1 files changed, 142 insertions, 93 deletions

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index fd3f0e172f..80cedad9c6 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,45 @@
+CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...)
+	NOT-FOR-US: MSI Dragon Center
+CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...)
+	NOT-FOR-US: SonLogger
+CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...)
+	NOT-FOR-US: SonLogger
+CVE-2021-27962
+	RESERVED
+CVE-2021-27961
+	RESERVED
+CVE-2021-27960
+	RESERVED
+CVE-2021-27959
+	RESERVED
+CVE-2021-27958
+	RESERVED
+CVE-2021-27957
+	RESERVED
+CVE-2021-27956
+	RESERVED
+CVE-2021-27955
+	RESERVED
+CVE-2021-27954
+	RESERVED
+CVE-2021-27953
+	RESERVED
+CVE-2021-27952
+	RESERVED
+CVE-2021-27951
+	RESERVED
+CVE-2021-27950
+	RESERVED
+CVE-2021-27949
+	RESERVED
+CVE-2021-27948
+	RESERVED
+CVE-2021-27947
+	RESERVED
+CVE-2021-27946
+	RESERVED
+CVE-2021-27945
+	RESERVED
 CVE-2021-XXXX [XSA 369]
 	- linux <unfixed> (unimportant)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -1330,8 +1372,8 @@ CVE-2021-27316
 	RESERVED
 CVE-2021-27315
 	RESERVED
-CVE-2021-27314
-	RESERVED
+CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an  ...)
+	NOT-FOR-US: doctor appointment system
 CVE-2021-27313
 	RESERVED
 CVE-2021-27312
@@ -1524,8 +1566,8 @@ CVE-2021-27221
 	RESERVED
 CVE-2021-27220
 	RESERVED
-CVE-2021-27217
-	RESERVED
+CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
+	TODO: check
 CVE-2021-27216
 	RESERVED
 CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...)
@@ -2025,10 +2067,10 @@ CVE-2021-26991
 	RESERVED
 CVE-2021-26990
 	RESERVED
-CVE-2021-26989
-	RESERVED
-CVE-2021-26988
-	RESERVED
+CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 a ...)
+	NOT-FOR-US: Clustered Data ONTAP
+CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...)
+	NOT-FOR-US: Clustered Data ONTAP
 CVE-2021-26987
 	RESERVED
 CVE-2021-26986
@@ -2141,14 +2183,12 @@ CVE-2021-23217
 	RESERVED
 CVE-2021-23201
 	RESERVED
-CVE-2021-3404
-	RESERVED
+CVE-2021-3404 (In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote att ...)
 	- libytnef 1.9.3-3 (bug #982596)
 	[buster] - libytnef <no-dsa> (Minor issue)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/86
-CVE-2021-3403
-	RESERVED
+CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows  ...)
 	- libytnef 1.9.3-3 (bug #982594)
 	[buster] - libytnef <no-dsa> (Minor issue)
 	[stretch] - libytnef <no-dsa> (Minor issue)
@@ -2354,13 +2394,12 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc
 	NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
 	NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
 	NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
-CVE-2021-24032 [zstd allows for race-opening files being compressed or uncompressed]
-	RESERVED
-	{DSA-4859-1 DLA-2573-1}
+CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for  ...)
+	{DSA-4859-1}
 	- libzstd 1.4.8+dfsg-2 (bug #982519)
+	[stretch] - libzstd <not-affected> (Incomplete fix for CVE-2021-24031 not applied)
 	NOTE: https://github.com/facebook/zstd/issues/2491
-CVE-2021-24031 [zstd adds read permissions to files while being compressed or uncompressed]
-	RESERVED
+CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...)
 	{DSA-4850-1 DLA-2573-1}
 	- libzstd 1.4.8+dfsg-1 (bug #981404)
 	NOTE: https://github.com/facebook/zstd/issues/1630
@@ -3700,8 +3739,8 @@ CVE-2021-3327
 	RESERVED
 CVE-2021-26294
 	RESERVED
-CVE-2021-26293
-	RESERVED
+CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...)
+	TODO: check
 CVE-2021-26292
 	RESERVED
 CVE-2021-26291
@@ -4318,12 +4357,12 @@ CVE-2021-26031
 	RESERVED
 CVE-2021-26030
 	RESERVED
-CVE-2021-26029
-	RESERVED
-CVE-2021-26028
-	RESERVED
-CVE-2021-26027
-	RESERVED
+CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL ...)
+	NOT-FOR-US: Joomla!
 CVE-2021-3287
 	RESERVED
 CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
@@ -5904,42 +5943,42 @@ CVE-2021-25350
 	RESERVED
 CVE-2021-25349
 	RESERVED
-CVE-2021-25348
-	RESERVED
-CVE-2021-25347
-	RESERVED
-CVE-2021-25346
-	RESERVED
-CVE-2021-25345
-	RESERVED
-CVE-2021-25344
-	RESERVED
-CVE-2021-25343
-	RESERVED
-CVE-2021-25342
-	RESERVED
-CVE-2021-25341
-	RESERVED
-CVE-2021-25340
-	RESERVED
-CVE-2021-25339
-	RESERVED
-CVE-2021-25338
-	RESERVED
-CVE-2021-25337
-	RESERVED
-CVE-2021-25336
-	RESERVED
-CVE-2021-25335
-	RESERVED
-CVE-2021-25334
-	RESERVED
-CVE-2021-25333
-	RESERVED
-CVE-2021-25332
-	RESERVED
-CVE-2021-25331
-	RESERVED
+CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...)
