automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-11-01 20:10:27 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-11-01 20:10:27 +0000
commit: f88a00793407002518a229da59e886b5d22a403c (patch)
tree: 88ca0d824bac95b6e511f247d83f6e69a03b00b2
parent: 87fad161e38ba2b1964503e6cba5b17ea314311a (diff)
4 files changed, 124 insertions, 105 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 35b823b2dc..d9bb26930a 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1,9 +1,9 @@
-CVE-2015-10001
-	RESERVED
-CVE-2015-20067
-	RESERVED
-CVE-2015-20019
-	RESERVED
+CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
+	TODO: check
+CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...)
+	TODO: check
+CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 does not s ...)
+	TODO: check
 CVE-2015-20002
 	RESERVED
 CVE-2015-20001 (In the standard library in Rust before 1.2.0, BinaryHeap is not panic- ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 26585e7566..97073bdf23 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,5 +1,5 @@
-CVE-2018-25019
-	RESERVED
+CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...)
+	TODO: check
 CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...)
 	- unrar-nonfree <unfixed> (bug #990541)
 	[bullseye] - unrar-nonfree <no-dsa> (Non-free not supported)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 45aea695f6..f6bed7a019 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,9 +1,9 @@
-CVE-2020-36505
-	RESERVED
-CVE-2020-36504
-	RESERVED
-CVE-2020-36503
-	RESERVED
+CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...)
+	TODO: check
+CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...)
+	TODO: check
+CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...)
+	TODO: check
 CVE-2020-36502 (Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-si ...)
 	NOT-FOR-US: Swift File Transfer Mobile
 CVE-2020-36501 (Multiple cross-site scripting (XSS) vulnerabilities in the Support mod ...)
@@ -5779,8 +5779,8 @@ CVE-2020-28704
 	RESERVED
 CVE-2020-28703
 	RESERVED
-CVE-2020-28702
-	RESERVED
+CVE-2020-28702 (A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 al ...)
+	TODO: check
 CVE-2020-28701
 	RESERVED
 CVE-2020-28700
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 3cd35dbd42..798489aee8 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,11 @@
+CVE-2021-43174
+	RESERVED
+CVE-2021-43173
+	RESERVED
+CVE-2021-43172
+	RESERVED
+CVE-2021-3917
+	RESERVED
 CVE-2021-43171
 	RESERVED
 CVE-2021-43170
@@ -545,8 +553,8 @@ CVE-2021-42919
 	RESERVED
 CVE-2021-42918
 	RESERVED
-CVE-2021-42917
-	RESERVED
+CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...)
+	TODO: check
 CVE-2021-42916
 	RESERVED
 CVE-2021-42915
@@ -1312,8 +1320,8 @@ CVE-2021-42559
 	RESERVED
 CVE-2021-42558
 	RESERVED
-CVE-2021-42557
-	RESERVED
+CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
+	TODO: check
 CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
 	NOT-FOR-US: Rasa X
 CVE-2021-42555
@@ -2640,8 +2648,8 @@ CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: snipe-it
 CVE-2021-3857
 	RESERVED
-CVE-2021-41973
-	RESERVED
+CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
+	TODO: check
 CVE-2021-41972
 	RESERVED
 CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
@@ -9952,8 +9960,8 @@ CVE-2021-38849
 	RESERVED
 CVE-2021-38848
 	RESERVED
-CVE-2021-38847
-	RESERVED
+CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...)
+	TODO: check
 CVE-2021-38846
 	RESERVED
 CVE-2021-38845
@@ -10438,10 +10446,10 @@ CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/us
 	NOT-FOR-US: Eigen
 CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...)
 	NOT-FOR-US: Eigen
-CVE-2021-3705
-	RESERVED
-CVE-2021-3704
-	RESERVED
+CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...)
+	TODO: check
+CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...)
+	TODO: check
 CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...)
 	- polipo <removed>
 	[buster] - polipo <ignored> (Minor issue)
@@ -17447,6 +17455,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-8.0 <unfixed>
 	- mysql-5.7 <removed>
 CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -17483,6 +17492,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition
 CVE-2021-35587
 	RESERVED
 CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -17501,6 +17511,7 @@ CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Orac
 CVE-2021-35579
 	RESERVED
 CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -17525,15 +17536,18 @@ CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Orac
 CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
 CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
 CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -17542,12 +17556,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle
 CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
 CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...)
 	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -17556,6 +17572,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Ser
 CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -17570,6 +17587,7 @@ CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
 CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
 CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -24332,6 +24350,7 @@ CVE-2021-32687 (Redis is an open source, in-memory database that persists on dis
 	- redis 5:6.0.16-1
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
 CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
+	{DSA-4999-1}
 	- asterisk 1:16.16.1~dfsg-2 (bug #991931)
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
@@ -24699,7 +24718,7 @@ CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect ac
 CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...)
