automatic update

6 files changed, 117 insertions, 102 deletions

diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 6fa180d99d..2ae056a5bb 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -3482,8 +3482,8 @@ CVE-2013-6278
 	RESERVED
 CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
 	NOT-FOR-US: QNAP
-CVE-2013-6276
-	RESERVED
+CVE-2013-6276 (** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 ...)
+	TODO: check
 CVE-2013-6274
 	RESERVED
 CVE-2013-6273
@@ -7062,11 +7062,9 @@ CVE-2013-4720 (SQL injection vulnerability in the WEC Discussion Forum extension
 	NOT-FOR-US: WEC Discussion Forum
 CVE-2013-4719 (SQL injection vulnerability in the SEO Pack for tt_news extension befo ...)
 	NOT-FOR-US: SEO Pack for tt_news extension for TYPO3
-CVE-2013-4718 [XSS]
-	RESERVED
+CVE-2013-4718 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
 	NOT-FOR-US: OTRS ITSM
-CVE-2013-4717 [SQL injection]
-	RESERVED
+CVE-2013-4717 (Multiple SQL injection vulnerabilities in Open Ticket Request System ( ...)
 	{DSA-2733-1}
 	- otrs2 3.2.9-1
 	NOTE: http://web.archive.org/web/20131023033811/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-05/
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index ae5f290d2e..d863138f06 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -3449,8 +3449,7 @@ CVE-2014-9322 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does
 	[squeeze] - linux-2.6 2.6.32-48squeeze9
 CVE-2014-9321
 	RESERVED
-CVE-2014-9320
-	RESERVED
+CVE-2014-9320 (SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_ ...)
 	NOT-FOR-US: SAP Business Objects
 CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg  ...)
 	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 297d0bb3a7..7bf9ede6ec 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -5661,8 +5661,8 @@ CVE-2015-7733
 	RESERVED
 CVE-2015-7732 (The Avira Mobile Security app before 1.5.11 for iOS sends sensitive lo ...)
 	NOT-FOR-US: Avira Mobile Security app
-CVE-2015-7731
-	RESERVED
+CVE-2015-7731 (SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the  ...)
+	TODO: check
 CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and Bus ...)
 	NOT-FOR-US: SAP BusinessObjects
 CVE-2015-7729 (Eval injection in test-net.xsjs in the Web-based Development Workbench ...)
@@ -21464,10 +21464,10 @@ CVE-2015-2076 (The Auditing service in SAP BusinessObjects Edge 4.0 allows remot
 	NOT-FOR-US: SAP
 CVE-2015-2075 (SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit e ...)
 	NOT-FOR-US: SAP
-CVE-2015-2074
-	RESERVED
-CVE-2015-2073
-	RESERVED
+CVE-2015-2074 (The File Repository Server (FRS) CORBA listener in SAP BussinessObject ...)
+	TODO: check
+CVE-2015-2073 (The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObject ...)
+	TODO: check
 CVE-2015-2072 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1. ...)
 	NOT-FOR-US: SAP
 CVE-2015-2071 (Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouc ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 995b3fa8e9..50ef69ed63 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -9416,16 +9416,16 @@ CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices allows
 	NOT-FOR-US: DASAN H660GW device
 CVE-2018-17866 (Multiple cross-site scripting (XSS) vulnerabilities in includes/core/u ...)
 	NOT-FOR-US: "Ultimate Member - User Profile & Membership" plugin for WordPress
-CVE-2018-17865
-	RESERVED
+CVE-2018-17865 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...)
+	TODO: check
 CVE-2018-17864
 	RESERVED
 CVE-2018-17863
 	RESERVED
-CVE-2018-17862
-	RESERVED
-CVE-2018-17861
-	RESERVED
+CVE-2018-17862 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...)
+	TODO: check
+CVE-2018-17861 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...)
+	TODO: check
 CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be revoked.Th ...)
 	NOT-FOR-US: Cloudera
 CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...)
@@ -12029,7 +12029,7 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=87ad860c622cc8f8916b5232bd8728c08f938fce
 CVE-2018-16846 (It was found in Ceph versions before 13.2.4 that authenticated ceph RG ...)
-	{DLA-1696-1}
+	{DLA-2735-1 DLA-1696-1}
 	- ceph 12.2.11+dfsg1-1 (bug #921947)
 	NOTE: http://tracker.ceph.com/issues/35994
 	NOTE: https://github.com/ceph/ceph/commit/4337e6a7d9f92c8549ebee20d0dd67a01e49857f
@@ -17561,7 +17561,7 @@ CVE-2018-14663 (An issue has been found in PowerDNS DNSDist before 1.3.3 allowin
 	[stretch] - dnsdist <no-dsa> (Minor issue)
 	NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html
 CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph users ...)
