automatic update

4 files changed, 66 insertions, 56 deletions

diff --git a/data/CVE/list.2016 b/data/CVE/list.2016
index 3d64cf9289..a77257c409 100644
--- a/data/CVE/list.2016
+++ b/data/CVE/list.2016
@@ -22032,7 +22032,7 @@ CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does not properly restrict acces
 CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allo ...)
 	NOT-FOR-US: Red Hat / JBoss Operations Network server
 CVE-2016-3736
-	RESERVED
+	REJECTED
 CVE-2016-3735
 	RESERVED
 CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ...)
@@ -23615,7 +23615,7 @@ CVE-2016-3104 (mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow
 	NOTE: MongoDB 2.4 installation with authentication enabled, upgraded
 	NOTE: to 2.6, and did not complete a full upgrade
 CVE-2016-3103
-	RESERVED
+	REJECTED
 CVE-2016-3102 (The Script Security plugin before 1.18.1 in Jenkins might allow remote ...)
 	- jenkins <removed>
 CVE-2016-3101 (Cross-site scripting (XSS) vulnerability in the Extra Columns plugin b ...)
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index d8cc0ed6f9..9e675c2bf0 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -8953,7 +8953,7 @@ CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to vers
 	NOTE: https://github.com/pyca/pyopenssl/pull/723
 	NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
 CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 con ...)
-	{DLA-1556-1}
+	{DLA-2860-1 DLA-1556-1}
 	- paramiko 2.4.2-0.1 (bug #910760)
 	NOTE: https://github.com/paramiko/paramiko/issues/1283
 	NOTE: https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce
@@ -9414,8 +9414,8 @@ CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ether
 	NOT-FOR-US: Greedy 599
 CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version o ...)
 	NOT-FOR-US: Coaster CMS
-CVE-2018-17875
-	RESERVED
+CVE-2018-17875 (A remote code execution issue in the ping command on Poly Trio 8800 5. ...)
+	TODO: check
 CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
 	NOT-FOR-US: ExpressionEngine
 CVE-2018-17873 (An incorrect access control vulnerability in the FTP configuration of  ...)
@@ -35629,7 +35629,7 @@ CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f
 CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko before 1.17. ...)
-	{DLA-1556-1}
+	{DLA-2860-1 DLA-1556-1}
 	- paramiko 2.4.2-0.1 (bug #892859)
 	[wheezy] - paramiko <no-dsa> (Minor issue)
 	NOTE: https://github.com/paramiko/paramiko/issues/1175
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index 498646550e..057d3c4012 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -2433,8 +2433,8 @@ CVE-2019-20084
 	RESERVED
 CVE-2019-20083
 	RESERVED
-CVE-2019-20082
-	RESERVED
+CVE-2019-20082 (ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long ...)
+	TODO: check
 CVE-2019-20081
 	RESERVED
 CVE-2019-20080
@@ -6048,7 +6048,7 @@ CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Lin
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78
 CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
-	{DLA-2667-1 DLA-1985-1}
+	{DSA-5032-1 DLA-2667-1 DLA-1985-1}
 	- djvulibre 3.5.27.1-14 (bug #945114)
 	NOTE: https://sourceforge.net/p/djvu/bugs/309/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/
@@ -14967,22 +14967,22 @@ CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GP
 CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in ...)
 	NOT-FOR-US: gpmf-parser
 CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack  ...)
-	{DLA-2667-1 DLA-1902-1}
+	{DSA-5032-1 DLA-2667-1 DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
 	NOTE: https://sourceforge.net/p/djvu/bugs/298/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
 CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate&lt; ...)
-	{DLA-2667-1 DLA-1902-1}
+	{DSA-5032-1 DLA-2667-1 DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
 	NOTE: https://sourceforge.net/p/djvu/bugs/299/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
 CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
-	{DLA-2667-1 DLA-1902-1}
+	{DSA-5032-1 DLA-2667-1 DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
 	NOTE: https://sourceforge.net/p/djvu/bugs/297/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
 CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
-	{DLA-2667-1 DLA-1902-1}
+	{DSA-5032-1 DLA-2667-1 DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
 	NOTE: https://sourceforge.net/p/djvu/bugs/296/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
@@ -36347,7 +36347,7 @@ CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows
 CVE-2019-7650
 	RESERVED
 CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CL ...)
