automatic update

1 files changed, 82 insertions, 52 deletions

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 359b77bb41..59222938b3 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,37 @@
+CVE-2021-27934
+	RESERVED
+CVE-2021-27933
+	RESERVED
+CVE-2021-27932
+	RESERVED
+CVE-2021-27931
+	RESERVED
+CVE-2021-27930
+	RESERVED
+CVE-2021-27929
+	RESERVED
+CVE-2021-27928
+	RESERVED
+CVE-2021-27927 (In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x befor ...)
+	TODO: check
+CVE-2021-27926
+	RESERVED
+CVE-2021-27925
+	RESERVED
+CVE-2021-27924
+	RESERVED
+CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+	TODO: check
+CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+	TODO: check
+CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+	TODO: check
+CVE-2021-27920
+	RESERVED
+CVE-2021-27919
+	RESERVED
+CVE-2021-27918
+	RESERVED
 CVE-2021-3420
 	RESERVED
 	- newlib <unfixed> (bug #984446)
@@ -92,7 +126,7 @@ CVE-2021-27877 (An issue was discovered in Veritas Backup Exec before 21.2. It s
 CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...)
 	NOT-FOR-US: Veritas
 CVE-2021-3419 [net: rtl8139: stack-based buffer overflow induced by infinite recursion issue]
-	RESERVED
+	REJECTED
 	- qemu <unfixed> (bug #984447)
 	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1910826
@@ -171,8 +205,8 @@ CVE-2021-27841
 	RESERVED
 CVE-2021-27840
 	RESERVED
-CVE-2021-27839
-	RESERVED
+CVE-2021-27839 (A CSV injection vulnerability found in Online Invoicing System (OIS) 4 ...)
+	TODO: check
 CVE-2021-27838
 	RESERVED
 CVE-2021-27837
@@ -1460,8 +1494,8 @@ CVE-2021-27217
 	RESERVED
 CVE-2021-27216
 	RESERVED
-CVE-2021-27215
-	RESERVED
+CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...)
+	TODO: check
 CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...)
 	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...)
@@ -2388,8 +2422,8 @@ CVE-2021-26815
 	RESERVED
 CVE-2021-26814
 	RESERVED
-CVE-2021-26813
-	RESERVED
+CVE-2021-26813 (markdown2 &gt;=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...)
+	TODO: check
 CVE-2021-26812
 	RESERVED
 CVE-2021-26811
@@ -5921,8 +5955,8 @@ CVE-2021-25317
 	RESERVED
 CVE-2021-25316
 	RESERVED
-CVE-2021-25315
-	RESERVED
+CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerability i ...)
+	TODO: check
 CVE-2021-25314
 	RESERVED
 CVE-2021-25313
@@ -6131,8 +6165,8 @@ CVE-2021-25254
 	RESERVED
 CVE-2021-25253
 	RESERVED
-CVE-2021-25252
-	RESERVED
+CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine ( ...)
+	TODO: check
 CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-25250
@@ -10173,8 +10207,8 @@ CVE-2021-23349
 	RESERVED
 CVE-2021-23348
 	RESERVED
-CVE-2021-23347
-	RESERVED
+CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0  ...)
+	TODO: check
 CVE-2021-23346
 	RESERVED
 CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...)
@@ -11095,14 +11129,12 @@ CVE-2021-22886
 	RESERVED
 CVE-2021-22885
 	RESERVED
-CVE-2021-22884
-	RESERVED
+CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
 	{DSA-4863-1}
 	- nodejs 12.21.0~dfsg-1
 	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
-CVE-2021-22883
-	RESERVED
+CVE-2021-22883 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
 	{DSA-4863-1}
 	- nodejs 12.21.0~dfsg-1
 	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
@@ -11125,10 +11157,10 @@ CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5,
 	NOTE: https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b (v6.0.3.5)
 CVE-2021-22879
 	RESERVED
-CVE-2021-22878
-	RESERVED
-CVE-2021-22877
-	RESERVED
+CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ...)
+	TODO: check
+CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...)
+	TODO: check
 CVE-2021-22876
 	RESERVED
 CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
@@ -11538,12 +11570,12 @@ CVE-2021-22685
 	RESERVED
 CVE-2021-22684
 	RESERVED
-CVE-2021-22683
-	RESERVED
+CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
+	TODO: check
 CVE-2021-22682
 	RESERVED
-CVE-2021-22681
-	RESERVED
+CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later,  ...)
