[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 1 20:10:38 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a307b4b by security tracker role at 2021-11-01T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-43174
+	RESERVED
+CVE-2021-43173
+	RESERVED
+CVE-2021-43172
+	RESERVED
+CVE-2021-3917
+	RESERVED
 CVE-2021-43171
 	RESERVED
 CVE-2021-43170
@@ -176,18 +184,18 @@ CVE-2021-43084
 	RESERVED
 CVE-2021-3916
 	RESERVED
-CVE-2015-10001
-	RESERVED
+CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
+	TODO: check
 CVE-2021-43083
 	RESERVED
 CVE-2021-43082
 	RESERVED
 CVE-2021-3915
 	RESERVED
-CVE-2020-36505
-	RESERVED
-CVE-2020-36504
-	RESERVED
+CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...)
+	TODO: check
+CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...)
+	TODO: check
 CVE-2021-43081
 	RESERVED
 CVE-2021-43080
@@ -332,12 +340,12 @@ CVE-2021-3907
 	RESERVED
 CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous  ...)
 	NOT-FOR-US: bookstack
-CVE-2018-25019
-	RESERVED
-CVE-2015-20067
-	RESERVED
-CVE-2015-20019
-	RESERVED
+CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...)
+	TODO: check
+CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...)
+	TODO: check
+CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 does not s ...)
+	TODO: check
 CVE-2021-43032
 	RESERVED
 CVE-2021-43031
@@ -391,8 +399,8 @@ CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
 	NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
 	NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149)
-CVE-2020-36503
-	RESERVED
+CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...)
+	TODO: check
 CVE-2021-43010
 	RESERVED
 CVE-2021-43009
@@ -579,8 +587,8 @@ CVE-2021-42919
 	RESERVED
 CVE-2021-42918
 	RESERVED
-CVE-2021-42917
-	RESERVED
+CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...)
+	TODO: check
 CVE-2021-42916
 	RESERVED
 CVE-2021-42915
@@ -1372,8 +1380,8 @@ CVE-2021-42559
 	RESERVED
 CVE-2021-42558
 	RESERVED
-CVE-2021-42557
-	RESERVED
+CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
+	TODO: check
 CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
 	NOT-FOR-US: Rasa X
 CVE-2021-42555
@@ -3952,8 +3960,8 @@ CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: snipe-it
 CVE-2021-3857
 	RESERVED
-CVE-2021-41973
-	RESERVED
+CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
+	TODO: check
 CVE-2021-41972
 	RESERVED
 CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
@@ -11282,8 +11290,8 @@ CVE-2021-38849
 	RESERVED
 CVE-2021-38848
 	RESERVED
-CVE-2021-38847
-	RESERVED
+CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...)
+	TODO: check
 CVE-2021-38846
 	RESERVED
 CVE-2021-38845
@@ -11770,10 +11778,10 @@ CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/us
 	NOT-FOR-US: Eigen
 CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...)
 	NOT-FOR-US: Eigen
-CVE-2021-3705
-	RESERVED
-CVE-2021-3704
-	RESERVED
+CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...)
+	TODO: check
+CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...)
+	TODO: check
 CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...)
 	- polipo <removed>
 	[buster] - polipo <ignored> (Minor issue)
@@ -19030,6 +19038,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-8.0 <unfixed>
 	- mysql-5.7 <removed>
 CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -19066,6 +19075,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition
 CVE-2021-35587
 	RESERVED
 CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -19084,6 +19094,7 @@ CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Orac
 CVE-2021-35579
 	RESERVED
 CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -19108,15 +19119,18 @@ CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Orac
 CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
 CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
 CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -19125,12 +19139,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle
 CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
 CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...)
 	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -19139,6 +19155,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Ser
 CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
@@ -19153,6 +19170,7 @@ CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
 CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+	{DSA-5000-1}
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 <unfixed>
 CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -26023,6 +26041,7 @@ CVE-2021-32687 (Redis is an open source, in-memory database that persists on dis
 	- redis 5:6.0.16-1
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
 CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
+	{DSA-4999-1}
 	- asterisk 1:16.16.1~dfsg-2 (bug #991931)
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
@@ -26390,7 +26409,7 @@ CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect ac
 CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...)
 	NOT-FOR-US: pywin32
 CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x  ...)
-	{DLA-2729-1}
+	{DSA-4999-1 DLA-2729-1}
 	- asterisk 1:16.16.1~dfsg-2 (bug #991710)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html
 CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...)
@@ -35168,10 +35187,10 @@ CVE-2021-29215
 	RESERVED
 CVE-2021-29214
 	RESERVED
-CVE-2021-29213
-	RESERVED
-CVE-2021-29212
-	RESERVED
+CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
+	TODO: check
+CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...)
+	TODO: check
 CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
 	NOT-FOR-US: HPE
 CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
@@ -37515,8 +37534,8 @@ CVE-2021-28217
 	RESERVED
 CVE-2021-3441 (A potential security vulnerability has been identified for the HP Offi ...)
 	NOT-FOR-US: HP
-CVE-2021-3440
-	RESERVED
+CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart App for W ...)
+	TODO: check
 CVE-2021-3439
 	RESERVED
 CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...)
@@ -39020,8 +39039,8 @@ CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka g
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673
 	NOTE: Introducing commit present in Debian since 2.28-1 with addition of
 	NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919
-CVE-2021-27644
-	RESERVED
+CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized users can ...)
+	TODO: check
 CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
 	NOT-FOR-US: SAP
 CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
@@ -40454,10 +40473,10 @@ CVE-2021-27007
 	RESERVED
 CVE-2021-27006
 	RESERVED
-CVE-2021-27005
-	RESERVED
-CVE-2021-27004
-	RESERVED
+CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16,  ...)
+	TODO: check
+CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and  ...)
+	TODO: check
 CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...)
 	NOT-FOR-US: Clustered Data ONTAP (NetApp)
 CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...)
@@ -41107,10 +41126,10 @@ CVE-2021-26742
 	RESERVED
 CVE-2021-26741
 	RESERVED
-CVE-2021-26740
-	RESERVED
-CVE-2021-26739
-	RESERVED
+CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken doyocms 2 ...)
+	TODO: check
+CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows  ...)
+	TODO: check
 CVE-2021-26738
 	RESERVED
 CVE-2021-26737
@@ -43567,16 +43586,16 @@ CVE-2021-25880
 	RESERVED
 CVE-2021-25879
 	RESERVED
-CVE-2021-25878
-	RESERVED
-CVE-2021-25877
-	RESERVED
-CVE-2021-25876
-	RESERVED
-CVE-2021-25875
-	RESERVED
-CVE-2021-25874
-	RESERVED
+CVE-2021-25878 (AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cro ...)
+	TODO: check
+CVE-2021-25877 (AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. A ...)
+	TODO: check
+CVE-2021-25876 (AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script S ...)
+	TODO: check
+CVE-2021-25875 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflec ...)
+	TODO: check
+CVE-2021-25874 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQ ...)
+	TODO: check
 CVE-2021-25873
 	RESERVED
 CVE-2021-25872
@@ -46020,18 +46039,18 @@ CVE-2021-24815
 	RESERVED
 CVE-2021-24814
 	RESERVED
-CVE-2021-24813
-	RESERVED
+CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise  ...)
+	TODO: check
 CVE-2021-24812
 	RESERVED
 CVE-2021-24811
 	RESERVED
 CVE-2021-24810
 	RESERVED
-CVE-2021-24809
-	RESERVED
-CVE-2021-24808
-	RESERVED
+CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...)
+	TODO: check
+CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with ...)
+	TODO: check
 CVE-2021-24807
 	RESERVED
 CVE-2021-24806
@@ -46048,8 +46067,8 @@ CVE-2021-24801
 	RESERVED
 CVE-2021-24800
 	RESERVED
-CVE-2021-24799
-	RESERVED
+CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does not have ...)
+	TODO: check
 CVE-2021-24798
 	RESERVED
 CVE-2021-24797
@@ -46058,18 +46077,18 @@ CVE-2021-24796
 	RESERVED
 CVE-2021-24795
 	RESERVED
-CVE-2021-24794
-	RESERVED
-CVE-2021-24793
-	RESERVED
+CVE-2021-24794 (The Connections Business Directory WordPress plugin before 10.4.3 does ...)
+	TODO: check
+CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not ...)
+	TODO: check
 CVE-2021-24792
 	RESERVED
 CVE-2021-24791
 	RESERVED
 CVE-2021-24790
 	RESERVED
-CVE-2021-24789
-	RESERVED
+CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape some  ...)
+	TODO: check
 CVE-2021-24788
 	RESERVED
 CVE-2021-24787
@@ -46084,8 +46103,8 @@ CVE-2021-24783
 	RESERVED
 CVE-2021-24782
 	RESERVED
-CVE-2021-24781
-	RESERVED
+CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows users wi ...)
+	TODO: check
 CVE-2021-24780
 	RESERVED
 CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...)
@@ -46100,14 +46119,14 @@ CVE-2021-24775
 	RESERVED
 CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24773
-	RESERVED
+CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...)