-	{DLA-1717-1}
+	{DLA-2861-1 DLA-1717-1}
 	- rdflib 4.2.2-2 (low; bug #921751)
 	NOTE: Debian specific issue as respective scripts are overwritten in Debian
 	NOTE: packaging as wrappers invoking python -m.
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 5f6eac0c47..3726e21231 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,13 @@
+CVE-2021-45913
+	RESERVED
+CVE-2021-45912
+	RESERVED
+CVE-2021-44775
+	RESERVED
+CVE-2021-44465
+	RESERVED
+CVE-2021-4187
+	RESERVED
 CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer  ...)
 	- gif2apng <unfixed> (bug #1002687)
 CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer  ...)
@@ -16,8 +26,8 @@ CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. ..
 	NOT-FOR-US: OpenWrt
 CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. ...)
 	NOT-FOR-US: OpenWrt
-CVE-2021-45903
-	RESERVED
+CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interface of  ...)
+	TODO: check
 CVE-2021-45902
 	RESERVED
 CVE-2021-45901
@@ -206,12 +216,12 @@ CVE-2021-45816
 	RESERVED
 CVE-2021-45815
 	RESERVED
-CVE-2021-45814
-	RESERVED
-CVE-2021-45813
-	RESERVED
-CVE-2021-45812
-	RESERVED
+CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...)
+	TODO: check
+CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...)
+	TODO: check
+CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site  ...)
+	TODO: check
 CVE-2021-45811
 	RESERVED
 CVE-2021-45810
@@ -372,8 +382,8 @@ CVE-2021-45733
 	RESERVED
 CVE-2021-4180
 	RESERVED
-CVE-2021-4179
-	RESERVED
+CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+	TODO: check
 CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...)
 	TODO: check
 CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
@@ -1145,8 +1155,8 @@ CVE-2021-45427
 	RESERVED
 CVE-2021-45426
 	RESERVED
-CVE-2021-45425
-	RESERVED
+CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 an ...)
+	TODO: check
 CVE-2021-45424
 	RESERVED
 CVE-2021-45423
@@ -1882,7 +1892,7 @@ CVE-2021-XXXX [Fix possible privilege escalation]
 	[bullseye] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release)
 	[buster] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1)
-CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) di ...)
+CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...)
 	{DSA-5024-1 DLA-2852-1}
 	- apache-log4j2 2.17.0-1 (bug #1001891)
 	NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
@@ -1979,7 +1989,7 @@ CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with th
 	NOTE: https://jira.qos.ch/browse/LOGBACK-1591
 	NOTE: https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1 (v_1.2.8)
 CVE-2021-44771
-	RESERVED
+	REJECTED
 CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)
 	- janus <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190
@@ -1992,7 +2002,7 @@ CVE-2021-4122
 CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During  ...)
 	NOT-FOR-US: yetiforcecrm
 CVE-2021-23151
-	RESERVED
+	REJECTED
 CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...)
 	- linux <unfixed> (unimportant)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -4145,7 +4155,7 @@ CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Wind
 	NOT-FOR-US: Burp Suite (different from src:burp)
 CVE-2021-44229
 	RESERVED
-CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI  ...)
+CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...)
 	{DSA-5020-1 DLA-2842-1}
 	- apache-log4j2 2.15.0-1 (bug #1001478)
 	- apache-log4j1.2 <not-affected> (Vulnerable code not present)
@@ -5854,12 +5864,12 @@ CVE-2021-3941
 	NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed
 CVE-2021-3940
 	RESERVED
-CVE-2021-43556
-	RESERVED
+CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...)
+	TODO: check
 CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...)
 	NOT-FOR-US: mySCADA myDESIGNER
-CVE-2021-43554
-	RESERVED
+CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an  ...)
