automatic update

1 files changed, 159 insertions, 106 deletions

diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 4f2926b45c..091e69ca33 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,61 @@
+CVE-2022-25367
+	RESERVED
+CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it  ...)
+	TODO: check
+CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...)
+	TODO: check
+CVE-2022-25364
+	RESERVED
+CVE-2022-25363
+	RESERVED
+CVE-2022-25362
+	RESERVED
+CVE-2022-25361
+	RESERVED
+CVE-2022-25360
+	RESERVED
+CVE-2022-25359
+	RESERVED
+CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...)
+	TODO: check
+CVE-2022-25357
+	RESERVED
+CVE-2022-25356
+	RESERVED
+CVE-2022-25344
+	RESERVED
+CVE-2022-25343
+	RESERVED
+CVE-2022-25342
+	RESERVED
+CVE-2022-25341
+	RESERVED
+CVE-2022-25340
+	RESERVED
+CVE-2022-25339
+	RESERVED
+CVE-2022-25338
+	RESERVED
+CVE-2022-24914
+	RESERVED
+CVE-2022-24436
+	RESERVED
+CVE-2022-24378
+	RESERVED
+CVE-2022-24067
+	RESERVED
+CVE-2022-23403
+	RESERVED
+CVE-2022-23182
+	RESERVED
+CVE-2022-22139
+	RESERVED
+CVE-2022-21225
+	RESERVED
+CVE-2022-21198
+	RESERVED
+CVE-2022-21183
+	RESERVED
 CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
 	NOT-FOR-US: Ibexa
 CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
@@ -235,8 +293,8 @@ CVE-2022-0649
 	RESERVED
 CVE-2022-25257
 	RESERVED
-CVE-2022-25256
-	RESERVED
+CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRend ...)
+	TODO: check
 CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...)
 	- qt6-base <unfixed>
 	- qtbase-opensource-src <unfixed>
@@ -677,22 +735,22 @@ CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a he
 	NOT-FOR-US: njs
 CVE-2022-25138
 	RESERVED
-CVE-2022-25137
-	RESERVED
-CVE-2022-25136
-	RESERVED
-CVE-2022-25135
-	RESERVED
-CVE-2022-25134
-	RESERVED
-CVE-2022-25133
-	RESERVED
-CVE-2022-25132
-	RESERVED
-CVE-2022-25131
-	RESERVED
-CVE-2022-25130
-	RESERVED
+CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...)
+	TODO: check
+CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...)
+	TODO: check
+CVE-2022-25135 (A command injection vulnerability in the function recv_mesh_info_sync  ...)
+	TODO: check
+CVE-2022-25134 (A command injection vulnerability in the function setUpgradeFW of TOTO ...)
+	TODO: check
+CVE-2022-25133 (A command injection vulnerability in the function isAssocPriDevice of  ...)
+	TODO: check
+CVE-2022-25132 (A command injection vulnerability in the function meshSlaveDlfw of TOT ...)
+	TODO: check
+CVE-2022-25131 (A command injection vulnerability in the function recvSlaveCloudCheckS ...)
+	TODO: check
+CVE-2022-25130 (A command injection vulnerability in the function updateWifiInfo of TO ...)
+	TODO: check
 CVE-2022-25129
 	RESERVED
 CVE-2022-25128
@@ -1035,10 +1093,10 @@ CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 a
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html
 CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...)
 	NOT-FOR-US: LibreNMS
-CVE-2022-24980
-	RESERVED
-CVE-2022-24979
-	RESERVED
+CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif) extension ...)
+	TODO: check
+CVE-2022-24979 (An issue was discovered in the Varnishcache extension before 2.0.1 for ...)
+	TODO: check
 CVE-2022-24978
 	RESERVED
 CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...)
@@ -1089,8 +1147,8 @@ CVE-2022-24973
 	RESERVED
 CVE-2022-24972
 	RESERVED
-CVE-2022-24971
-	RESERVED
+CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2022-24970
 	RESERVED
 CVE-2022-24969
@@ -1777,8 +1835,7 @@ CVE-2022-0545
 	RESERVED
 CVE-2022-0544
 	RESERVED
-CVE-2022-0543 [sandbox escape]
-	RESERVED
+CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, due to ...)
