[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 3 09:10:26 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e931d30b by security tracker role at 2022-06-03T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2022-32274
+	RESERVED
+CVE-2022-32273
+	RESERVED
+CVE-2022-32272
+	RESERVED
+CVE-2022-32271 (In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code ...)
+	TODO: check
+CVE-2022-32270 (In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows do ...)
+	TODO: check
+CVE-2022-32269 (In Real Player 20.0.8.310, the G2 Control allows injection of unsafe j ...)
+	TODO: check
+CVE-2022-32268 (StarWind SAN and NAS v0.2 build 1914 allow remote code execution. ...)
+	TODO: check
+CVE-2022-32267
+	RESERVED
+CVE-2022-32266
+	RESERVED
+CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent character is f ...)
+	TODO: check
+CVE-2022-32264
+	RESERVED
+CVE-2022-32263
+	RESERVED
+CVE-2022-32262
+	RESERVED
+CVE-2022-32261
+	RESERVED
+CVE-2022-32260
+	RESERVED
+CVE-2022-32259
+	RESERVED
+CVE-2022-32258
+	RESERVED
+CVE-2022-32257
+	RESERVED
+CVE-2022-32256
+	RESERVED
+CVE-2022-32255
+	RESERVED
+CVE-2022-32254
+	RESERVED
+CVE-2022-32253
+	RESERVED
+CVE-2022-32252
+	RESERVED
+CVE-2022-32251
+	RESERVED
+CVE-2022-32250 (net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allow ...)
+	TODO: check
+CVE-2022-32249
+	RESERVED
+CVE-2022-32248
+	RESERVED
+CVE-2022-32247
+	RESERVED
+CVE-2022-32246
+	RESERVED
+CVE-2022-32245
+	RESERVED
+CVE-2022-32244
+	RESERVED
+CVE-2022-32243
+	RESERVED
+CVE-2022-32242
+	RESERVED
+CVE-2022-32241
+	RESERVED
+CVE-2022-32240
+	RESERVED
+CVE-2022-32239
+	RESERVED
+CVE-2022-32238
+	RESERVED
+CVE-2022-32237
+	RESERVED
+CVE-2022-32236
+	RESERVED
+CVE-2022-32235
+	RESERVED
+CVE-2022-1986
+	RESERVED
 CVE-2022-32234
 	RESERVED
 CVE-2022-30943
@@ -2197,16 +2279,16 @@ CVE-2022-31465
 	RESERVED
 CVE-2022-31464
 	RESERVED
-CVE-2022-31463
-	RESERVED
-CVE-2022-31462
-	RESERVED
-CVE-2022-31461
-	RESERVED
-CVE-2022-31460
-	RESERVED
-CVE-2022-31459
-	RESERVED
+CVE-2022-31463 (Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetoot ...)
+	TODO: check
+CVE-2022-31462 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device v ...)
+	TODO: check
+CVE-2022-31461 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passc ...)
+	TODO: check
+CVE-2022-31460 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering M ...)
+	TODO: check
+CVE-2022-31459 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcod ...)
+	TODO: check
 CVE-2022-31458
 	RESERVED
 CVE-2022-31457
@@ -3187,8 +3269,8 @@ CVE-2022-31026
 	RESERVED
 CVE-2022-31025
 	RESERVED
-CVE-2022-31024
-	RESERVED
+CVE-2022-31024 (richdocuments is the repository for NextCloud Collabra, the app for Ne ...)
+	TODO: check
 CVE-2022-31023 (Play Framework is a web framework for Java and Scala. Verions prior to ...)
 	TODO: check
 CVE-2022-31022 (Bleve is a text indexing library for go. Bleve includes HTTP utilities ...)
@@ -5516,20 +5598,20 @@ CVE-2022-30240 (An argument injection vulnerability in the browser-based authent
 	NOT-FOR-US: Magnitude Simba Amazon Redshift JDBC Driver
 CVE-2022-30239 (An argument injection vulnerability in the browser-based authenticatio ...)
 	NOT-FOR-US: Magnitude Simba Amazon Athena JDBC Driver
-CVE-2022-30238
-	RESERVED
-CVE-2022-30237
-	RESERVED
-CVE-2022-30236
-	RESERVED
-CVE-2022-30235
-	RESERVED
-CVE-2022-30234
-	RESERVED
-CVE-2022-30233
-	RESERVED
-CVE-2022-30232
-	RESERVED
+CVE-2022-30238 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
+	TODO: check
+CVE-2022-30237 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists t ...)
