automatic update

1 files changed, 107 insertions, 79 deletions

diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 62801885b2..8c3a3ef778 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,78 +1,106 @@
-CVE-2022-25212
+CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...)
+	TODO: check
+CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...)
+	TODO: check
+CVE-2022-25169
+	RESERVED
+CVE-2022-25168
+	RESERVED
+CVE-2022-25167
+	RESERVED
+CVE-2022-24435
+	RESERVED
+CVE-2022-23986
+	RESERVED
+CVE-2022-21159
+	RESERVED
+CVE-2022-0618
+	RESERVED
+CVE-2022-0617
+	RESERVED
+CVE-2022-0616
+	RESERVED
+CVE-2022-0615
+	RESERVED
+CVE-2022-0614
+	RESERVED
+CVE-2022-0613
+	RESERVED
+CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25211
+CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25210
+CVE-2022-25210 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25208
+CVE-2022-25208 (A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and ear ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25207
+CVE-2022-25207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sina ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25206
+CVE-2022-25206 (A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows at ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25205
+CVE-2022-25205 (A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25204
+CVE-2022-25204 (Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25203
+CVE-2022-25203 (Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25202
+CVE-2022-25202 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25201
+CVE-2022-25201 (Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and ear ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25200
+CVE-2022-25200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25199
+CVE-2022-25199 (A missing permission check in Jenkins SCP publisher Plugin 1.8 and ear ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25198
+CVE-2022-25198 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publi ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25197
+CVE-2022-25197 (Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implement ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25196
+CVE-2022-25196 (Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25195
+CVE-2022-25195 (A missing permission check in Jenkins autonomiq Plugin 1.15 and earlie ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25194
+CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25193
+CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 2.0 and ear ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25192
+CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Comm ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25191
+CVE-2022-25191 (Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25190
+CVE-2022-25190 (A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25189
+CVE-2022-25189 (Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not esca ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25188
+CVE-2022-25188 (Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appNa ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25187
+CVE-2022-25187 (Jenkins Support Core Plugin 2.79 and earlier does not redact some sens ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25186
+CVE-2022-25186 (Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functional ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25185
+CVE-2022-25185 (Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escap ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25184
+CVE-2022-25184 (Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25183
+CVE-2022-25183 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25182
+CVE-2022-25182 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25181
+CVE-2022-25181 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25180
+CVE-2022-25180 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier include ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25179
+CVE-2022-25179 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier fol ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25178
+CVE-2022-25178 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25177
+CVE-2022-25177 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25176
+CVE-2022-25176 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25174
+CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25173
+CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-25166
 	RESERVED
@@ -176,10 +204,10 @@ CVE-2022-0599
 	RESERVED
 CVE-2022-0598
 	RESERVED
-CVE-2022-0597
-	RESERVED
-CVE-2022-0596
-	RESERVED
+CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
+	TODO: check
+CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
+	TODO: check
 CVE-2022-0595
 	RESERVED
 CVE-2022-0594
@@ -192,12 +220,12 @@ CVE-2022-0591
 	RESERVED
 CVE-2022-0590
 	RESERVED
-CVE-2022-0589
-	RESERVED
-CVE-2022-0588
-	RESERVED
-CVE-2022-0587
-	RESERVED
+CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...)
+	TODO: check
+CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+	TODO: check
+CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22.2.0. ...)
+	TODO: check
 CVE-2022-25146
 	RESERVED
 CVE-2022-25145
@@ -1243,8 +1271,8 @@ CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.1
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
 CVE-2022-24685
 	RESERVED
-CVE-2022-24684
-	RESERVED
+CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...)
+	TODO: check
 CVE-2022-24683
 	RESERVED
 CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
@@ -1532,18 +1560,18 @@ CVE-2022-24592
 	RESERVED
 CVE-2022-24591
 	RESERVED
-CVE-2022-24590
-	RESERVED
-CVE-2022-24589
-	RESERVED
-CVE-2022-24588
-	RESERVED
-CVE-2022-24587
-	RESERVED
-CVE-2022-24586
-	RESERVED
-CVE-2022-24585
-	RESERVED
+CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Link func ...)
+	TODO: check
+CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...)
+	TODO: check
+CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...)
+	TODO: check
+CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...)
+	TODO: check
+CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
+	TODO: check
+CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
+	TODO: check
 CVE-2022-24584
 	RESERVED
 CVE-2022-24583
@@ -2571,10 +2599,10 @@ CVE-2022-24229
 	RESERVED
 CVE-2022-24228
 	RESERVED
-CVE-2022-24227
-	RESERVED
-CVE-2022-24226
-	RESERVED
+CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows at ...)
+	TODO: check
+CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a blind SQL  ...)
+	TODO: check
 CVE-2022-24225
 	RESERVED
 CVE-2022-24224
@@ -4175,8 +4203,8 @@ CVE-2022-23641
 	RESERVED
 CVE-2022-23640
 	RESERVED
-CVE-2022-23639
-	RESERVED
+CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...)
+	TODO: check
 CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...)
 	TODO: check
 CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...)
@@ -4268,8 +4296,8 @@ CVE-2022-23606
 	RESERVED
 CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...)
 	NOT-FOR-US: Wire webapp
-CVE-2022-23604
-	RESERVED
+CVE-2022-23604 (x26-Cogs is a repository of cogs made by Twentysix for the Red Discord ...)
+	TODO: check
 CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...)
 	NOT-FOR-US: iTunesRPC-Remastered
 CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In  ...)
@@ -4874,8 +4902,8 @@ CVE-2022-23386
 	RESERVED
 CVE-2022-23385
 	RESERVED
-CVE-2022-23384
-	RESERVED
+CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin ...)
+	TODO: check
 CVE-2022-23383
 	RESERVED
 CVE-2022-23382
@@ -5008,8 +5036,8 @@ CVE-2022-23319
 	RESERVED
 CVE-2022-23318
 	RESERVED
-CVE-2022-23317
-	RESERVED
+CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the  ...)
+	TODO: check
 CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
 	NOT-FOR-US: taocms
 CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...)
@@ -5318,7 +5346,7 @@ CVE-2022-23224
 CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
 	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
-	{DLA-2923-1}
+	{DSA-5076-1 DLA-2923-1}
 	- h2database 2.1.210-1
 	NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210
 	NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8
@@ -6599,8 +6627,8 @@ CVE-2022-22772
 	RESERVED
 CVE-2022-22771
 	RESERVED
-CVE-2022-22770
-	RESERVED
+CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...)
+	TODO: check
 CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...)
 	NOT-FOR-US: TIBCO
 CVE-2022-22768
@@ -9369,8 +9397,8 @@ CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive
 	NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9
 	NOTE: Testcase: https://github.com/ipython/ipython/commit/56665dfcf7df8690da46aab1278df8e47b14fe3b
 	NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
-CVE-2022-21698
-	RESERVED
+CVE-2022-21698 (client_golang is the instrumentation library for Go applications in Pr ...)
+	TODO: check
 CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...)
 	TODO: check
 CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...)