automatic update

1 files changed, 42 insertions, 37 deletions

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 35230b2592..8899e65918 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -358,11 +358,13 @@ CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3,
 	NOTE: https://github.com/libexpat/libexpat/pull/538
 	NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b
 CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+	{DLA-2883-1}
 	- uriparser 0.9.6+dfsg-1
 	NOTE: https://github.com/uriparser/uriparser/issues/122
 	NOTE: https://github.com/uriparser/uriparser/commit/c0483990e6b5b454f7c8752b36760cfcb0d093f5 (uriparser-0.9.6)
 	NOTE: https://github.com/uriparser/uriparser/pull/124
 CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+	{DLA-2883-1}
 	- uriparser 0.9.6+dfsg-1
 	NOTE: https://github.com/uriparser/uriparser/issues/121
 	NOTE: https://github.com/uriparser/uriparser/commit/b1a34743bc1472e055d886e29e9b53f670eb3282 (uriparser-0.9.6)
@@ -884,7 +886,7 @@ CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (calle
 	NOT-FOR-US: wasm3
 CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
 	NOT-FOR-US: wasm3
-CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::_ ...)
+CVE-2021-45945 (** DISPUTED ** uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds  ...)
 	NOT-FOR-US: uWebSockets
 CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...)
 	{DSA-5038-1 DLA-2879-1}
@@ -941,6 +943,7 @@ CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertib
 	NOTE: https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81 (2.9.1)
 	TODO: check correctness of commit, might not affect any Debian released version
 CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...)
+	{DLA-2885-1}
 	- qtsvg-opensource-src 5.15.2-4 (bug #1002991)
 	[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -1601,8 +1604,8 @@ CVE-2021-4173 (vim is vulnerable to Use After Free ...)
 	NOTE: Fixed by: https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 (v8.2.3902)
 CVE-2021-4172
 	RESERVED
-CVE-2021-4171
-	RESERVED
+CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors ...)
+	TODO: check
 CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
 	NOT-FOR-US: Netgear
 CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. ...)
@@ -2040,8 +2043,8 @@ CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
 	NOTE: https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (v8.2.3884)
 CVE-2021-4165
 	RESERVED
-CVE-2021-4164
-	RESERVED
+CVE-2021-4164 (calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
 CVE-2021-4163
 	RESERVED
 CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -10858,8 +10861,8 @@ CVE-2021-42010
 	RESERVED
 CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...)
 	NOT-FOR-US: Apache Traffic Control
-CVE-2021-3862
-	RESERVED
+CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web  ...)
+	TODO: check
 CVE-2021-3861
 	RESERVED
 CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...)
@@ -10949,8 +10952,8 @@ CVE-2021-41974 (Tad Book3 editing book page does not perform identity verificati
 	NOT-FOR-US: Tad Book3
 CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: snipe-it
-CVE-2021-3857
-	RESERVED
+CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
+	TODO: check
 CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
 	NOT-FOR-US: Apache MINA
 CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
@@ -11182,8 +11185,8 @@ CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before
 	TODO: check details, exact fixing commits unclear
 CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...)
 	NOT-FOR-US: MyBB
-CVE-2021-3853
-	RESERVED
+CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
+	TODO: check
 CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...)
 	TODO: check
 CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...)
@@ -18278,8 +18281,8 @@ CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileg
 	NOT-FOR-US: IBM
 CVE-2021-38966 (IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site script ...)
 	NOT-FOR-US: IBM
-CVE-2021-38965
-	RESERVED
+CVE-2021-38965 (IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remo ...)
+	TODO: check
 CVE-2021-38964
 	RESERVED
 CVE-2021-38963
@@ -32282,8 +32285,8 @@ CVE-2021-33042
 	RESERVED
 CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...)
 	NOT-FOR-US: vmd
-CVE-2021-33040
-	RESERVED
+CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...)
+	TODO: check
 CVE-2021-33039
 	RESERVED
 CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...)
@@ -36958,6 +36961,7 @@ CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, in
 CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request forgery ...)
 	NOT-FOR-US: Siren Investigate
 CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
+	{DLA-2886-1}
 	- slurm-wlm 20.11.7+really20.11.4-2 (bug #988439)
 	- slurm-llnl <removed>
 	[buster] - slurm-llnl <no-dsa> (Minor issue)
@@ -40374,6 +40378,7 @@ CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4
 	NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a
 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file]
 	RESERVED
+	{DLA-2885-1}
 	- qtsvg-opensource-src 5.15.2-3 (bug #986798)
 	[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	- qt4-x11 <removed>
@@ -52260,20 +52265,20 @@ CVE-2021-25069
 	RESERVED
 CVE-2021-25068
 	RESERVED
-CVE-2021-25067
-	RESERVED
+CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected  ...)
+	TODO: check
 CVE-2021-25066
 	RESERVED
-CVE-2021-25065
-	RESERVED
+CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...)
+	TODO: check
 CVE-2021-25064
 	RESERVED
 CVE-2021-25063
 	RESERVED
 CVE-2021-25062
 	RESERVED
-CVE-2021-25061
-	RESERVED
+CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...)
+	TODO: check
 CVE-2021-25060
 	RESERVED
 CVE-2021-25059
@@ -52302,8 +52307,8 @@ CVE-2021-25048
 	RESERVED
 CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affecte ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-25046
-	RESERVED
+CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed a ...)
+	TODO: check
 CVE-2021-25045
 	RESERVED
 CVE-2021-25044
@@ -52320,10 +52325,10 @@ CVE-2021-25039
 	RESERVED
 CVE-2021-25038
 	RESERVED
-CVE-2021-25037
-	RESERVED
-CVE-2021-25036
-	RESERVED
+CVE-2021-25037 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by an a ...)
+	TODO: check
+CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Pr ...)
+	TODO: check
 CVE-2021-25035
 	RESERVED
 CVE-2021-25034
@@ -52344,10 +52349,10 @@ CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25026
 	RESERVED
-CVE-2021-25025
-	RESERVED
-CVE-2021-25024
-	RESERVED
+CVE-2021-25025 (The EventCalendar WordPress plugin before 1.1.51 does not have proper  ...)
+	TODO: check
+CVE-2021-25024 (The EventCalendar WordPress plugin before 1.1.51 does not escape some  ...)
+	TODO: check
 CVE-2021-25023 (The Speed Booster Pack &#9889; PageSpeed Optimization Suite WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25022 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
@@ -52384,8 +52389,8 @@ CVE-2021-25007
 	RESERVED
 CVE-2021-25006
 	RESERVED
-CVE-2021-25005
-	RESERVED
+CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...)
+	TODO: check
 CVE-2021-25004
 	RESERVED
 CVE-2021-25003
@@ -52576,8 +52581,8 @@ CVE-2021-24911
 	RESERVED
 CVE-2021-24910
 	RESERVED
-CVE-2021-24909
-	RESERVED
+CVE-2021-24909 (The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not san ...)
+	TODO: check
 CVE-2021-24908 (The Check &amp; Log Email WordPress plugin before 1.0.4 does not escap ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugin befo ...)
@@ -52718,8 +52723,8 @@ CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticat
 	NOT-FOR-US: WordPress theme
 CVE-2021-24839
 	RESERVED
-CVE-2021-24838
-	RESERVED
+CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...)
+	TODO: check
 CVE-2021-24837
 	RESERVED
 CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before 1.7.1 doe ...)