automatic update

1 files changed, 70 insertions, 68 deletions

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 215a1faa61..9d91971c3a 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,7 @@
+CVE-2021-46403
+	RESERVED
+CVE-2021-4208
+	RESERVED
 CVE-2021-46402
 	RESERVED
 CVE-2021-46401
@@ -184,12 +188,12 @@ CVE-2021-46311
 	RESERVED
 CVE-2021-46310
 	RESERVED
-CVE-2021-46309
-	RESERVED
-CVE-2021-46308
-	RESERVED
-CVE-2021-46307
-	RESERVED
+CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...)
+	TODO: check
+CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...)
+	TODO: check
+CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...)
+	TODO: check
 CVE-2021-46306
 	RESERVED
 CVE-2021-46305
@@ -410,14 +414,14 @@ CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read v
 	NOT-FOR-US: Taocms
 CVE-2021-46202
 	RESERVED
-CVE-2021-46201
-	RESERVED
-CVE-2021-46200
-	RESERVED
+CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort  ...)
+	TODO: check
+CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...)
+	TODO: check
 CVE-2021-46199
 	RESERVED
-CVE-2021-46198
-	RESERVED
+CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...)
+	TODO: check
 CVE-2021-46197
 	RESERVED
 CVE-2021-46196
@@ -2294,7 +2298,7 @@ CVE-2021-4159
 	RESERVED
 CVE-2021-45464
 	RESERVED
-CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allo ...)
+CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...)
 	- gegl 1:0.4.34-1 (bug #1002661)
 	[bullseye] - gegl <no-dsa> (Minor issue)
 	[buster] - gegl <no-dsa> (Minor issue)
@@ -4632,8 +4636,8 @@ CVE-2021-44595
 	RESERVED
 CVE-2021-44594
 	RESERVED
-CVE-2021-44593
-	RESERVED
+CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...)
+	TODO: check
 CVE-2021-44592
 	RESERVED
 CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...)
@@ -5088,8 +5092,8 @@ CVE-2021-23223
 	RESERVED
 CVE-2021-23179
 	RESERVED
-CVE-2021-44464
-	RESERVED
+CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...)
+	TODO: check
 CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...)
 	NOT-FOR-US: mySCADA myPRO
 CVE-2021-44451
@@ -5136,30 +5140,30 @@ CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All version
 	NOT-FOR-US: Siemens
 CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
 	NOT-FOR-US: Siemens
-CVE-2021-43355
-	RESERVED
-CVE-2021-41835
-	RESERVED
+CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+	TODO: check
+CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...)
+	TODO: check
 CVE-2021-4035
 	RESERVED
-CVE-2021-33848
-	RESERVED
-CVE-2021-33846
-	RESERVED
-CVE-2021-33843
-	RESERVED
-CVE-2021-31562
-	RESERVED
-CVE-2021-23236
-	RESERVED
-CVE-2021-23233
-	RESERVED
-CVE-2021-23207
-	RESERVED
-CVE-2021-23196
-	RESERVED
-CVE-2021-23195
-	RESERVED
+CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+	TODO: check
+CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+	TODO: check
+CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configuration p ...)
+	TODO: check
+CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0  ...)
+	TODO: check
+CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device.  ...)
+	TODO: check
+CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can  ...)
+	TODO: check
+CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...)
+	TODO: check
+CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...)
+	TODO: check
+CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+	TODO: check
 CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...)
 	NOT-FOR-US: Serva
 CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...)
@@ -5563,8 +5567,7 @@ CVE-2021-44237
 	RESERVED
 CVE-2021-44236
 	RESERVED
-CVE-2021-4032 [kvm: mishandling of memory error during VCPU construction can lead to DoS]
-	RESERVED
+CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...)
 	- linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7)
 	NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7)
 CVE-2021-4031
@@ -5728,8 +5731,8 @@ CVE-2021-44197
 	RESERVED
 CVE-2021-44196
 	RESERVED
-CVE-2021-4016
-	RESERVED
+CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...)
+	TODO: check
 CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: firefly-iii
 CVE-2021-4014
@@ -6015,8 +6018,7 @@ CVE-2021-44081
 	RESERVED
 CVE-2021-44080
 	RESERVED
-CVE-2021-4001 [race condition when the EBPF map is frozen]
-	RESERVED
+CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...)
 	- linux 5.15.5-1
 	[bullseye] - linux 5.10.84-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -13888,8 +13890,8 @@ CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Esca
 	NOT-FOR-US: Auerswald COMpact 5500R devices
 CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...)
 	NOT-FOR-US: Auerswald
-CVE-2021-40855
-	RESERVED
+CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before  ...)
+	TODO: check
 CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...)
 	NOT-FOR-US: AnyDesk
 CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...)
@@ -14266,16 +14268,16 @@ CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 R
 	NOT-FOR-US: Adobe
 CVE-2021-40696
 	RESERVED
-CVE-2021-40695
-	RESERVED
-CVE-2021-40694
-	RESERVED
-CVE-2021-40693
-	RESERVED
-CVE-2021-40692
-	RESERVED
-CVE-2021-40691
-	RESERVED
+CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...)
+	TODO: check
+CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site  ...)
+	TODO: check
+CVE-2021-40693 (An authentication bypass risk was identified in the external database  ...)
+	TODO: check
+CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...)
+	TODO: check
+CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication  ...)
+	TODO: check
 CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
 	{DSA-5010-1 DLA-2767-1}
 	- libxml-security-java 2.1.7-1 (bug #994569)
@@ -14495,8 +14497,8 @@ CVE-2021-40597
 	RESERVED
 CVE-2021-40596
 	RESERVED
-CVE-2021-40595
-	RESERVED
+CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management  ...)
+	TODO: check
 CVE-2021-40594
 	RESERVED
 CVE-2021-40593
@@ -15396,8 +15398,8 @@ CVE-2021-40249
 	RESERVED
 CVE-2021-40248
 	RESERVED
-CVE-2021-40247
-	RESERVED
+CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...)
+	TODO: check
 CVE-2021-40246
 	RESERVED
 CVE-2021-40245
@@ -27922,10 +27924,10 @@ CVE-2021-35006
 	RESERVED
 CVE-2021-35005
 	RESERVED
-CVE-2021-35004
-	RESERVED
-CVE-2021-35003
-	RESERVED
+CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2021-35002
 	RESERVED
 CVE-2021-35001
@@ -30242,8 +30244,8 @@ CVE-2021-33968
 	RESERVED
 CVE-2021-33967
 	RESERVED
-CVE-2021-33966
-	RESERVED
+CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...)
+	TODO: check
 CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
 	NOT-FOR-US: China Mobile An Lianbao WF-1 router
 CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
@@ -32224,7 +32226,7 @@ CVE-2021-33180 (Improper neutralization of special elements used in an SQL comma
 	NOT-FOR-US: Synology
 CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...)
 	NOT-FOR-US: Nagios XI
-CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...)
+CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...)
 	- nagvis 1:1.9.29-1
 	[bullseye] - nagvis <no-dsa> (Minor issue)
 	[buster] - nagvis <no-dsa> (Minor issue)