automatic update

1 files changed, 196 insertions, 46 deletions

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 93fa159654..c151d2f4dd 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,153 @@
+CVE-2021-3423
+	RESERVED
+CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...)
+	TODO: check
+CVE-2021-28040 (An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vuln ...)
+	TODO: check
+CVE-2021-28037 (An issue was discovered in the internment crate before 0.4.2 for Rust. ...)
+	TODO: check
+CVE-2021-28036 (An issue was discovered in the quinn crate before 0.7.0 for Rust. It m ...)
+	TODO: check
+CVE-2021-28035 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust.  ...)
+	TODO: check
+CVE-2021-28034 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust.  ...)
+	TODO: check
+CVE-2021-28033 (An issue was discovered in the byte_struct crate before 0.6.1 for Rust ...)
+	TODO: check
+CVE-2021-28032 (An issue was discovered in the nano_arena crate before 0.5.2 for Rust. ...)
+	TODO: check
+CVE-2021-28031 (An issue was discovered in the scratchpad crate before 1.3.1 for Rust. ...)
+	TODO: check
+CVE-2021-28030 (An issue was discovered in the truetype crate before 0.30.1 for Rust.  ...)
+	TODO: check
+CVE-2021-28029 (An issue was discovered in the toodee crate before 0.3.0 for Rust. The ...)
+	TODO: check
+CVE-2021-28028 (An issue was discovered in the toodee crate before 0.3.0 for Rust. Row ...)
+	TODO: check
+CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust. There  ...)
+	TODO: check
+CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...)
+	TODO: check
+CVE-2021-28025
+	RESERVED
+CVE-2021-28024
+	RESERVED
+CVE-2021-28023
+	RESERVED
+CVE-2021-28022
+	RESERVED
+CVE-2021-28021
+	RESERVED
+CVE-2021-28020
+	RESERVED
+CVE-2021-28019
+	RESERVED
+CVE-2021-28018
+	RESERVED
+CVE-2021-28017
+	RESERVED
+CVE-2021-28016
+	RESERVED
+CVE-2021-28015
+	RESERVED
+CVE-2021-28014
+	RESERVED
+CVE-2021-28013
+	RESERVED
+CVE-2021-28012
+	RESERVED
+CVE-2021-28011
+	RESERVED
+CVE-2021-28010
+	RESERVED
+CVE-2021-28009
+	RESERVED
+CVE-2021-28008
+	RESERVED
+CVE-2021-28007
+	RESERVED
+CVE-2021-28006
+	RESERVED
+CVE-2021-28005
+	RESERVED
+CVE-2021-28004
+	RESERVED
+CVE-2021-28003
+	RESERVED
+CVE-2021-28002
+	RESERVED
+CVE-2021-28001
+	RESERVED
+CVE-2021-28000
+	RESERVED
+CVE-2021-27999
+	RESERVED
+CVE-2021-27998
+	RESERVED
+CVE-2021-27997
+	RESERVED
+CVE-2021-27996
+	RESERVED
+CVE-2021-27995
+	RESERVED
+CVE-2021-27994
+	RESERVED
+CVE-2021-27993
+	RESERVED
+CVE-2021-27992
+	RESERVED
+CVE-2021-27991
+	RESERVED
+CVE-2021-27990
+	RESERVED
+CVE-2021-27989
+	RESERVED
+CVE-2021-27988
+	RESERVED
+CVE-2021-27987
+	RESERVED
+CVE-2021-27986
+	RESERVED
+CVE-2021-27985
+	RESERVED
+CVE-2021-27984
+	RESERVED
+CVE-2021-27983
+	RESERVED
+CVE-2021-27982
+	RESERVED
+CVE-2021-27981
+	RESERVED
+CVE-2021-27980
+	RESERVED
+CVE-2021-27979
+	RESERVED
+CVE-2021-27978
+	RESERVED
+CVE-2021-27977
+	RESERVED
+CVE-2021-27976
+	RESERVED
+CVE-2021-27975
+	RESERVED
+CVE-2021-27974
+	RESERVED
+CVE-2021-27973
+	RESERVED
+CVE-2021-27972
+	RESERVED
+CVE-2021-27971
+	RESERVED
+CVE-2021-27970
+	RESERVED
+CVE-2021-27969
+	RESERVED
+CVE-2021-27968
+	RESERVED
+CVE-2021-27967
+	RESERVED
+CVE-2021-27966
+	RESERVED
 CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...)
 	NOT-FOR-US: MSI Dragon Center
 CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...)
@@ -40,12 +190,12 @@ CVE-2021-27946
 	RESERVED
 CVE-2021-27945
 	RESERVED
-CVE-2021-28039 [XSA 369]
+CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as u ...)
 	- linux <unfixed> (unimportant)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-369.html
-CVE-2021-28038 [XSA 367]
+CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...)
 	- linux <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-367.html
 CVE-2021-3422
@@ -139,8 +289,7 @@ CVE-2021-27909
 	RESERVED
 CVE-2021-27908
 	RESERVED
-CVE-2021-27907
-	RESERVED
+CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the creation of a M ...)