+	TODO: check
 CVE-2021-24772
 	RESERVED
 CVE-2021-24771
 	RESERVED
-CVE-2021-24770
-	RESERVED
+CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not perform  ...)
+	TODO: check
 CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24768
@@ -46132,8 +46151,8 @@ CVE-2021-24759
 	RESERVED
 CVE-2021-24758
 	RESERVED
-CVE-2021-24757
-	RESERVED
+CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform  ...)
+	TODO: check
 CVE-2021-24756
 	RESERVED
 CVE-2021-24755
@@ -46162,8 +46181,8 @@ CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24742
-	RESERVED
+CVE-2021-24742 (The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Edi ...)
+	TODO: check
 CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape multip ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...)
@@ -46200,10 +46219,10 @@ CVE-2021-24725 (The Comment Link Remove and Other Comment Tools WordPress plugin
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24724 (The Timetable and Event Schedule by MotoPress WordPress plugin before  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24723
-	RESERVED
-CVE-2021-24722
-	RESERVED
+CVE-2021-24723 (The WP Reactions Lite WordPress plugin before 1.3.6 does not properly  ...)
+	TODO: check
+CVE-2021-24722 (The Restaurant Menu by MotoPress WordPress plugin through 2.4.0 does n ...)
+	TODO: check
 CVE-2021-24721
 	RESERVED
 CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...)
@@ -46212,12 +46231,12 @@ CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to
 	NOT-FOR-US: WordPress theme
 CVE-2021-24718
 	RESERVED
-CVE-2021-24717
-	RESERVED
-CVE-2021-24716
-	RESERVED
-CVE-2021-24715
-	RESERVED
+CVE-2021-24717 (The AutomatorWP WordPress plugin before 1.7.6 does not perform capabil ...)
+	TODO: check
+CVE-2021-24716 (The Modern Events Calendar Lite WordPress plugin before 5.22.3 does no ...)
+	TODO: check
+CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sa ...)
+	TODO: check
 CVE-2021-24714
 	RESERVED
 CVE-2021-24713
@@ -46276,14 +46295,14 @@ CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 d
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24686
 	RESERVED
-CVE-2021-24685
-	RESERVED
+CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonc ...)
+	TODO: check
 CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24682
-	RESERVED
+CVE-2021-24682 (The Cool Tag Cloud WordPress plugin before 2.26 does not escape the st ...)
+	TODO: check
 CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24680
@@ -46398,8 +46417,8 @@ CVE-2021-24626
 	RESERVED
 CVE-2021-24625
 	RESERVED
-CVE-2021-24624
-	RESERVED
+CVE-2021-24624 (The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPres ...)
+	TODO: check
 CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24622 (The Customer Service Software & Support Ticket System WordPress pl ...)
@@ -46502,12 +46521,12 @@ CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not saniti
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24573
 	RESERVED
-CVE-2021-24572
-	RESERVED
+CVE-2021-24572 (The Accept Donations with PayPal WordPress plugin before 1.3.1 provide ...)
+	TODO: check
 CVE-2021-24571 (The HD Quiz WordPress plugin before 1.8.4 does not escape some of its  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24570
-	RESERVED
+CVE-2021-24570 (The Accept Donations with PayPal WordPress plugin before 1.3.1 offers  ...)
+	TODO: check
 CVE-2021-24569 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin be ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does not san ...)
@@ -46568,8 +46587,8 @@ CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not escape par ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24539
-	RESERVED
+CVE-2021-24539 (The Coming Soon, Under Construction & Maintenance Mode By Dazzler  ...)
+	TODO: check
 CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24537
@@ -51170,10 +51189,10 @@ CVE-2021-22566
 	RESERVED
 CVE-2021-22565
 	RESERVED
-CVE-2021-22564
-	RESERVED
-CVE-2021-22563
-	RESERVED
+CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...)
+	TODO: check
+CVE-2021-22563 (Invalid JPEG XL images using libjxl can cause an out of bounds access  ...)
+	TODO: check
 CVE-2021-22562
 	RESERVED
 CVE-2021-22561
@@ -64281,8 +64300,8 @@ CVE-2020-28704
 	RESERVED
 CVE-2020-28703
 	RESERVED
-CVE-2020-28702
-	RESERVED
+CVE-2020-28702 (A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 al ...)
+	TODO: check
 CVE-2020-28701
 	RESERVED
 CVE-2020-28700



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a307b4b04f3fb008e24edf318500c3b199a1691

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a307b4b04f3fb008e24edf318500c3b199a1691
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211101/921785ec/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list