+	TODO: check
+CVE-2022-30236 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...)
+	TODO: check
+CVE-2022-30235 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...)
+	TODO: check
+CVE-2022-30234 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
+	TODO: check
+CVE-2022-30233 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
+	TODO: check
+CVE-2022-30232 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+	TODO: check
 CVE-2022-30231
 	RESERVED
 CVE-2022-30230
@@ -7037,8 +7119,8 @@ CVE-2022-29769
 	RESERVED
 CVE-2022-29768
 	RESERVED
-CVE-2022-29767
-	RESERVED
+CVE-2022-29767 (adbyby v2.7 allows external users to make connections via port 8118. T ...)
+	TODO: check
 CVE-2022-29766
 	RESERVED
 CVE-2022-29765
@@ -7135,8 +7217,8 @@ CVE-2022-29720 (74cmsSE v3.5.1 was discovered to contain an arbitrary file read
 	NOT-FOR-US: 74cmsSE
 CVE-2022-29719
 	RESERVED
-CVE-2022-29718
-	RESERVED
+CVE-2022-29718 (Caddy v2.4 was discovered to contain an open redirect vulnerability. A ...)
+	TODO: check
 CVE-2022-29717
 	RESERVED
 CVE-2022-29716
@@ -7429,8 +7511,8 @@ CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication bypa
 	NOT-FOR-US: MicroStrategy Enterprise Manager
 CVE-2022-29595
 	RESERVED
-CVE-2022-29594
-	RESERVED
+CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escalation o ...)
+	TODO: check
 CVE-2022-29593
 	RESERVED
 CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...)
@@ -8862,10 +8944,10 @@ CVE-2022-29087
 	RESERVED
 CVE-2022-29086
 	RESERVED
-CVE-2022-29085
-	RESERVED
-CVE-2022-29084
-	RESERVED
+CVE-2022-29085 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0 ...)
+	TODO: check
+CVE-2022-29084 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5 ...)
+	TODO: check
 CVE-2022-29083
 	RESERVED
 CVE-2022-29082 (Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0 ...)
@@ -15308,14 +15390,14 @@ CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Centr
 	NOT-FOR-US: Trend Micro
 CVE-2022-26870
 	RESERVED
-CVE-2022-26869
-	RESERVED
-CVE-2022-26868
-	RESERVED
-CVE-2022-26867
-	RESERVED
-CVE-2022-26866
-	RESERVED
+CVE-2022-26869 (Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open ...)
+	TODO: check
+CVE-2022-26868 (Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnera ...)
+	TODO: check
+CVE-2022-26867 (PowerStore SW v2.1.1.0 supports the option to export data to either a  ...)
+	TODO: check
+CVE-2022-26866 (Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site ...)
+	TODO: check
 CVE-2022-26865 (Dell Support Assist OS Recovery versions before 5.5.2 contain an Authe ...)
 	NOT-FOR-US: Dell SupportAssist
 CVE-2022-26864
@@ -29332,10 +29414,10 @@ CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken
 	NOT-FOR-US: Dell PowerScale OneFS
 CVE-2022-22558 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...)
 	NOT-FOR-US: Dell
-CVE-2022-22557
-	RESERVED
-CVE-2022-22556
-	RESERVED
+CVE-2022-22557 (PowerStore contains Plain-Text Password Storage Vulnerability in Power ...)
+	TODO: check
+CVE-2022-22556 (Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerab ...)
+	TODO: check
 CVE-2022-22555
 	RESERVED
 CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...)
@@ -42721,12 +42803,12 @@ CVE-2021-42879
 	RESERVED
 CVE-2021-42878
 	RESERVED
-CVE-2021-42877
-	RESERVED
+CVE-2021-42877 (TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerabil ...)
+	TODO: check
 CVE-2021-42876
 	RESERVED
-CVE-2021-42875
-	RESERVED
+CVE-2021-42875 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...)
+	TODO: check
 CVE-2021-42874
 	RESERVED
 CVE-2021-42873
@@ -67305,8 +67387,8 @@ CVE-2021-33475
 	RESERVED
 CVE-2021-33474
 	RESERVED
-CVE-2021-33473
-	RESERVED
+CVE-2021-33473 (An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allow ...)
+	TODO: check
 CVE-2021-33472
 	RESERVED
 CVE-2021-33471



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e931d30b22e430caad67e744cdca7fbc63788b2f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e931d30b22e430caad67e744cdca7fbc63788b2f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220603/1dc2ca24/attachment.htm>

More information about the debian-security-tracker-commits mailing list