Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e931d30b by security tracker role at 2022-06-03T08:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,85 @@ +CVE-2022-32274 + RESERVED +CVE-2022-32273 + RESERVED +CVE-2022-32272 + RESERVED +CVE-2022-32271 (In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code ...) + TODO: check +CVE-2022-32270 (In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows do ...) + TODO: check +CVE-2022-32269 (In Real Player 20.0.8.310, the G2 Control allows injection of unsafe j ...) + TODO: check +CVE-2022-32268 (StarWind SAN and NAS v0.2 build 1914 allow remote code execution. ...) + TODO: check +CVE-2022-32267 + RESERVED +CVE-2022-32266 + RESERVED +CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent character is f ...) + TODO: check +CVE-2022-32264 + RESERVED +CVE-2022-32263 + RESERVED +CVE-2022-32262 + RESERVED +CVE-2022-32261 + RESERVED +CVE-2022-32260 + RESERVED +CVE-2022-32259 + RESERVED +CVE-2022-32258 + RESERVED +CVE-2022-32257 + RESERVED +CVE-2022-32256 + RESERVED +CVE-2022-32255 + RESERVED +CVE-2022-32254 + RESERVED +CVE-2022-32253 + RESERVED +CVE-2022-32252 + RESERVED +CVE-2022-32251 + RESERVED +CVE-2022-32250 (net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allow ...) + TODO: check +CVE-2022-32249 + RESERVED +CVE-2022-32248 + RESERVED +CVE-2022-32247 + RESERVED +CVE-2022-32246 + RESERVED +CVE-2022-32245 + RESERVED +CVE-2022-32244 + RESERVED +CVE-2022-32243 + RESERVED +CVE-2022-32242 + RESERVED +CVE-2022-32241 + RESERVED +CVE-2022-32240 + RESERVED +CVE-2022-32239 + RESERVED +CVE-2022-32238 + RESERVED +CVE-2022-32237 + RESERVED +CVE-2022-32236 + RESERVED +CVE-2022-32235 + RESERVED +CVE-2022-1986 + RESERVED CVE-2022-32234 RESERVED CVE-2022-30943 @@ -2197,16 +2279,16 @@ CVE-2022-31465 RESERVED CVE-2022-31464 RESERVED -CVE-2022-31463 - RESERVED -CVE-2022-31462 - RESERVED -CVE-2022-31461 - RESERVED -CVE-2022-31460 - RESERVED -CVE-2022-31459 - RESERVED +CVE-2022-31463 (Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetoot ...) + TODO: check +CVE-2022-31462 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device v ...) + TODO: check +CVE-2022-31461 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passc ...) + TODO: check +CVE-2022-31460 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering M ...) + TODO: check +CVE-2022-31459 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcod ...) + TODO: check CVE-2022-31458 RESERVED CVE-2022-31457 @@ -3187,8 +3269,8 @@ CVE-2022-31026 RESERVED CVE-2022-31025 RESERVED -CVE-2022-31024 - RESERVED +CVE-2022-31024 (richdocuments is the repository for NextCloud Collabra, the app for Ne ...) + TODO: check CVE-2022-31023 (Play Framework is a web framework for Java and Scala. Verions prior to ...) TODO: check CVE-2022-31022 (Bleve is a text indexing library for go. Bleve includes HTTP utilities ...) @@ -5516,20 +5598,20 @@ CVE-2022-30240 (An argument injection vulnerability in the browser-based authent NOT-FOR-US: Magnitude Simba Amazon Redshift JDBC Driver CVE-2022-30239 (An argument injection vulnerability in the browser-based authenticatio ...) NOT-FOR-US: Magnitude Simba Amazon Athena JDBC Driver -CVE-2022-30238 - RESERVED -CVE-2022-30237 - RESERVED -CVE-2022-30236 - RESERVED -CVE-2022-30235 - RESERVED -CVE-2022-30234 - RESERVED -CVE-2022-30233 - RESERVED -CVE-2022-30232 - RESERVED +CVE-2022-30238 (A CWE-287: Improper Authentication vulnerability exists that could all ...) + TODO: check +CVE-2022-30237 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists t ...) + TODO: check +CVE-2022-30236 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...) + TODO: check +CVE-2022-30235 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) + TODO: check +CVE-2022-30234 