automatic update

1 files changed, 118 insertions, 40 deletions

diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 41d446fa17..a366a8287b 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,81 @@
+CVE-2022-25622
+	RESERVED
+CVE-2022-25621
+	RESERVED
+CVE-2022-25620
+	RESERVED
+CVE-2022-25619
+	RESERVED
+CVE-2022-25618
+	RESERVED
+CVE-2022-25617
+	RESERVED
+CVE-2022-25616
+	RESERVED
+CVE-2022-25615
+	RESERVED
+CVE-2022-25614
+	RESERVED
+CVE-2022-25613
+	RESERVED
+CVE-2022-25612
+	RESERVED
+CVE-2022-25611
+	RESERVED
+CVE-2022-25610
+	RESERVED
+CVE-2022-25609
+	RESERVED
+CVE-2022-25608
+	RESERVED
+CVE-2022-25607
+	RESERVED
+CVE-2022-25606
+	RESERVED
+CVE-2022-25605
+	RESERVED
+CVE-2022-25604
+	RESERVED
+CVE-2022-25603
+	RESERVED
+CVE-2022-25602
+	RESERVED
+CVE-2022-25601
+	RESERVED
+CVE-2022-25600
+	RESERVED
+CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...)
+	TODO: check
+CVE-2022-25598
+	RESERVED
+CVE-2022-0712
+	RESERVED
+CVE-2022-0711
+	RESERVED
+CVE-2022-0710
+	RESERVED
+CVE-2022-0709
+	RESERVED
+CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...)
+	TODO: check
+CVE-2022-0707
+	RESERVED
+CVE-2022-0706
+	RESERVED
+CVE-2022-0705
+	RESERVED
+CVE-2022-0704
+	RESERVED
+CVE-2022-0703
+	RESERVED
+CVE-2022-0702
+	RESERVED
+CVE-2022-0701
+	RESERVED
+CVE-2022-0700
+	RESERVED
+CVE-2022-0699
+	RESERVED
 CVE-2022-25597
 	RESERVED
 CVE-2022-25596
@@ -470,10 +548,10 @@ CVE-2022-0694
 	RESERVED
 CVE-2022-0693
 	RESERVED
-CVE-2022-0692
-	RESERVED
-CVE-2022-0691
-	RESERVED
+CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...)
+	TODO: check
+CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+	TODO: check
 CVE-2022-25369
 	RESERVED
 CVE-2022-25368
@@ -696,8 +774,8 @@ CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe
 	TODO: check
 CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible  ...)
 	NOT-FOR-US: webcc
-CVE-2022-25297
-	RESERVED
+CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. The unsa ...)
+	TODO: check
 CVE-2022-25296
 	RESERVED
 CVE-2022-25295
@@ -1780,8 +1858,8 @@ CVE-2022-24917
 	RESERVED
 CVE-2022-24911
 	RESERVED
-CVE-2022-0564
-	RESERVED
+CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow an rem ...)
+	TODO: check
 CVE-2022-24916 (Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing b ...)
 	NOT-FOR-US: Optimism
 CVE-2022-24908
@@ -2661,8 +2739,8 @@ CVE-2022-24555
 	RESERVED
 CVE-2022-24554
 	RESERVED
-CVE-2022-24553
-	RESERVED
+CVE-2022-24553 (An issue was found in Zfaka <= 1.4.5. The verification of the backg ...)
+	TODO: check
 CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code executio ...)
 	NOT-FOR-US: StarWind
 CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to reset other ...)
@@ -3299,8 +3377,8 @@ CVE-2022-24302
 	RESERVED
 CVE-2022-24296
 	RESERVED
-CVE-2022-24295
-	RESERVED
+CVE-2022-24295 (Okta Advanced Server Access Client for Windows prior to version 1.57.0 ...)
+	TODO: check
 CVE-2022-22986
 	RESERVED
 CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...)
@@ -4267,10 +4345,10 @@ CVE-2022-23988
 	RESERVED
 CVE-2022-23987
 	RESERVED
-CVE-2022-23984
-	RESERVED
-CVE-2022-23983
-	RESERVED
+CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz WordPress plug ...)
