automatic update

3 files changed, 67 insertions, 40 deletions

diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 74c4158662..dd3a53e775 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -41886,8 +41886,8 @@ CVE-2019-5319
 	RESERVED
 CVE-2019-5318
 	RESERVED
-CVE-2019-5317
-	RESERVED
+CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...)
+	TODO: check
 CVE-2019-5316
 	RESERVED
 CVE-2019-5315 (A command injection vulnerability is present in the web management int ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 4caad7d110..1a54e4ed83 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -8761,10 +8761,12 @@ CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to
 CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using Symbolic link ...)
 	NOT-FOR-US: G-Data
 CVE-2020-27171 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
+	{DLA-2610-1}
 	- linux 5.10.24-1
 	[buster] - linux 4.19.181-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/3
 CVE-2020-27170 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
+	{DLA-2610-1}
 	- linux 5.10.24-1
 	[buster] - linux 4.19.181-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/2
@@ -13393,10 +13395,10 @@ CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows
 	- libproxy 0.4.15-15 (bug #971394)
 	NOTE: https://github.com/libproxy/libproxy/issues/134
 	NOTE: https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0
-CVE-2020-25218
-	RESERVED
-CVE-2020-25217
-	RESERVED
+CVE-2020-25218 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...)
+	TODO: check
+CVE-2020-25217 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...)
+	TODO: check
 CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...)
 	NOT-FOR-US: yWorks yEd Desktop
 CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...)
@@ -14691,8 +14693,8 @@ CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for a
 	NOT-FOR-US: ArubaOS GRUB2 implementation (CVE specific to ArubaOS)
 CVE-2020-24636
 	RESERVED
-CVE-2020-24635
-	RESERVED
+CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was discovered  ...)
+	TODO: check
 CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...)
 	NOT-FOR-US: Aruba
 CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could lead to  ...)
@@ -53031,8 +53033,8 @@ CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered whe
 	NOT-FOR-US: DaviewIndy
 CVE-2020-7851
 	RESERVED
-CVE-2020-7850
-	RESERVED
+CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...)
+	TODO: check
 CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...)
 	NOT-FOR-US: uPrism.io CURIX
 CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 15935d11d4..8e4557c9ba 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,25 @@
+CVE-2021-3473
+	RESERVED
+CVE-2021-3472
+	RESERVED
+CVE-2021-29422
+	RESERVED
+CVE-2021-29421
+	RESERVED
+CVE-2021-29420
+	RESERVED
+CVE-2021-29419
+	RESERVED
+CVE-2021-29418
+	RESERVED
+CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...)
+	TODO: check
+CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
+	TODO: check
+CVE-2021-29415
+	RESERVED
+CVE-2021-29414
+	RESERVED
 CVE-2021-29413
 	RESERVED
 CVE-2021-29412
@@ -296,8 +318,8 @@ CVE-2021-29269
 	RESERVED
 CVE-2021-29268
 	RESERVED
-CVE-2021-29267
-	RESERVED
+CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...)
+	TODO: check
 CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...)
 	- linux 5.10.26-1 (unimportant)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -996,8 +1018,8 @@ CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security chec
 	- openssl1.0 <not-affected> (Vulnerable code introduced in 1.1.1h)
 	NOTE: https://www.openssl.org/news/secadv/20210325.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
-CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.l ...)
-	{DLA-2606-1}
+CVE-2021-28957 (An XSS vulnerability was discovered in python-lxml's clean module vers ...)
+	{DSA-4880-1 DLA-2606-1}
 	- lxml 4.6.3-1 (bug #985643)
 	NOTE: https://bugs.launchpad.net/lxml/+bug/1888153
 	NOTE: https://github.com/lxml/lxml/pull/316
@@ -1039,10 +1061,10 @@ CVE-2021-28939
 	RESERVED
 CVE-2021-28938
 	RESERVED
-CVE-2021-28937
-	RESERVED
-CVE-2021-28936
-	RESERVED
+CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...)
+	TODO: check
+CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...)
+	TODO: check
 CVE-2021-28935
 	RESERVED
 CVE-2021-28934
@@ -1575,14 +1597,14 @@ CVE-2021-28675
 	RESERVED
 CVE-2021-28674
 	RESERVED
-CVE-2021-28673
-	RESERVED
+CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...)
+	TODO: check
 CVE-2021-28672
 	RESERVED
 CVE-2021-28671
 	RESERVED
-CVE-2021-28670
-	RESERVED
+CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...)
