+CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+	TODO: check
 CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...)
 	NOT-FOR-US: Discourse
 CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...)
@@ -14550,14 +14574,14 @@ CVE-2021-34348
 	RESERVED
 CVE-2021-34347
 	RESERVED
-CVE-2021-34346
-	RESERVED
-CVE-2021-34345
-	RESERVED
-CVE-2021-34344
-	RESERVED
-CVE-2021-34343
-	RESERVED
+CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+	TODO: check
+CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+	TODO: check
+CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+	TODO: check
+CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+	TODO: check
 CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...)
 	- bluez 5.55-3.1 (bug #989700)
 	[buster] - bluez <not-affected> (Vulnerable code introduced later)
@@ -18359,8 +18383,8 @@ CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storag
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data storage. In  ...)
 	- nextcloud-server <itp> (bug #941708)
-CVE-2021-32724
-	RESERVED
+CVE-2021-32724 (check-spelling is a github action which provides CI spell checking. In ...)
+	TODO: check
 CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...)
 	NOT-FOR-US: Prism
 CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb705 ...)
@@ -28037,14 +28061,14 @@ CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing
 	NOT-FOR-US: TIBCO
 CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...)
 	NOT-FOR-US: TIBCO
-CVE-2021-28816
-	RESERVED
+CVE-2021-28816 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+	TODO: check
 CVE-2021-28815 (Insecure storage of sensitive information has been reported to affect  ...)
 	NOT-FOR-US: QNAP
 CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...)
 	NOT-FOR-US: QNAP
-CVE-2021-28813
-	RESERVED
+CVE-2021-28813 (A vulnerability involving insecure storage of sensitive information ha ...)
+	TODO: check
 CVE-2021-28812 (A command injection vulnerability has been reported to affect certain  ...)
 	NOT-FOR-US: QNAP
 CVE-2021-28811 (If exploited, this command injection vulnerability could allow remote  ...)