+	NOT-FOR-US: Samsung Internet
+CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to  ...)
+	NOT-FOR-US: Samsung Email application
+CVE-2021-25346 (A possible arbitrary memory overwrite vulnerabilities in quram library ...)
+	TODO: check
+CVE-2021-25345 (Graphic format mismatch while converting video format in hwcomposer pr ...)
+	TODO: check
+CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021  ...)
+	TODO: check
+CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...)
+	TODO: check
+CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...)
+	TODO: check
+CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...)
+	TODO: check
+CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...)
+	TODO: check
+CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior  ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25337 (Improper access control in clipboard service in Samsung mobile devices ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25336 (Improper access control in NotificationManagerService in Samsung mobil ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25335 (Improper lockscreen status check in cocktailbar service in Samsung mob ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25334 (Improper input check in wallpaper service in Samsung mobile devices pr ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25333 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+	NOT-FOR-US: Samsung Pay mini application
+CVE-2021-25332 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+	NOT-FOR-US: Samsung Pay mini application
+CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+	NOT-FOR-US: Samsung Pay mini application
 CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...)
 	NOT-FOR-US: MobileWips application
 CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...)
@@ -10255,12 +10294,12 @@ CVE-2021-23348
 	RESERVED
 CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0  ...)
 	NOT-FOR-US: argo-cd
-CVE-2021-23346
-	RESERVED
+CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...)
+	TODO: check
 CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...)
 	TODO: check
-CVE-2021-23344
-	RESERVED
+CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...)
+	TODO: check
 CVE-2021-23343
 	RESERVED
 CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...)
@@ -10679,20 +10718,20 @@ CVE-2021-23134
 	RESERVED
 CVE-2021-23133
 	RESERVED
-CVE-2021-23132
-	RESERVED
-CVE-2021-23131
-	RESERVED
-CVE-2021-23130
-	RESERVED
-CVE-2021-23129
-	RESERVED
-CVE-2021-23128
-	RESERVED
-CVE-2021-23127
-	RESERVED
-CVE-2021-23126
-	RESERVED
+CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media all ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23131 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23130 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23129 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23128 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core ship ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23127 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an i ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23126 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the  ...)
+	NOT-FOR-US: Joomla!
 CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of e ...)
 	NOT-FOR-US: Joomla!
 CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of e ...)
@@ -12390,7 +12429,7 @@ CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product.
 	NOT-FOR-US: Huawei
 CVE-2021-22297
 	RESERVED
-CVE-2021-22296 (A component of the HarmonyOS 2.0 has a DoS vulnerability. Local attack ...)
+CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers  ...)
 	NOT-FOR-US: HarmonyOS
 CVE-2021-22295
 	RESERVED
@@ -12604,8 +12643,8 @@ CVE-2021-22191
 	RESERVED
 CVE-2021-22190
 	RESERVED
-CVE-2021-22189
-	RESERVED
+CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by  ...)
+	TODO: check
 CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...)
 	TODO: check
 CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...)
@@ -12616,8 +12655,8 @@ CVE-2021-22185
 	RESERVED
 CVE-2021-22184
 	RESERVED
-CVE-2021-22183
-	RESERVED
+CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...)
 	TODO: check
 CVE-2021-22181
@@ -12754,8 +12793,8 @@ CVE-2021-22130
 	RESERVED
 CVE-2021-22129
 	RESERVED
-CVE-2021-22128
-	RESERVED
+CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal  ...)
+	NOT-FOR-US: FortiProxy SSL VPN portal
 CVE-2021-22127
 	RESERVED
 CVE-2021-22126
@@ -16586,10 +16625,10 @@ CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulne
 	NOT-FOR-US: IBM
 CVE-2021-20352
 	RESERVED
-CVE-2021-20351
-	RESERVED
-CVE-2021-20350
-	RESERVED
+CVE-2021-20351 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	NOT-FOR-US: IBM
+CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	NOT-FOR-US: IBM
 CVE-2021-20349
 	RESERVED
 CVE-2021-20348
@@ -16608,8 +16647,8 @@ CVE-2021-20342
 	RESERVED
 CVE-2021-20341
 	RESERVED
-CVE-2021-20340
-	RESERVED
+CVE-2021-20340 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	NOT-FOR-US: IBM
 CVE-2021-20339
 	RESERVED
 CVE-2021-20338
@@ -16756,12 +16795,22 @@ CVE-2021-20269
 	RESERVED
 CVE-2021-20268
 	RESERVED
+	- linux 5.10.12-1
+	[buster] - linux <not-affected> (Vulnerable code introduced later)
+	[stretch] - linux <not-affected> (Vulnerable code introduced later)
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-101/
+	NOTE: https://git.kernel.org/linus/bc895e8b2a64e502fbba72748d59618272052a8b
 CVE-2021-20267
 	RESERVED
+	- neutron <unfixed>
+	NOTE: https://bugs.launchpad.net/neutron/+bug/1902917
+	NOTE: https://review.opendev.org/c/openstack/neutron/+/776599
 CVE-2021-20266
 	RESERVED
-CVE-2021-20265
+CVE-2021-20265 [increase slab leak leads to DoS]
 	RESERVED
+	- linux 4.4.4-1
+	NOTE: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3)
 CVE-2021-20264
 	RESERVED
 CVE-2021-20263