+	TODO: check
 CVE-2021-22680
 	RESERVED
 CVE-2021-22679
@@ -11564,24 +11596,24 @@ CVE-2021-22672
 	RESERVED
 CVE-2021-22671
 	RESERVED
-CVE-2021-22670
-	RESERVED
+CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version  ...)
+	TODO: check
 CVE-2021-22669
 	RESERVED
 CVE-2021-22668
 	RESERVED
 CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...)
 	NOT-FOR-US: BB-ESWGP506-2SFP-T
-CVE-2021-22666
-	RESERVED
+CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...)
+	TODO: check
 CVE-2021-22665
 	RESERVED
 CVE-2021-22664
 	RESERVED
 CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...)
 	NOT-FOR-US: Cscape
-CVE-2021-22662
-	RESERVED
+CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner Version ...)
+	TODO: check
 CVE-2021-22661 (Changing the password on the module webpage does not require the user  ...)
 	NOT-FOR-US: ProSoft Technology
 CVE-2021-22660
@@ -11628,8 +11660,8 @@ CVE-2021-22640
 	RESERVED
 CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...)
 	NOT-FOR-US: Fuji Electric
-CVE-2021-22638
-	RESERVED
+CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
+	TODO: check
 CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...)
 	NOT-FOR-US: Fuji Electric
 CVE-2021-22636
@@ -12528,8 +12560,8 @@ CVE-2021-22190
 	RESERVED
 CVE-2021-22189
 	RESERVED
-CVE-2021-22188
-	RESERVED
+CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...)
 	TODO: check
 CVE-2021-22186
@@ -12540,8 +12572,8 @@ CVE-2021-22184
 	RESERVED
 CVE-2021-22183
 	RESERVED
-CVE-2021-22182
-	RESERVED
+CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2021-22181
 	RESERVED
 CVE-2021-22180
@@ -12973,10 +13005,10 @@ CVE-2021-21981
 	RESERVED
 CVE-2021-21980
 	RESERVED
-CVE-2021-21979
-	RESERVED
-CVE-2021-21978
-	RESERVED
+CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior to: 6.20.0 ...)
+	TODO: check
+CVE-2021-21978 (VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remot ...)
+	TODO: check
 CVE-2021-21977
 	RESERVED
 CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8. ...)
@@ -14015,7 +14047,7 @@ CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a mal
 	NOT-FOR-US: SAP
 CVE-2021-21477 (SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certa ...)
 	NOT-FOR-US: SAP
-CVE-2021-21476 (SAP UI5, versions - 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84. ...)
+CVE-2021-21476 (SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1 ...)
 	NOT-FOR-US: SAP
 CVE-2021-21475 (Under specific circumstances SAP Master Data Management, versions - 71 ...)
 	NOT-FOR-US: SAP
@@ -16322,10 +16354,10 @@ CVE-2021-20444 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross
 	NOT-FOR-US: IBM
 CVE-2021-20443 (IBM Maximo for Civil Infrastructure 7.6.2 includes executable function ...)
 	NOT-FOR-US: IBM
-CVE-2021-20442
-	RESERVED
-CVE-2021-20441
-	RESERVED
+CVE-2021-20442 (IBM Security Verify Bridge contains hard-coded credentials, such as a  ...)
+	TODO: check
+CVE-2021-20441 (IBM Security Verify Bridge uses weaker than expected cryptographic alg ...)
+	TODO: check
 CVE-2021-20440
 	RESERVED
 CVE-2021-20439
@@ -16822,8 +16854,7 @@ CVE-2021-20234 [Memory leak in client induced by malicious server without CURVE/
 	NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123
-CVE-2021-20233
-	RESERVED
+CVE-2021-20233 (A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
 CVE-2021-20232
@@ -16861,8 +16892,7 @@ CVE-2021-20226 (A use-after-free flaw was found in the io_uring in Linux kernel,
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-001/
-CVE-2021-20225
-	RESERVED
+CVE-2021-20225 (A flaw was found in grub2 in versions prior to 2.06. The option parser ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
 CVE-2021-20224
@@ -17296,8 +17326,8 @@ CVE-2021-20078
 	RESERVED
 CVE-2021-20077
 	RESERVED
-CVE-2021-20076
-	RESERVED
+CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were fou ...)
+	TODO: check
 CVE-2021-20075 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for pr ...)
 	NOT-FOR-US: Racom's MIDGE Firmware
 CVE-2021-20074 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users  ...)