automatic update

3 files changed, 97 insertions, 83 deletions

diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 32b49a98f5..ec50215650 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -10595,7 +10595,7 @@ CVE-2018-17367
 	RESERVED
 CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability t ...)
 	NOT-FOR-US: MCMS
-CVE-2018-17365 (SeaCMS 6.64 allows remote attackers to delete arbitrary files via the  ...)
+CVE-2018-17365 (SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files  ...)
 	NOT-FOR-US: SeaCMS
 CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via t ...)
 	NOT-FOR-US: OTCMS
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 0db4c323ff..8363ce09a3 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -3748,8 +3748,8 @@ CVE-2020-29550 (An issue was discovered in URVE Build 24.03.2020. The password o
 	NOT-FOR-US: URVE
 CVE-2020-29549
 	RESERVED
-CVE-2020-29548
-	RESERVED
+CVE-2020-29548 (An issue was discovered in SmarterTools SmarterMail through 100.0.7537 ...)
+	TODO: check
 CVE-2020-29547
 	RESERVED
 CVE-2020-29546
@@ -5398,8 +5398,8 @@ CVE-2020-28848
 	RESERVED
 CVE-2020-28847
 	RESERVED
-CVE-2020-28846
-	RESERVED
+CVE-2020-28846 (Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7  ...)
+	TODO: check
 CVE-2020-28845 (A CSV injection vulnerability in the Admin portal for Netskope 75.0 al ...)
 	NOT-FOR-US: Admin portal for Netskope
 CVE-2020-28844
@@ -19139,8 +19139,8 @@ CVE-2020-22939
 	RESERVED
 CVE-2020-22938
 	RESERVED
-CVE-2020-22937
-	RESERVED
+CVE-2020-22937 (A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5  ...)
+	TODO: check
 CVE-2020-22936
 	RESERVED
 CVE-2020-22935
@@ -33855,8 +33855,8 @@ CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Dec
 	NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T)
 CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...)
 	NOT-FOR-US: ACTi NVR3 Standard Server
-CVE-2020-15955
-	RESERVED
+CVE-2020-15955 (In s/qmail through 4.0.07, an active MitM can inject arbitrary plainte ...)
+	TODO: check
 CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...)
 	{DLA-2300-1}
 	- kdepim-runtime 4:20.04.1-2 (bug #966666)
@@ -61204,8 +61204,8 @@ CVE-2020-4994
 	RESERVED
 CVE-2020-4993 (IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature  ...)
 	NOT-FOR-US: IBM
-CVE-2020-4992
-	RESERVED
+CVE-2020-4992 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to  ...)
+	TODO: check
 CVE-2020-4991
 	RESERVED
 CVE-2020-4990 (IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote at ...)
@@ -61779,8 +61779,8 @@ CVE-2020-4708 (IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some
 	NOT-FOR-US: IBM
 CVE-2020-4707 (IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site s ...)
 	NOT-FOR-US: IBM
-CVE-2020-4706
-	RESERVED
+CVE-2020-4706 (IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header  ...)
+	TODO: check
 CVE-2020-4705 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
 	NOT-FOR-US: IBM
 CVE-2020-4704 (IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripti ...)
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 471acfd9d6..bbf503f94e 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,35 @@
+CVE-2021-39245
+	RESERVED
+CVE-2021-39244
+	RESERVED
+CVE-2021-39243
+	RESERVED
+CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
+	TODO: check
+CVE-2021-39241 (An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...)
+	TODO: check
+CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
+	TODO: check
+CVE-2021-39239
+	RESERVED
+CVE-2021-39238
+	RESERVED
+CVE-2021-39237
+	RESERVED
+CVE-2021-39236
+	RESERVED
+CVE-2021-39235
+	RESERVED
+CVE-2021-39234
+	RESERVED
+CVE-2021-39233
+	RESERVED
+CVE-2021-39232
+	RESERVED
+CVE-2021-39231
+	RESERVED
+CVE-2021-3713
+	RESERVED
 CVE-2021-XXXX [HTTP/2 vulnerabilities from 2.0 to 2.5-dev]
 	- haproxy <unfixed>
 	[bullseye] - haproxy 2.2.9-2+deb11u1
@@ -3263,7 +3295,7 @@ CVE-2021-37709 (Shopware is an open source eCommerce platform. Versions prior to
 	NOT-FOR-US: Shopware
 CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
 	NOT-FOR-US: Shopware
-CVE-2021-37707 (### Impact Manipulation of product reviews via API ### Patches We reco ...)
+CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
 	NOT-FOR-US: Shopware
 CVE-2021-37706
 	RESERVED
@@ -6711,8 +6743,8 @@ CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile
 	NOT-FOR-US: Echo ShareCare
 CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...)
 	NOT-FOR-US: Echo ShareCare
-CVE-2021-3633
-	RESERVED
+CVE-2021-3633 (A DLL preloading vulnerability was reported in Lenovo Driver Managemen ...)