-	{DLA-1696-1}
+	{DLA-2735-1 DLA-1696-1}
 	- ceph 12.2.11+dfsg1-1 (bug #921948)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327
 	NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index e951d88a60..c329ee501b 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -47290,6 +47290,7 @@ CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkMana
 	NOTE: affected but not the Debian binary builds (and is RedHat/Fedora specific
 	NOTE: plugin).
 CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
+	{DLA-2735-1}
 	- ceph 14.2.15-1 (bug #975300)
 	[buster] - ceph <no-dsa> (Minor issue)
 	[jessie] - ceph <no-dsa> (Minor issue)
@@ -68101,7 +68102,7 @@ CVE-2020-1762 (An insufficient JWT validation vulnerability was found in Kiali v
 CVE-2020-1761 (A flaw was found in the OpenShift web console, where the access token  ...)
 	NOT-FOR-US: OpenShift
 CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports request ...)
-	{DLA-2171-1}
+	{DLA-2735-1 DLA-2171-1}
 	- ceph 14.2.9-1 (bug #956142)
 	[buster] - ceph <no-dsa> (Minor issue)
 	NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index f4c9e8d495..fa087c9134 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,21 @@
+CVE-2021-38300
+	RESERVED
+CVE-2021-38299
+	RESERVED
+CVE-2021-38298
+	RESERVED
+CVE-2021-38297
+	RESERVED
+CVE-2021-38296
+	RESERVED
+CVE-2021-38295
+	RESERVED
+CVE-2021-3694
+	RESERVED
+CVE-2021-3693
+	RESERVED
+CVE-2021-3692
+	RESERVED
 CVE-2021-38294
 	RESERVED
 CVE-2021-38293
@@ -6,8 +24,8 @@ CVE-2021-38292
 	RESERVED
 CVE-2021-38291
 	RESERVED
-CVE-2021-38290
-	RESERVED
+CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0 through fu ...)
+	TODO: check
 CVE-2021-38289
 	RESERVED
 CVE-2021-38288
@@ -305,6 +323,7 @@ CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before
 	[stretch] - keystone <end-of-life> (Keystone not supported in stretch)
 	NOTE: https://launchpad.net/bugs/1688137
 CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...)
+	{DLA-2736-1}
 	[experimental] - lynx 2.9.0dev.9-1
 	- lynx 2.9.0dev.6-3 (bug #991971)
 	NOTE: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
@@ -1104,8 +1123,8 @@ CVE-2021-37790
 	RESERVED
 CVE-2021-37789
 	RESERVED
-CVE-2021-37788
-	RESERVED
+CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could all ...)
+	TODO: check
 CVE-2021-37787
 	RESERVED
 CVE-2021-37786
@@ -1448,21 +1467,20 @@ CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to
 	NOT-FOR-US: Skytable
 CVE-2021-37624
 	RESERVED
-CVE-2021-37623 [Denial of service due to infinite loop in JpegBase::printStructure (#2)]
-	RESERVED
+CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
 	NOTE: https://github.com/Exiv2/exiv2/pull/1790
-CVE-2021-37622
-	RESERVED
-CVE-2021-37621
-	RESERVED
-CVE-2021-37620
-	RESERVED
-CVE-2021-37619
-	RESERVED
-CVE-2021-37618
-	RESERVED
+CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
+	TODO: check
+CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
+	TODO: check
+CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
+	TODO: check
+CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
+	TODO: check
+CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
+	TODO: check
 CVE-2021-37617
 	RESERVED
 CVE-2021-37616
@@ -1567,8 +1585,8 @@ CVE-2021-37575
 	RESERVED
 CVE-2021-37574
 	RESERVED
-CVE-2021-37573
-	RESERVED
+CVE-2021-37573 (A reflected cross-site scripting (XSS) vulnerability in the web server ...)
+	TODO: check
 CVE-2021-37572
 	RESERVED
 CVE-2021-37571
@@ -2330,16 +2348,16 @@ CVE-2021-3658
 	NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055
 CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter special ch ...)
 	NOT-FOR-US: QSAN Storage Manager
-CVE-2021-37215
-	RESERVED
-CVE-2021-37214
-	RESERVED
-CVE-2021-37213
-	RESERVED
-CVE-2021-37212
-	RESERVED
-CVE-2021-37211
-	RESERVED
+CVE-2021-37215 (The employee management page of Flygo contains an Insecure Direct Obje ...)
+	TODO: check
+CVE-2021-37214 (The employee management page of Flygo contains Insecure Direct Object  ...)