+	TODO: check
 CVE-2021-28669
 	RESERVED
 CVE-2021-28668
@@ -1619,6 +1641,7 @@ CVE-2021-28687 [HVM soft-reset crashes toolstack]
 	[stretch] - xen <not-affected> (Vulnerable code introduced later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-368.html
 CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...)
+	{DLA-2610-1}
 	- linux 5.10.24-1
 	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7
@@ -2751,6 +2774,7 @@ CVE-2021-3429
 	NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668
 CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
 	RESERVED
+	{DLA-2610-1}
 	- linux 5.8.7-1
 	[buster] - linux 4.19.181-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786
@@ -3215,7 +3239,7 @@ CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-369.html
 CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...)
-	{DLA-2586-1}
+	{DLA-2610-1 DLA-2586-1}
 	- linux 5.10.24-1
 	[buster] - linux 4.19.181-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-367.html
@@ -3267,7 +3291,7 @@ CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 bef
 	- mariadb-10.1 <removed>
 	NOTE: https://jira.mariadb.org/browse/MDEV-25179
 	NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27
-CVE-2021-27927 (In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x befor ...)
+CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...)
 	- zabbix 1:5.0.8+dfsg-1
 	[stretch] - zabbix <no-dsa> (minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-18942
@@ -4495,18 +4519,18 @@ CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend
 CVE-2021-27366
 	RESERVED
 CVE-2021-27365 (An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...)
-	{DLA-2586-1}
+	{DLA-2610-1 DLA-2586-1}
 	- linux 5.10.24-1
 	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee
 	NOTE: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
 CVE-2021-27364 (An issue was discovered in the Linux kernel through 5.11.3. drivers/sc ...)
-	{DLA-2586-1}
+	{DLA-2610-1 DLA-2586-1}
 	- linux 5.10.24-1
 	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
 CVE-2021-27363 (An issue was discovered in the Linux kernel through 5.11.3. A kernel p ...)
-	{DLA-2586-1}
+	{DLA-2610-1 DLA-2586-1}
 	- linux 5.10.24-1
 	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
@@ -4530,8 +4554,8 @@ CVE-2021-27354
 	RESERVED
 CVE-2021-27353
 	RESERVED
-CVE-2021-27352
-	RESERVED
+CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 allows attac ...)
+	TODO: check
 CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...)
 	- telegram-desktop 2.6.1-1
 	[buster] - telegram-desktop <not-affected> (Vulnerable code not present)
@@ -5465,17 +5489,17 @@ CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a gue
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-364.html
 CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...)
-	{DLA-2586-1}
+	{DLA-2610-1 DLA-2586-1}
 	- linux 5.10.19-1
 	[buster] - linux 4.19.177-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-361.html
 CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...)
-	{DLA-2586-1}
+	{DLA-2610-1 DLA-2586-1}
 	- linux 5.10.19-1
 	[buster] - linux 4.19.177-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-362.html
 CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...)
-	{DLA-2586-1}
+	{DLA-2610-1 DLA-2586-1}
 	- linux 5.10.19-1
 	[buster] - linux 4.19.177-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-365.html
@@ -6945,6 +6969,7 @@ CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version
 	NOTE: Introduced by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e76617cbab018dd8f41fd6b4ec6740b5303f7e13
 	NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08
 CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10 ...)
+	{DLA-2610-1}
 	- linux 5.10.13-1
 	[buster] - linux 4.19.177-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -9794,10 +9819,10 @@ CVE-2021-25146
 	RESERVED
 CVE-2021-25145
 	RESERVED
-CVE-2021-25144
-	RESERVED
-CVE-2021-25143
-	RESERVED
+CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
+	TODO: check
+CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some  ...)
+	TODO: check
 CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
 	NOT-FOR-US: HPE
 CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...)
@@ -13614,8 +13639,8 @@ CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-con
 	NOT-FOR-US: Node killport
 CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...)
 	NOT-FOR-US: Node port-killer
-CVE-2021-23358
-	RESERVED
+CVE-2021-23358 (The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 a ...)
+	TODO: check
 CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...)
 	NOT-FOR-US: tyk/gateway
 CVE-2021-23356 (This affects all versions of package kill-process-by-name. If (attacke ...)
@@ -16970,8 +16995,8 @@ CVE-2021-21729
 	RESERVED
 CVE-2021-21728
 	RESERVED
-CVE-2021-21727
-	RESERVED
+CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...)
+	TODO: check
 CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with  ...)