+	TODO: check
 CVE-2021-36120
 	RESERVED
 CVE-2021-36119
@@ -8123,8 +8155,8 @@ CVE-2021-35494
 	RESERVED
 CVE-2021-35493
 	RESERVED
-CVE-2021-3619
-	RESERVED
+CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...)
+	TODO: check
 CVE-2021-35492
 	RESERVED
 CVE-2021-35491
@@ -8187,12 +8219,12 @@ CVE-2021-3618
 	NOTE: * Add ssl_sni_hostname option to require a match on incoming SNI hostname.
 	NOTE: sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2
 	NOTE: exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html
-CVE-2021-3617
-	RESERVED
-CVE-2021-3616
-	RESERVED
-CVE-2021-3615
-	RESERVED
+CVE-2021-3617 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+	TODO: check
+CVE-2021-3616 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+	TODO: check
+CVE-2021-3615 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+	TODO: check
 CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems that coul ...)
 	NOT-FOR-US: Lenovo
 CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...)
@@ -10573,7 +10605,7 @@ CVE-2021-34409
 CVE-2021-34408
 	RESERVED
 CVE-2021-34407
-	RESERVED
+	REJECTED
 CVE-2021-34406
 	RESERVED
 CVE-2021-34405
@@ -14160,10 +14192,10 @@ CVE-2021-32832
 	RESERVED
 CVE-2021-32831
 	RESERVED
-CVE-2021-32830
-	RESERVED
-CVE-2021-32829
-	RESERVED
+CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont  ...)
+	TODO: check
+CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...)
+	TODO: check
 CVE-2021-32828
 	RESERVED
 CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...)
@@ -22921,8 +22953,8 @@ CVE-2021-29315
 	RESERVED
 CVE-2021-29314
 	RESERVED
-CVE-2021-29313
-	RESERVED
+CVE-2021-29313 (Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the ...)
+	TODO: check
 CVE-2021-29312
 	RESERVED
 CVE-2021-29311
@@ -23459,10 +23491,10 @@ CVE-2021-29083 (Improper neutralization of special elements used in an OS comman
 	NOT-FOR-US: Synology
 CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not proper ...)
 	NOT-FOR-US: Motorola MH702x devices
-CVE-2021-3459
-	RESERVED
-CVE-2021-3458
-	RESERVED
+CVE-2021-3459 (A privilege escalation vulnerability was reported in the MM1000 device ...)
+	TODO: check
+CVE-2021-3458 (The Motorola MM1000 device configuration portal can be accessed withou ...)
+	TODO: check
 CVE-2021-29082 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
 	NOT-FOR-US: NETGEAR
 CVE-2021-29081 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
@@ -23525,8 +23557,8 @@ CVE-2021-29058
 	RESERVED
 CVE-2021-29057
 	RESERVED
-CVE-2021-29056
-	RESERVED
+CVE-2021-29056 (Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via  ...)
+	TODO: check
 CVE-2021-29055
 	RESERVED
 CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...)
@@ -30869,10 +30901,10 @@ CVE-2021-25959
 	RESERVED
 CVE-2021-25958
 	RESERVED
-CVE-2021-25957
-	RESERVED
-CVE-2021-25956
-	RESERVED
+CVE-2021-25957 (In &#8220;Dolibarr&#8221; application, v2.8.1 to v13.0.2 are vulnerabl ...)
+	TODO: check
+CVE-2021-25956 (In &#8220;Dolibarr&#8221; application, v3.3.beta1_20121221 to v13.0.2  ...)
+	TODO: check
 CVE-2021-25955 (In &#8220;Dolibarr ERP CRM&#8221;, WYSIWYG Editor module, v2.8.1 to v1 ...)
 	- dolibarr <removed>
 	NOTE: https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9938b903fb2afa297db289ecc93e
@@ -32633,8 +32665,8 @@ CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connec
 	NOT-FOR-US: Sophos Connect Client
 CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...)
 	NOT-FOR-US: Sophos
-CVE-2021-25263
-	RESERVED
+CVE-2021-25263 (Clickhouse prior to versions v20.8.18.32-lts, v21.1.9.41-stable, v21.2 ...)
+	TODO: check
 CVE-2021-25262
 	RESERVED
 CVE-2021-25261
@@ -39458,8 +39490,8 @@ CVE-2021-22158 (The Proofpoint Insider Threat Management Server (formerly Observ
 	NOT-FOR-US: Proofpoint Insider Threat Management Server
 CVE-2021-22157 (Proofpoint Insider Threat Management Server (formerly ObserveIT Server ...)
 	NOT-FOR-US: Proofpoint Insider Threat Management Server
-CVE-2021-22156
-	RESERVED
+CVE-2021-22156 (An integer overflow vulnerability in the calloc() function of the C ru ...)
+	TODO: check
 CVE-2021-22155 (An Authentication Bypass vulnerability in the SAML Authentication comp ...)
 	NOT-FOR-US: BlackBerry Workspaces Server
 CVE-2021-22154 (An Information Disclosure vulnerability in the Management Console comp ...)
@@ -40135,8 +40167,8 @@ CVE-2021-21834
 	RESERVED
 CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...)