+	TODO: check
+CVE-2021-37213 (The check-in record page of Flygo contains Insecure Direct Object Refe ...)
+	TODO: check
+CVE-2021-37212 (The bulletin function of Flygo contains Insecure Direct Object Referen ...)
+	TODO: check
+CVE-2021-37211 (The bulletin function of Flygo does not filter special characters whil ...)
+	TODO: check
 CVE-2021-37210
 	RESERVED
 CVE-2021-37209
@@ -3210,8 +3228,8 @@ CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injecti
 	NOT-FOR-US: Akaunting
 CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a salt value  ...)
 	NOT-FOR-US: KNX ETS5
-CVE-2021-36798
-	RESERVED
+CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team Server  ...)
+	TODO: check
 CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is ...)
 	NOT-FOR-US: Victron Energy Venus OS
 CVE-2021-36796
@@ -7956,10 +7974,10 @@ CVE-2021-34663
 	RESERVED
 CVE-2021-34662
 	RESERVED
-CVE-2021-34661
-	RESERVED
-CVE-2021-34660
-	RESERVED
+CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Reques ...)
+	TODO: check
+CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-S ...)
+	TODO: check
 CVE-2021-34659
 	RESERVED
 CVE-2021-34658
@@ -8725,8 +8743,7 @@ CVE-2021-34336
 	RESERVED
 CVE-2021-34335
 	RESERVED
-CVE-2021-34334 [Denial of service due to integer overflow in loop counter]
-	RESERVED
+CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p
 	NOTE: https://github.com/Exiv2/exiv2/pull/1766
@@ -11105,8 +11122,8 @@ CVE-2021-33258
 	RESERVED
 CVE-2021-33257
 	RESERVED
-CVE-2021-33256
-	RESERVED
+CVE-2021-33256 (A CSV injection vulnerability on the login panel of ManageEngine ADSel ...)
+	TODO: check
 CVE-2021-33255
 	RESERVED
 CVE-2021-33254
@@ -12167,8 +12184,7 @@ CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hb
 	NOT-FOR-US: express-hbs
 CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...)
 	NOT-FOR-US: ProtonMail Web Client
-CVE-2021-32815 [Denial of service due to assertion failure in crwimage_int.cpp]
-	RESERVED
+CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
 	NOTE: https://github.com/Exiv2/exiv2/pull/1739
@@ -14298,6 +14314,7 @@ CVE-2021-3526
 CVE-2021-3525
 	REJECTED
 CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
+	{DLA-2735-1}
 	- ceph 14.2.21-1 (bug #988889)
 	[buster] - ceph <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674
@@ -19769,8 +19786,8 @@ CVE-2021-29716
 	RESERVED
 CVE-2021-29715
 	RESERVED
-CVE-2021-29714
-	RESERVED
+CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to cause a d ...)
+	TODO: check
 CVE-2021-29713
 	RESERVED
 CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
@@ -28757,8 +28774,8 @@ CVE-2021-25956
 	RESERVED
 CVE-2021-25955
 	RESERVED
-CVE-2021-25954
-	RESERVED
+CVE-2021-25954 (In &#8220;Dolibarr&#8221; application, 2.8.1 to 13.0.4 don&#8217;t res ...)
+	TODO: check
 CVE-2021-25953 (Prototype pollution vulnerability in 'putil-merge' versions1.0.0 throu ...)
 	NOT-FOR-US: Node putil-merge
 CVE-2021-25952 (Prototype pollution vulnerability in &#8216;just-safe-set&#8217; versi ...)
@@ -32058,12 +32075,12 @@ CVE-2021-24524
 	RESERVED
 CVE-2021-24523
 	RESERVED
-CVE-2021-24522
-	RESERVED
-CVE-2021-24521
-	RESERVED
-CVE-2021-24520
-	RESERVED
+CVE-2021-24522 (The User Registration, User Profile, Login &amp; Membership &#8211; Pr ...)
+	TODO: check
+CVE-2021-24521 (The Side Menu Lite &#8211; add sticky fixed buttons WordPress plugin b ...)
+	TODO: check
+CVE-2021-24520 (The Stock in &amp; out WordPress plugin through 1.0.4 lacks proper san ...)
+	TODO: check
 CVE-2021-24519
 	RESERVED
 CVE-2021-24518
@@ -32084,36 +32101,36 @@ CVE-2021-24511
 	RESERVED
 CVE-2021-24510
 	RESERVED
-CVE-2021-24509
-	RESERVED
+CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not escape the  ...)
+	TODO: check
 CVE-2021-24508
 	RESERVED
-CVE-2021-24507
-	RESERVED
+CVE-2021-24507 (The Astra Pro Addon WordPress plugin before 3.5.2 did not properly san ...)