 	NOT-FOR-US: Apache Superset
 CVE-2021-27906
 	RESERVED
@@ -1841,10 +1990,10 @@ CVE-2021-27101 (Accellion FTA 9_12_370 and earlier is affected by SQL injection
 	NOT-FOR-US: Accellion FTA
 CVE-2021-27100
 	RESERVED
-CVE-2021-27099
-	RESERVED
-CVE-2021-27098
-	RESERVED
+CVE-2021-27099 (In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the  ...)
+	TODO: check
+CVE-2021-27098 (In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 ...)
+	TODO: check
 CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...)
 	- u-boot <unfixed> (bug #983270)
 	[buster] - u-boot <no-dsa> (Minor issue)
@@ -2104,30 +2253,30 @@ CVE-2021-26973
 	RESERVED
 CVE-2021-26972
 	RESERVED
-CVE-2021-26971
-	RESERVED
-CVE-2021-26970
-	RESERVED
-CVE-2021-26969
-	RESERVED
-CVE-2021-26968
-	RESERVED
-CVE-2021-26967
-	RESERVED
-CVE-2021-26966
-	RESERVED
-CVE-2021-26965
-	RESERVED
-CVE-2021-26964
-	RESERVED
-CVE-2021-26963
-	RESERVED
-CVE-2021-26962
-	RESERVED
-CVE-2021-26961
-	RESERVED
-CVE-2021-26960
-	RESERVED
+CVE-2021-26971 (A remote authenticated arbitrary command execution vulnerability was d ...)
+	TODO: check
+CVE-2021-26970 (A remote authenticated arbitrary command execution vulnerability was d ...)
+	TODO: check
+CVE-2021-26969 (A remote authenticated authenticated xml external entity (xxe) vulnera ...)
+	TODO: check
+CVE-2021-26968 (A remote authenticated stored cross-site scripting (xss) vulnerability ...)
+	TODO: check
+CVE-2021-26967 (A remote reflected cross-site scripting (xss) vulnerability was discov ...)
+	TODO: check
+CVE-2021-26966 (A remote authenticated sql injection vulnerability was discovered in A ...)
+	TODO: check
+CVE-2021-26965 (A remote authenticated sql injection vulnerability was discovered in A ...)
+	TODO: check
+CVE-2021-26964 (A remote authentication restriction bypass vulnerability was discovere ...)
+	TODO: check
+CVE-2021-26963 (A remote authenticated arbitrary command execution vulnerability was d ...)
+	TODO: check
+CVE-2021-26962 (A remote authenticated arbitrary command execution vulnerability was d ...)
+	TODO: check
+CVE-2021-26961 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...)
+	TODO: check
+CVE-2021-26960 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...)
+	TODO: check
 CVE-2021-26959
 	REJECTED
 CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust.  ...)
@@ -2726,8 +2875,8 @@ CVE-2021-26707
 	NOT-FOR-US: Node deep-merge
 CVE-2021-26706
 	RESERVED
-CVE-2021-26705
-	RESERVED
+CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...)
+	TODO: check
 CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary commands vi ...)
 	NOT-FOR-US: EPrints
 CVE-2021-26703 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...)
@@ -3133,8 +3282,8 @@ CVE-2021-3379
 	RESERVED
 CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a  ...)
 	NOT-FOR-US: FortiLogger
-CVE-2021-3377
-	RESERVED
+CVE-2021-3377 (The npm package ansi_up converts ANSI escape codes into HTML. In ansi_ ...)
+	TODO: check
 CVE-2021-3376
 	RESERVED
 CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption vulnerability ...)
@@ -4184,6 +4333,7 @@ CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because $smarty.tem
 CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...)
 	NOT-FOR-US: Apache ActiveMQ Artemis
 CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...)
+	{DLA-2583-1}
 	- activemq 5.16.1-1 (bug #982590)
 	NOTE: https://issues.apache.org/jira/browse/AMQ-8035
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6
@@ -6038,8 +6188,8 @@ CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerabi
 	TODO: check
 CVE-2021-25314
 	RESERVED
-CVE-2021-25313
-	RESERVED
+CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+	TODO: check
 CVE-2021-3179
 	RESERVED
 CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...)
@@ -13619,8 +13769,8 @@ CVE-2021-21727
 	RESERVED
 CVE-2021-21726
 	RESERVED
-CVE-2021-21725
-	RESERVED
+CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with  ...)
+	TODO: check
 CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...)
@@ -16004,12 +16154,12 @@ CVE-2021-20667
 	RESERVED
 CVE-2021-20666
 	RESERVED
-CVE-2021-20665
-	RESERVED
-CVE-2021-20664
-	RESERVED
-CVE-2021-20663
-	RESERVED
+CVE-2021-20665 (Cross-site scripting vulnerability in in Add asset screen of Contents  ...)
+	TODO: check
+CVE-2021-20664 (Cross-site scripting vulnerability in in Asset registration screen of  ...)
+	TODO: check
+CVE-2021-20663 (Cross-site scripting vulnerability in in Role authority setting screen ...)
+	TODO: check
 CVE-2021-20662 (Missing authentication for critical function in SolarView Compact SV-C ...)
 	NOT-FOR-US: SolarView Compact
 CVE-2021-20661 (Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 pr ...)