 	NOT-FOR-US: Accusoft ImageGear
-CVE-2021-21832
-	RESERVED
+CVE-2021-21832 (A VULNERABILITY_CLASS vulnerability exists in the FEATURE functionalit ...)
+	TODO: check
 CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
 	NOT-FOR-US: Foxit
 CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
@@ -48628,27 +48660,21 @@ CVE-2021-0648
 	RESERVED
 CVE-2021-0647
 	RESERVED
-CVE-2021-0646
-	RESERVED
+CVE-2021-0646 (In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bound ...)
 	NOT-FOR-US: Android
-CVE-2021-0645
-	RESERVED
+CVE-2021-0645 (In shouldBlockFromTree of ExternalStorageProvider.java, there is a pos ...)
 	NOT-FOR-US: Android
 CVE-2021-0644
 	RESERVED
 CVE-2021-0643
 	RESERVED
-CVE-2021-0642
-	RESERVED
+CVE-2021-0642 (In onResume of VoicemailSettingsFragment.java, there is a possible way ...)
 	NOT-FOR-US: Android
-CVE-2021-0641
-	RESERVED
+CVE-2021-0641 (In getAvailableSubscriptionInfoList of SubscriptionController.java, th ...)
 	NOT-FOR-US: Android
-CVE-2021-0640
-	RESERVED
+CVE-2021-0640 (In noteAtomLogged of StatsdStats.cpp, there is a possible out of bound ...)
 	NOT-FOR-US: Android
-CVE-2021-0639
-	RESERVED
+CVE-2021-0639 (In multiple functions of libl3oemcrypto.cpp, there is a possible weakn ...)
 	NOT-FOR-US: Widevine
 CVE-2021-0638
 	RESERVED
@@ -48744,13 +48770,11 @@ CVE-2021-0595
 	RESERVED
 CVE-2021-0594 (In onCreate of ConfirmConnectActivity, there is a possible remote bypa ...)
 	NOT-FOR-US: Android
-CVE-2021-0593
-	RESERVED
+CVE-2021-0593 (In sendDevicePickedIntent of DevicePickerFragment.java, there is a pos ...)
 	NOT-FOR-US: Android
 CVE-2021-0592 (In various functions in WideVine, there are possible out of bounds wri ...)
 	NOT-FOR-US: Widevine
-CVE-2021-0591
-	RESERVED
+CVE-2021-0591 (In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, ther ...)
 	NOT-FOR-US: Android
 CVE-2021-0590 (In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a p ...)
 	NOT-FOR-US: Android
@@ -48764,38 +48788,29 @@ CVE-2021-0586 (In onCreate of DevicePickerFragment.java, there is a possible way
 	NOT-FOR-US: Android
 CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a possible ...)
 	NOT-FOR-US: Android
-CVE-2021-0584
-	RESERVED
+CVE-2021-0584 (In verifyBufferObject of Parcel.cpp, there is a possible out of bounds ...)
 	NOT-FOR-US: Android
 CVE-2021-0583
 	RESERVED
-CVE-2021-0582
-	RESERVED
+CVE-2021-0582 (In wifi driver, there is a possible out of bounds read due to a missin ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0581
-	RESERVED
+CVE-2021-0581 (In wifi driver, there is a possible out of bounds read due to a missin ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0580
-	RESERVED
+CVE-2021-0580 (In wifi driver, there is a possible out of bounds read due to a missin ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0579
-	RESERVED
+CVE-2021-0579 (In wifi driver, there is a possible out of bounds read due to a missin ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0578
-	RESERVED
+CVE-2021-0578 (In wifi driver, there is a possible out of bounds read due to a missin ...)
 	NOT-FOR-US: MediaTek components for Android
 CVE-2021-0577 (In flv extractor, there is a possible out of bounds write due to a hea ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0576
-	RESERVED
+CVE-2021-0576 (In flv extractor, there is a possible out of bounds write due to a mis ...)
 	NOT-FOR-US: MediaTek components for Android
 CVE-2021-0575
 	RESERVED
-CVE-2021-0574
-	RESERVED
+CVE-2021-0574 (In asf extractor, there is a possible out of bounds write due to a mis ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2021-0573
-	RESERVED
+CVE-2021-0573 (In asf extractor, there is a possible out of bounds write due to a mis ...)
 	NOT-FOR-US: MediaTek components for Android
 CVE-2021-0572 (In doNotification of AccountManagerService.java, there is a possible p ...)
 	NOT-FOR-US: Android
@@ -48903,8 +48918,7 @@ CVE-2021-0521 (In getAllPackages of PackageManagerService, there is a possible i
 	NOT-FOR-US: Android
 CVE-2021-0520 (In several functions of MemoryFileSystem.cpp and related files, there  ...)
 	NOT-FOR-US: Android media framework
-CVE-2021-0519
-	RESERVED
+CVE-2021-0519 (In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of b ...)
 	NOT-FOR-US: Google Play
 CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there i ...)
 	NOT-FOR-US: Android