+	TODO: check
 CVE-2021-24506
 	RESERVED
-CVE-2021-24505
-	RESERVED
+CVE-2021-24505 (The Forms WordPress plugin before 1.12.3 did not sanitise its input fi ...)
+	TODO: check
 CVE-2021-24504 (The WP LMS &#8211; Best WordPress LMS Plugin WordPress plugin through  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24503 (The Popular Brand Icons &#8211; Simple Icons WordPress plugin before 2 ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24502
-	RESERVED
-CVE-2021-24501
-	RESERVED
-CVE-2021-24500
-	RESERVED
-CVE-2021-24499
-	RESERVED
+CVE-2021-24502 (The WP Google Map WordPress plugin before 1.7.7 did not sanitise or es ...)
+	TODO: check
+CVE-2021-24501 (The Workreap WordPress theme before 2.2.2 had several AJAX actions mis ...)
+	TODO: check
+CVE-2021-24500 (Several AJAX actions available in the Workreap WordPress theme before  ...)
+	TODO: check
+CVE-2021-24499 (The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_ ...)
+	TODO: check
 CVE-2021-24498 (The Calendar Event Multi View WordPress plugin before 1.4.01 does not  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24497
 	RESERVED
 CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not sanitise,  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24495
-	RESERVED
+CVE-2021-24495 (The Marmoset Viewer WordPress plugin before 1.9.3 does not property sa ...)
+	TODO: check
 CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-24493
@@ -32168,8 +32185,8 @@ CVE-2021-24469
 	RESERVED
 CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape some sho ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24467
-	RESERVED
+CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF ...)
+	TODO: check
 CVE-2021-24466
 	RESERVED
 CVE-2021-24465
@@ -32494,8 +32511,8 @@ CVE-2021-24306 (The Ultimate Member &#8211; User Profile, User Registration, Log
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24305 (The Target First WordPress Plugin v2.0, also previously known as Watch ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24304
-	RESERVED
+CVE-2021-24304 (The Newsmag WordPress theme before 5.0 does not sanitise the td_block_ ...)
+	TODO: check
 CVE-2021-24303
 	RESERVED
 CVE-2021-24302 (The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an ...)
@@ -35660,8 +35677,8 @@ CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosur
 	NOT-FOR-US: Nextcloud iOS
 CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...)
 	NOT-FOR-US: Rocket.Chat
-CVE-2021-22910
-	RESERVED
+CVE-2021-22910 (A sanitization vulnerability exists in Rocket.Chat server versions &lt ...)
+	TODO: check
 CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could a ...)
 	NOT-FOR-US: EdgeMAX EdgeRouter
 CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource Profil ...)
@@ -38217,8 +38234,8 @@ CVE-2021-21742
 	RESERVED
 CVE-2021-21741
 	RESERVED
-CVE-2021-21740
-	RESERVED
+CVE-2021-21740 (There is an information leak vulnerability in the digital media player ...)
+	TODO: check
 CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21738 (ZTE's big video business platform has two reflective cross-site script ...)
@@ -41480,8 +41497,8 @@ CVE-2021-20351 (IBM Engineering products are vulnerable to cross-site scripting.
 	NOT-FOR-US: IBM
 CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
 	NOT-FOR-US: IBM
-CVE-2021-20349
-	RESERVED
+CVE-2021-20349 (IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-bas ...)
+	TODO: check
 CVE-2021-20348 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
 	NOT-FOR-US: IBM
 CVE-2021-20347 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
@@ -42811,7 +42828,7 @@ CVE-2021-2389 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	- mysql-8.0 <unfixed>
 	NOTE: Fixed in MariaDB 10.5.12, 10.3.31
 CVE-2021-2388 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-4946-1}
+	{DSA-4946-1 DLA-2737-1}
 	- openjdk-11 11.0.12+7-1
 	- openjdk-8 8u302-b08-1
 CVE-2021-2387 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
@@ -42856,7 +42873,7 @@ CVE-2021-2371 (Vulnerability in the Oracle Coherence product of Oracle Fusion Mi
 CVE-2021-2370 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2021-2369 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-4946-1}
+	{DSA-4946-1 DLA-2737-1}
 	- openjdk-11 11.0.12+7-1
 	- openjdk-8 8u302-b08-1
 CVE-2021-2368 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...)
@@ -42916,7 +42933,7 @@ CVE-2021-2342 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	- mysql-5.7 <removed>
 	- mysql-8.0 <unfixed>
 CVE-2021-2341 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-4946-1}
+	{DSA-4946-1 DLA-2737-1}
 	- openjdk-11 11.0.12+7-1
 	- openjdk-8 8u302-b08-1
 CVE-2021-2340 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)