 	{DSA-5081-1}
 	- redis <unfixed> (bug #1005787)
 	NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
@@ -2536,40 +2593,40 @@ CVE-2022-24372
 	RESERVED
 CVE-2022-24371
 	RESERVED
-CVE-2022-24370
-	RESERVED
-CVE-2022-24369
-	RESERVED
-CVE-2022-24368
-	RESERVED
-CVE-2022-24367
-	RESERVED
-CVE-2022-24366
-	RESERVED
-CVE-2022-24365
-	RESERVED
-CVE-2022-24364
-	RESERVED
-CVE-2022-24363
-	RESERVED
-CVE-2022-24362
-	RESERVED
-CVE-2022-24361
-	RESERVED
-CVE-2022-24360
-	RESERVED
-CVE-2022-24359
-	RESERVED
-CVE-2022-24358
-	RESERVED
-CVE-2022-24357
-	RESERVED
-CVE-2022-24356
-	RESERVED
-CVE-2022-24355
-	RESERVED
-CVE-2022-24354
-	RESERVED
+CVE-2022-24370 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-24369 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24368 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-24367 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24366 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24365 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24364 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24363 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24362 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24361 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24360 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24359 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24358 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24357 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24356 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2022-24353
 	RESERVED
 CVE-2022-24352
@@ -3341,8 +3398,8 @@ CVE-2022-24114 (Local privilege escalation due to race condition on application
 	NOT-FOR-US: Acronis
 CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...)
 	NOT-FOR-US: Acronis
-CVE-2022-0409
-	RESERVED
+CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...)
+	TODO: check
 CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -3478,65 +3535,61 @@ CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
 	NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233)
 CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel  ...)
 	NOT-FOR-US: Insyde
-CVE-2022-24064
-	RESERVED
-CVE-2022-24063
-	RESERVED
-CVE-2022-24062
-	RESERVED
-CVE-2022-24061
-	RESERVED
-CVE-2022-24060
-	RESERVED
-CVE-2022-24059
-	RESERVED
-CVE-2022-24058
-	RESERVED
-CVE-2022-24057
-	RESERVED
-CVE-2022-24056
-	RESERVED
-CVE-2022-24055
-	RESERVED
+CVE-2022-24064 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24063 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24062 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24061 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-24060 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-24059 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24058 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24057 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24056 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24055 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
 CVE-2022-24054
 	RESERVED
 CVE-2022-24053
 	RESERVED
-CVE-2022-24052
-	RESERVED
+CVE-2022-24052 (This vulnerability allows local attackers to escalate privileges on af ...)
 	- mariadb-10.6 <unfixed>
 	- mariadb-10.5 <removed>
 	- mariadb-10.3 <removed>
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
-CVE-2022-24051
-	RESERVED
+CVE-2022-24051 (This vulnerability allows local attackers to escalate privileges on af ...)
 	- mariadb-10.6 <unfixed>
 	- mariadb-10.5 <removed>
 	- mariadb-10.3 <removed>
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
-CVE-2022-24050
-	RESERVED
+CVE-2022-24050 (This vulnerability allows local attackers to escalate privileges on af ...)
 	- mariadb-10.6 <unfixed>
 	- mariadb-10.5 <removed>
 	- mariadb-10.3 <removed>
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/
-CVE-2022-24049
-	RESERVED
-CVE-2022-24048
-	RESERVED
+CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24048 (This vulnerability allows local attackers to escalate privileges on af ...)
 	- mariadb-10.6 <unfixed>
 	- mariadb-10.5 <removed>
 	- mariadb-10.3 <removed>
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/
-CVE-2022-24047
-	RESERVED
-CVE-2022-24046
-	RESERVED
+CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...)
+	TODO: check
+CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2022-24045
 	RESERVED
 CVE-2022-24044
@@ -4653,24 +4706,24 @@ CVE-2022-23652
 	RESERVED
 CVE-2022-23651
 	RESERVED
-CVE-2022-23650
-	RESERVED
-CVE-2022-23649
-	RESERVED
+CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...)
+	TODO: check
+CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...)
+	TODO: check
 CVE-2022-23648
 	RESERVED
 CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...)
 	TODO: check
 CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
 	TODO: check
-CVE-2022-23645
-	RESERVED
+CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...)
+	TODO: check
 CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...)
 	NOT-FOR-US: BookWyrm
 CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...)
 	TODO: check
-CVE-2022-23642
-	RESERVED
+CVE-2022-23642 (Sourcegraph is a code search and navigation engine. Sourcegraph prior  ...)
+	TODO: check
 CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to  ...)
 	NOT-FOR-US: Discourse
 CVE-2022-23640
@@ -5807,8 +5860,8 @@ CVE-2022-23230
 	RESERVED
 CVE-2022-23229
 	RESERVED
-CVE-2022-23228
-	RESERVED
+CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input validation. An un ...)
+	TODO: check
 CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...)
 	NOT-FOR-US: NUUO NVRmini2
 CVE-2022-23226