+	TODO: check
 CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...)
 	NOT-FOR-US: OSIsoft
 CVE-2021-43552 (The use of a hard-coded cryptographic key significantly increases the  ...)
@@ -8179,8 +8189,8 @@ CVE-2021-42585
 	RESERVED
 CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...)
 	NOT-FOR-US: Convos-Chat
-CVE-2021-42583
-	RESERVED
+CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy  ...)
+	TODO: check
 CVE-2021-42582
 	RESERVED
 CVE-2021-42581
@@ -12966,8 +12976,8 @@ CVE-2021-40581
 	RESERVED
 CVE-2021-40580
 	RESERVED
-CVE-2021-40579
-	RESERVED
+CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management System in ...)
+	TODO: check
 CVE-2021-40578 (Authenticated Blind &amp; Error-based SQL injection vulnerability was  ...)
 	NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
 CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
@@ -20727,10 +20737,10 @@ CVE-2021-3660
 	[bullseye] - cockpit <ignored> (Minor issue)
 	[buster] - cockpit <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688
-CVE-2021-37401
-	RESERVED
-CVE-2021-37400
-	RESERVED
+CVE-2021-37401 (An attacker may obtain the user credentials from file servers, backup  ...)
+	TODO: check
+CVE-2021-37400 (An attacker may obtain the user credentials from the communication bet ...)
+	TODO: check
 CVE-2021-37399
 	RESERVED
 CVE-2021-37398
@@ -24057,7 +24067,7 @@ CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.
 CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...)
 	NOT-FOR-US: Western Digital
 CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...)
-	{DLA-2702-1}
+	{DSA-5032-1 DLA-2702-1}
 	- djvulibre 3.5.27.1-12
 	NOTE: https://sourceforge.net/p/djvu/bugs/302/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/
@@ -26134,10 +26144,10 @@ CVE-2021-35034
 	RESERVED
 CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...)
 	NOT-FOR-US: Zyxel
-CVE-2021-35032
-	RESERVED
-CVE-2021-35031
-	RESERVED
+CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...)
+	TODO: check
+CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XG ...)
+	TODO: check
 CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8 firmwar ...)
 	NOT-FOR-US: Zyxel
 CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...)
@@ -32246,22 +32256,22 @@ CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhos
 CVE-2021-3542
 	REJECTED
 CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overfl ...)
-	{DLA-2667-1}
+	{DSA-5032-1 DLA-2667-1}
 	- djvulibre 3.5.28-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12)
 CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds rea ...)
-	{DLA-2667-1}
+	{DSA-5032-1 DLA-2667-1}
 	- djvulibre 3.5.28-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10)
 CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow  ...)
-	{DLA-2667-1}
+	{DSA-5032-1 DLA-2667-1}
 	- djvulibre 3.5.28-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9)
 CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds wri ...)
-	{DLA-2667-1}
+	{DSA-5032-1 DLA-2667-1}
 	- djvulibre 3.5.28-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8)
@@ -34972,7 +34982,7 @@ CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present
 	NOTE: Fixed by: https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c
 	NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8)
 CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in  ...)
-	{DLA-2667-1}
+	{DSA-5032-1 DLA-2667-1}
 	- djvulibre 3.5.28-2 (bug #988215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
 	NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch
@@ -54761,8 +54771,8 @@ CVE-2021-3097
 	RESERVED
 CVE-2021-3096
 	RESERVED
-CVE-2021-3095
-	RESERVED
+CVE-2021-3095 (A remote attacker with write access to PI Vision could inject code int ...)
+	TODO: check
 CVE-2021-3094
 	RESERVED
 CVE-2021-3093
@@ -54771,8 +54781,8 @@ CVE-2021-3092
 	RESERVED
 CVE-2021-3091
 	RESERVED
-CVE-2021-3090
-	RESERVED
+CVE-2021-3090 (PI Vision could disclose information to a user with insufficient privi ...)
+	TODO: check
 CVE-2021-3089
 	RESERVED
 CVE-2021-3088