+	TODO: check
+CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Sett ...)
+	TODO: check
 CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...)
@@ -5638,8 +5716,8 @@ CVE-2022-23457
 	RESERVED
 CVE-2022-0314
 	RESERVED
-CVE-2022-0313
-	RESERVED
+CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check  ...)
+	TODO: check
 CVE-2022-0312
 	RESERVED
 CVE-2022-0299
@@ -5809,8 +5887,8 @@ CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.46
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0288
-	RESERVED
+CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPr ...)
+	TODO: check
 CVE-2022-0287
 	RESERVED
 CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...)
@@ -5834,8 +5912,8 @@ CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Pac
 	NOT-FOR-US: microweber
 CVE-2022-0280
 	RESERVED
-CVE-2022-0279
-	RESERVED
+CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a race co ...)
+	TODO: check
 CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
 	NOT-FOR-US: microweber
 CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...)
@@ -6164,14 +6242,14 @@ CVE-2022-0257 (pimcore is vulnerable to Improper Neutralization of Input During
 	NOT-FOR-US: pimcore
 CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
 	NOT-FOR-US: pimcore
-CVE-2022-0255
-	RESERVED
+CVE-2022-0255 (The Database Backup for WordPress plugin before 2.5.1 does not properl ...)
+	TODO: check
 CVE-2022-0254
 	RESERVED
 CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
 	NOT-FOR-US: livehelperchat
-CVE-2022-0252
-	RESERVED
+CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the json par ...)
+	TODO: check
 CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
 	NOT-FOR-US: pimcore
 CVE-2022-0250
@@ -6416,8 +6494,8 @@ CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to
 	[bullseye] - node-fetch <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
 	NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1)
-CVE-2022-0234
-	RESERVED
+CVE-2022-0234 (The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape ...)
+	TODO: check
 CVE-2022-0233 (The ProfileGrid &#8211; User Profiles, Memberships, Groups and Communi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0232 (The User Registration, Login &amp; Landing Pages WordPress plugin is v ...)
@@ -6428,8 +6506,8 @@ CVE-2022-0230
 	RESERVED
 CVE-2022-0229
 	RESERVED
-CVE-2022-0228
-	RESERVED
+CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and  ...)
+	TODO: check
 CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...)
 	{DSA-5050-1}
 	- linux 5.15.15-1
@@ -6505,8 +6583,8 @@ CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074)
 CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-0211
-	RESERVED
+CVE-2022-0211 (The Shield Security WordPress plugin before 13.0.6 does not sanitise a ...)
+	TODO: check
 CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...)
 	NOT-FOR-US: Apache Traffic Control
 CVE-2022-23205
@@ -6610,8 +6688,8 @@ CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Per
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-0199
-	RESERVED
+CVE-2022-0199 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
+	TODO: check
 CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices.  ...)
 	NOT-FOR-US: Crestron devices
 CVE-2022-23177
@@ -6805,8 +6883,8 @@ CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0187
 	RESERVED
-CVE-2022-0186
-	RESERVED
+CVE-2022-0186 (The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 ...)
+	TODO: check
 CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the legacy_pars ...)
 	{DSA-5050-1}
 	- linux 5.15.15-1
@@ -7440,8 +7518,8 @@ CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to
 	NOT-FOR-US: McAfee
 CVE-2022-0165
 	RESERVED
-CVE-2022-0164
-	RESERVED
+CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
+	TODO: check
 CVE-2022-0163
 	RESERVED
 CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325  ...)
@@ -8012,8 +8090,8 @@ CVE-2022-0135 [out-of-bounds write in read_transfer_data()]
 	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
 	NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec
 	TODO: Check introducing information for issue
-CVE-2022-0134
-	RESERVED
+CVE-2022-0134 (The AnyComment WordPress plugin before 0.2.18 does not have CSRF check ...)
+	TODO: check
 CVE-2022-0133 (peertube is vulnerable to Improper Access Control ...)
 	- peertube <itp> (bug #950821)
 CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF) ...)