 	NOT-FOR-US: pywin32
 CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x  ...)
-	{DLA-2729-1}
+	{DSA-4999-1 DLA-2729-1}
 	- asterisk 1:16.16.1~dfsg-2 (bug #991710)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html
 CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...)
@@ -33109,10 +33128,10 @@ CVE-2021-29215
 	RESERVED
 CVE-2021-29214
 	RESERVED
-CVE-2021-29213
-	RESERVED
-CVE-2021-29212
-	RESERVED
+CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
+	TODO: check
+CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...)
+	TODO: check
 CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
 	NOT-FOR-US: HPE
 CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
@@ -35450,8 +35469,8 @@ CVE-2021-28217
 	RESERVED
 CVE-2021-3441 (A potential security vulnerability has been identified for the HP Offi ...)
 	NOT-FOR-US: HP
-CVE-2021-3440
-	RESERVED
+CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart App for W ...)
+	TODO: check
 CVE-2021-3439
 	RESERVED
 CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...)
@@ -36866,8 +36885,8 @@ CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka g
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673
 	NOTE: Introducing commit present in Debian since 2.28-1 with addition of
 	NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919
-CVE-2021-27644
-	RESERVED
+CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized users can ...)
+	TODO: check
 CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
 	NOT-FOR-US: SAP
 CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
@@ -38263,10 +38282,10 @@ CVE-2021-27007
 	RESERVED
 CVE-2021-27006
 	RESERVED
-CVE-2021-27005
-	RESERVED
-CVE-2021-27004
-	RESERVED
+CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16,  ...)
+	TODO: check
+CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and  ...)
+	TODO: check
 CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...)
 	NOT-FOR-US: Clustered Data ONTAP (NetApp)
 CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...)
@@ -38903,10 +38922,10 @@ CVE-2021-26742
 	RESERVED
 CVE-2021-26741
 	RESERVED
-CVE-2021-26740
-	RESERVED
-CVE-2021-26739
-	RESERVED
+CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken doyocms 2 ...)
+	TODO: check
+CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows  ...)
+	TODO: check
 CVE-2021-26738
 	RESERVED
 CVE-2021-26737
@@ -41206,16 +41225,16 @@ CVE-2021-25880
 	RESERVED
 CVE-2021-25879
 	RESERVED
-CVE-2021-25878
-	RESERVED
-CVE-2021-25877
-	RESERVED
-CVE-2021-25876
-	RESERVED
-CVE-2021-25875
-	RESERVED
-CVE-2021-25874
-	RESERVED
+CVE-2021-25878 (AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cro ...)
+	TODO: check
+CVE-2021-25877 (AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. A ...)
+	TODO: check
+CVE-2021-25876 (AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script S ...)
+	TODO: check
+CVE-2021-25875 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflec ...)
+	TODO: check
+CVE-2021-25874 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQ ...)
+	TODO: check
 CVE-2021-25873
 	RESERVED
 CVE-2021-25872
@@ -43637,18 +43656,18 @@ CVE-2021-24815
 	RESERVED
 CVE-2021-24814
 	RESERVED
-CVE-2021-24813
-	RESERVED
+CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise  ...)
+	TODO: check
 CVE-2021-24812
 	RESERVED
 CVE-2021-24811
 	RESERVED
 CVE-2021-24810
 	RESERVED
-CVE-2021-24809
-	RESERVED
-CVE-2021-24808
-	RESERVED
+CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...)
+	TODO: check
+CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with ...)
+	TODO: check
 CVE-2021-24807
 	RESERVED
 CVE-2021-24806
@@ -43665,8 +43684,8 @@ CVE-2021-24801
 	RESERVED
 CVE-2021-24800
 	RESERVED
-CVE-2021-24799
-	RESERVED
+CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does not have ...)
+	TODO: check
 CVE-2021-24798
 	RESERVED
 CVE-2021-24797
@@ -43675,18 +43694,18 @@ CVE-2021-24796
 	RESERVED
 CVE-2021-24795
 	RESERVED
-CVE-2021-24794
-	RESERVED
-CVE-2021-24793
-	RESERVED
+CVE-2021-24794 (The Connections Business Directory WordPress plugin before 10.4.3 does ...)
+	TODO: check
+CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not ...)
+	TODO: check
 CVE-2021-24792
 	RESERVED
 CVE-2021-24791
 	RESERVED
 CVE-2021-24790
 	RESERVED
-CVE-2021-24789
-	RESERVED
+CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape some  ...)
+	TODO: check
 CVE-2021-24788
 	RESERVED
 CVE-2021-24787
@@ -43701,8 +43720,8 @@ CVE-2021-24783
 	RESERVED
 CVE-2021-24782
 	RESERVED
-CVE-2021-24781
-	RESERVED
+CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows users wi ...)
+	TODO: check
 CVE-2021-24780
 	RESERVED
 CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...)
@@ -43717,14 +43736,14 @@ CVE-2021-24775
 	RESERVED
 CVE-2021-24774 (The Check &amp; Log Email WordPress plugin before 1.0.3 does not valid ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24773
-	RESERVED
+CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...)
+	TODO: check
 CVE-2021-24772
 	RESERVED
 CVE-2021-24771
 	RESERVED
-CVE-2021-24770
-	RESERVED
+CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not perform  ...)
+	TODO: check
 CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24768
@@ -43749,8 +43768,8 @@ CVE-2021-24759
 	RESERVED
 CVE-2021-24758
 	RESERVED
-CVE-2021-24757
-	RESERVED
+CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform  ...)
+	TODO: check
 CVE-2021-24756
 	RESERVED
 CVE-2021-24755
@@ -43779,8 +43798,8 @@ CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24742
-	RESERVED
+CVE-2021-24742 (The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Edi ...)
+	TODO: check
 CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape multip ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...)
@@ -43817,10 +43836,10 @@ CVE-2021-24725 (The Comment Link Remove and Other Comment Tools WordPress plugin
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24724 (The Timetable and Event Schedule by MotoPress WordPress plugin before  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24723
-	RESERVED
-CVE-2021-24722
-	RESERVED
+CVE-2021-24723 (The WP Reactions Lite WordPress plugin before 1.3.6 does not properly  ...)
+	TODO: check
+CVE-2021-24722 (The Restaurant Menu by MotoPress WordPress plugin through 2.4.0 does n ...)
+	TODO: check
 CVE-2021-24721
 	RESERVED
 CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...)
@@ -43829,12 +43848,12 @@ CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to
 	NOT-FOR-US: WordPress theme
 CVE-2021-24718
 	RESERVED
-CVE-2021-24717
-	RESERVED
-CVE-2021-24716
-	RESERVED
-CVE-2021-24715
-	RESERVED
+CVE-2021-24717 (The AutomatorWP WordPress plugin before 1.7.6 does not perform capabil ...)
+	TODO: check
+CVE-2021-24716 (The Modern Events Calendar Lite WordPress plugin before 5.22.3 does no ...)
+	TODO: check
+CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sa ...)
+	TODO: check
 CVE-2021-24714
 	RESERVED
 CVE-2021-24713
@@ -43893,14 +43912,14 @@ CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 d
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24686
 	RESERVED
-CVE-2021-24685
-	RESERVED
+CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonc ...)
+	TODO: check
 CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24682
-	RESERVED
+CVE-2021-24682 (The Cool Tag Cloud WordPress plugin before 2.26 does not escape the st ...)
+	TODO: check
 CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24680
@@ -44015,8 +44034,8 @@ CVE-2021-24626
 	RESERVED
 CVE-2021-24625
 	RESERVED
-CVE-2021-24624
-	RESERVED
+CVE-2021-24624 (The MP3 Audio Player for Music, Radio &amp; Podcast by Sonaar WordPres ...)
+	TODO: check
 CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24622 (The Customer Service Software &amp; Support Ticket System WordPress pl ...)
@@ -44119,12 +44138,12 @@ CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not saniti
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24573
 	RESERVED
-CVE-2021-24572
-	RESERVED
+CVE-2021-24572 (The Accept Donations with PayPal WordPress plugin before 1.3.1 provide ...)
+	TODO: check
 CVE-2021-24571 (The HD Quiz WordPress plugin before 1.8.4 does not escape some of its  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24570
-	RESERVED
+CVE-2021-24570 (The Accept Donations with PayPal WordPress plugin before 1.3.1 offers  ...)
+	TODO: check
 CVE-2021-24569 (The Cookie Notice &amp; Compliance for GDPR / CCPA WordPress plugin be ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does not san ...)
@@ -44185,8 +44204,8 @@ CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not escape par ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24539
-	RESERVED
+CVE-2021-24539 (The Coming Soon, Under Construction &amp; Maintenance Mode By Dazzler  ...)
+	TODO: check
 CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24537
@@ -48652,10 +48671,10 @@ CVE-2021-22566
 	RESERVED
 CVE-2021-22565
 	RESERVED
-CVE-2021-22564
-	RESERVED
-CVE-2021-22563
-	RESERVED
+CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...)
+	TODO: check
+CVE-2021-22563 (Invalid JPEG XL images using libjxl can cause an out of bounds access  ...)
+	TODO: check
 CVE-2021-22562
 	RESERVED
 CVE-2021-22561
author	security tracker role <sectracker@soriano.debian.org>	2021-11-01 20:10:27 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-11-01 20:10:27 +0000
commit	f88a00793407002518a229da59e886b5d22a403c (patch)
tree	88ca0d824bac95b6e511f247d83f6e69a03b00b2
parent	87fad161e38ba2b1964503e6cba5b17ea314311a (diff)