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) + TODO: check +CVE-2022-30233 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) + TODO: check +CVE-2022-30232 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) + TODO: check CVE-2022-30231 RESERVED CVE-2022-30230 @@ -7037,8 +7119,8 @@ CVE-2022-29769 RESERVED CVE-2022-29768 RESERVED -CVE-2022-29767 - RESERVED +CVE-2022-29767 (adbyby v2.7 allows external users to make connections via port 8118. T ...) + TODO: check CVE-2022-29766 RESERVED CVE-2022-29765 @@ -7135,8 +7217,8 @@ CVE-2022-29720 (74cmsSE v3.5.1 was discovered to contain an arbitrary file read NOT-FOR-US: 74cmsSE CVE-2022-29719 RESERVED -CVE-2022-29718 - RESERVED +CVE-2022-29718 (Caddy v2.4 was discovered to contain an open redirect vulnerability. A ...) + TODO: check CVE-2022-29717 RESERVED CVE-2022-29716 @@ -7429,8 +7511,8 @@ CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication bypa NOT-FOR-US: MicroStrategy Enterprise Manager CVE-2022-29595 RESERVED -CVE-2022-29594 - RESERVED +CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escalation o ...) + TODO: check CVE-2022-29593 RESERVED CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...) @@ -8862,10 +8944,10 @@ CVE-2022-29087 RESERVED CVE-2022-29086 RESERVED -CVE-2022-29085 - RESERVED -CVE-2022-29084 - RESERVED +CVE-2022-29085 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0 ...) + TODO: check +CVE-2022-29084 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5 ...) + TODO: check CVE-2022-29083 RESERVED CVE-2022-29082 (Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0 ...) @@ -15308,14 +15390,14 @@ CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Centr NOT-FOR-US: Trend Micro CVE-2022-26870 RESERVED -CVE-2022-26869 - RESERVED -CVE-2022-26868 - RESERVED -CVE-2022-26867 - RESERVED -CVE-2022-26866 - RESERVED +CVE-2022-26869 (Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open ...) + TODO: check +CVE-2022-26868 (Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnera ...) + TODO: check +CVE-2022-26867 (PowerStore SW v2.1.1.0 supports the option to export data to either a ...) + TODO: check +CVE-2022-26866 (Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site ...) + TODO: check CVE-2022-26865 (Dell Support Assist OS Recovery versions before 5.5.2 contain an Authe ...) NOT-FOR-US: Dell SupportAssist CVE-2022-26864 @@ -29332,10 +29414,10 @@ CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken NOT-FOR-US: Dell PowerScale OneFS CVE-2022-22558 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...) NOT-FOR-US: Dell -CVE-2022-22557 - RESERVED -CVE-2022-22556 - RESERVED +CVE-2022-22557 (PowerStore contains Plain-Text Password Storage Vulnerability in Power ...) + TODO: check +CVE-2022-22556 (Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerab ...) + TODO: check CVE-2022-22555 RESERVED CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...) @@ -42721,12 +42803,12 @@ CVE-2021-42879 RESERVED CVE-2021-42878 RESERVED -CVE-2021-42877 - RESERVED +CVE-2021-42877 (TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerabil ...) + TODO: check CVE-2021-42876 RESERVED -CVE-2021-42875 - RESERVED +CVE-2021-42875 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) + TODO: check CVE-2021-42874 RESERVED CVE-2021-42873 @@ -67305,8 +67387,8 @@ CVE-2021-33475 RESERVED CVE-2021-33474 RESERVED -CVE-2021-33473 - RESERVED +CVE-2021-33473 (An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allow ...) + TODO: check CVE-2021-33472 RESERVED CVE-2021-33471 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e931d30b22e430caad67e744cdca7fbc63788b2f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e931d30b22e430caad67e744cdca7fbc63788b2f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits