From f88a00793407002518a229da59e886b5d22a403c Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 1 Nov 2021 20:10:27 +0000 Subject: automatic update --- data/CVE/2015.list | 12 ++-- data/CVE/2018.list | 4 +- data/CVE/2020.list | 16 ++--- data/CVE/2021.list | 197 +++++++++++++++++++++++++++++------------------------ 4 files changed, 124 insertions(+), 105 deletions(-) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 35b823b2dc..d9bb26930a 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,9 +1,9 @@ -CVE-2015-10001 - RESERVED -CVE-2015-20067 - RESERVED -CVE-2015-20019 - RESERVED +CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...) + TODO: check +CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...) + TODO: check +CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 does not s ...) + TODO: check CVE-2015-20002 RESERVED CVE-2015-20001 (In the standard library in Rust before 1.2.0, BinaryHeap is not panic- ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 26585e7566..97073bdf23 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,5 +1,5 @@ -CVE-2018-25019 - RESERVED +CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...) + TODO: check CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...) - unrar-nonfree (bug #990541) [bullseye] - unrar-nonfree (Non-free not supported) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 45aea695f6..f6bed7a019 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,9 +1,9 @@ -CVE-2020-36505 - RESERVED -CVE-2020-36504 - RESERVED -CVE-2020-36503 - RESERVED +CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...) + TODO: check +CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...) + TODO: check +CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...) + TODO: check CVE-2020-36502 (Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-si ...) NOT-FOR-US: Swift File Transfer Mobile CVE-2020-36501 (Multiple cross-site scripting (XSS) vulnerabilities in the Support mod ...) @@ -5779,8 +5779,8 @@ CVE-2020-28704 RESERVED CVE-2020-28703 RESERVED -CVE-2020-28702 - RESERVED +CVE-2020-28702 (A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 al ...) + TODO: check CVE-2020-28701 RESERVED CVE-2020-28700 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 3cd35dbd42..798489aee8 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,11 @@ +CVE-2021-43174 + RESERVED +CVE-2021-43173 + RESERVED +CVE-2021-43172 + RESERVED +CVE-2021-3917 + RESERVED CVE-2021-43171 RESERVED CVE-2021-43170 @@ -545,8 +553,8 @@ CVE-2021-42919 RESERVED CVE-2021-42918 RESERVED -CVE-2021-42917 - RESERVED +CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...) + TODO: check CVE-2021-42916 RESERVED CVE-2021-42915 @@ -1312,8 +1320,8 @@ CVE-2021-42559 RESERVED CVE-2021-42558 RESERVED -CVE-2021-42557 - RESERVED +CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...) + TODO: check CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...) NOT-FOR-US: Rasa X CVE-2021-42555 @@ -2640,8 +2648,8 @@ CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: snipe-it CVE-2021-3857 RESERVED -CVE-2021-41973 - RESERVED +CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...) + TODO: check CVE-2021-41972 RESERVED CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...) @@ -9952,8 +9960,8 @@ CVE-2021-38849 RESERVED CVE-2021-38848 RESERVED -CVE-2021-38847 - RESERVED +CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...) + TODO: check CVE-2021-38846 RESERVED CVE-2021-38845 @@ -10438,10 +10446,10 @@ CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/us NOT-FOR-US: Eigen CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...) NOT-FOR-US: Eigen -CVE-2021-3705 - RESERVED -CVE-2021-3704 - RESERVED +CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...) + TODO: check +CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...) + TODO: check CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...) - polipo [buster] - polipo (Minor issue) @@ -17447,6 +17455,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo - mysql-8.0 - mysql-5.7 CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 @@ -17483,6 +17492,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition CVE-2021-35587 RESERVED CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 @@ -17501,6 +17511,7 @@ CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Orac CVE-2021-35579 RESERVED CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 @@ -17525,15 +17536,18 @@ CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Orac CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-1} - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 @@ -17542,12 +17556,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 @@ -17556,6 +17572,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Ser CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 @@ -17570,6 +17587,7 @@ CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-1} - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) @@ -24332,6 +24350,7 @@ CVE-2021-32687 (Redis is an open source, in-memory database that persists on dis - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-4999-1} - asterisk 1:16.16.1~dfsg-2 (bug #991931) [stretch] - asterisk (Vulnerable code not present) - pjproject @@ -24699,7 +24718,7 @@ CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect ac CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...) NOT-FOR-US: pywin32 CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x ...) - {DLA-2729-1} + {DSA-4999-1 DLA-2729-1} - asterisk 1:16.16.1~dfsg-2 (bug #991710) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...) @@ -33109,10 +33128,10 @@ CVE-2021-29215 RESERVED CVE-2021-29214 RESERVED -CVE-2021-29213 - RESERVED -CVE-2021-29212 - RESERVED +CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...) + TODO: check +CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...) + TODO: check CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) NOT-FOR-US: HPE CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) @@ -35450,8 +35469,8 @@ CVE-2021-28217 RESERVED CVE-2021-3441 (A potential security vulnerability has been identified for the HP Offi ...) NOT-FOR-US: HP -CVE-2021-3440 - RESERVED +CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart App for W ...) + TODO: check CVE-2021-3439 RESERVED CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...) @@ -36866,8 +36885,8 @@ CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka g NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673 NOTE: Introducing commit present in Debian since 2.28-1 with addition of NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919 -CVE-2021-27644 - RESERVED +CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized users can ...) + TODO: check CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) @@ -38263,10 +38282,10 @@ CVE-2021-27007 RESERVED CVE-2021-27006 RESERVED -CVE-2021-27005 - RESERVED -CVE-2021-27004 - RESERVED +CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, ...) + TODO: check +CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and ...) + TODO: check CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...) NOT-FOR-US: Clustered Data ONTAP (NetApp) CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...) @@ -38903,10 +38922,10 @@ CVE-2021-26742 RESERVED CVE-2021-26741 RESERVED -CVE-2021-26740 - RESERVED -CVE-2021-26739 - RESERVED +CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken doyocms 2 ...) + TODO: check +CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows ...) + TODO: check CVE-2021-26738 RESERVED CVE-2021-26737 @@ -41206,16 +41225,16 @@ CVE-2021-25880 RESERVED CVE-2021-25879 RESERVED -CVE-2021-25878 - RESERVED -CVE-2021-25877 - RESERVED -CVE-2021-25876 - RESERVED -CVE-2021-25875 - RESERVED -CVE-2021-25874 - RESERVED +CVE-2021-25878 (AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cro ...) + TODO: check +CVE-2021-25877 (AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. A ...) + TODO: check +CVE-2021-25876 (AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script S ...) + TODO: check +CVE-2021-25875 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflec ...) + TODO: check +CVE-2021-25874 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQ ...) + TODO: check CVE-2021-25873 RESERVED CVE-2021-25872 @@ -43637,18 +43656,18 @@ CVE-2021-24815 RESERVED CVE-2021-24814 RESERVED -CVE-2021-24813 - RESERVED +CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise ...) + TODO: check CVE-2021-24812 RESERVED CVE-2021-24811 RESERVED CVE-2021-24810 RESERVED -CVE-2021-24809 - RESERVED -CVE-2021-24808 - RESERVED +CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...) + TODO: check +CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with ...) + TODO: check CVE-2021-24807 RESERVED CVE-2021-24806 @@ -43665,8 +43684,8 @@ CVE-2021-24801 RESERVED CVE-2021-24800 RESERVED -CVE-2021-24799 - RESERVED +CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does not have ...) + TODO: check CVE-2021-24798 RESERVED CVE-2021-24797 @@ -43675,18 +43694,18 @@ CVE-2021-24796 RESERVED CVE-2021-24795 RESERVED -CVE-2021-24794 - RESERVED -CVE-2021-24793 - RESERVED +CVE-2021-24794 (The Connections Business Directory WordPress plugin before 10.4.3 does ...) + TODO: check +CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not ...) + TODO: check CVE-2021-24792 RESERVED CVE-2021-24791 RESERVED CVE-2021-24790 RESERVED -CVE-2021-24789 - RESERVED +CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape some ...) + TODO: check CVE-2021-24788 RESERVED CVE-2021-24787 @@ -43701,8 +43720,8 @@ CVE-2021-24783 RESERVED CVE-2021-24782 RESERVED -CVE-2021-24781 - RESERVED +CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows users wi ...) + TODO: check CVE-2021-24780 RESERVED CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...) @@ -43717,14 +43736,14 @@ CVE-2021-24775 RESERVED CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...) NOT-FOR-US: WordPress plugin -CVE-2021-24773 - RESERVED +CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...) + TODO: check CVE-2021-24772 RESERVED CVE-2021-24771 RESERVED -CVE-2021-24770 - RESERVED +CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not perform ...) + TODO: check CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...) NOT-FOR-US: WordPress plugin CVE-2021-24768 @@ -43749,8 +43768,8 @@ CVE-2021-24759 RESERVED CVE-2021-24758 RESERVED -CVE-2021-24757 - RESERVED +CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform ...) + TODO: check CVE-2021-24756 RESERVED CVE-2021-24755 @@ -43779,8 +43798,8 @@ CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1 NOT-FOR-US: WordPress plugin CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...) NOT-FOR-US: WordPress plugin -CVE-2021-24742 - RESERVED +CVE-2021-24742 (The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Edi ...) + TODO: check CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape multip ...) NOT-FOR-US: WordPress plugin CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...) @@ -43817,10 +43836,10 @@ CVE-2021-24725 (The Comment Link Remove and Other Comment Tools WordPress plugin NOT-FOR-US: WordPress plugin CVE-2021-24724 (The Timetable and Event Schedule by MotoPress WordPress plugin before ...) NOT-FOR-US: WordPress plugin -CVE-2021-24723 - RESERVED -CVE-2021-24722 - RESERVED +CVE-2021-24723 (The WP Reactions Lite WordPress plugin before 1.3.6 does not properly ...) + TODO: check +CVE-2021-24722 (The Restaurant Menu by MotoPress WordPress plugin through 2.4.0 does n ...) + TODO: check CVE-2021-24721 RESERVED CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...) @@ -43829,12 +43848,12 @@ CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to NOT-FOR-US: WordPress theme CVE-2021-24718 RESERVED -CVE-2021-24717 - RESERVED -CVE-2021-24716 - RESERVED -CVE-2021-24715 - RESERVED +CVE-2021-24717 (The AutomatorWP WordPress plugin before 1.7.6 does not perform capabil ...) + TODO: check +CVE-2021-24716 (The Modern Events Calendar Lite WordPress plugin before 5.22.3 does no ...) + TODO: check +CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sa ...) + TODO: check CVE-2021-24714 RESERVED CVE-2021-24713 @@ -43893,14 +43912,14 @@ CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 d NOT-FOR-US: WordPress plugin CVE-2021-24686 RESERVED -CVE-2021-24685 - RESERVED +CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonc ...) + TODO: check CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...) NOT-FOR-US: WordPress plugin CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...) NOT-FOR-US: WordPress plugin -CVE-2021-24682 - RESERVED +CVE-2021-24682 (The Cool Tag Cloud WordPress plugin before 2.26 does not escape the st ...) + TODO: check CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24680 @@ -44015,8 +44034,8 @@ CVE-2021-24626 RESERVED CVE-2021-24625 RESERVED -CVE-2021-24624 - RESERVED +CVE-2021-24624 (The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPres ...) + TODO: check CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...) NOT-FOR-US: WordPress plugin CVE-2021-24622 (The Customer Service Software & Support Ticket System WordPress pl ...) @@ -44119,12 +44138,12 @@ CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not saniti NOT-FOR-US: WordPress plugin CVE-2021-24573 RESERVED -CVE-2021-24572 - RESERVED +CVE-2021-24572 (The Accept Donations with PayPal WordPress plugin before 1.3.1 provide ...) + TODO: check CVE-2021-24571 (The HD Quiz WordPress plugin before 1.8.4 does not escape some of its ...) NOT-FOR-US: WordPress plugin -CVE-2021-24570 - RESERVED +CVE-2021-24570 (The Accept Donations with PayPal WordPress plugin before 1.3.1 offers ...) + TODO: check CVE-2021-24569 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does not san ...) @@ -44185,8 +44204,8 @@ CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape NOT-FOR-US: WordPress plugin CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not escape par ...) NOT-FOR-US: WordPress plugin -CVE-2021-24539 - RESERVED +CVE-2021-24539 (The Coming Soon, Under Construction & Maintenance Mode By Dazzler ...) + TODO: check CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...) NOT-FOR-US: WordPress plugin CVE-2021-24537 @@ -48652,10 +48671,10 @@ CVE-2021-22566 RESERVED CVE-2021-22565 RESERVED -CVE-2021-22564 - RESERVED -CVE-2021-22563 - RESERVED +CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...) + TODO: check +CVE-2021-22563 (Invalid JPEG XL images using libjxl can cause an out of bounds access ...) + TODO: check CVE-2021-22562 RESERVED CVE-2021-22561 -- cgit v1.2.3