automatic update

1 files changed, 111 insertions, 55 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 92bd2ee4cd..4fa832da5e 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,59 @@
+CVE-2022-31239
+	RESERVED
+CVE-2022-31238
+	RESERVED
+CVE-2022-31237
+	RESERVED
+CVE-2022-31236
+	RESERVED
+CVE-2022-31235
+	RESERVED
+CVE-2022-31234
+	RESERVED
+CVE-2022-31233
+	RESERVED
+CVE-2022-31232
+	RESERVED
+CVE-2022-31231
+	RESERVED
+CVE-2022-31230
+	RESERVED
+CVE-2022-31229
+	RESERVED
+CVE-2022-31228
+	RESERVED
+CVE-2022-31227
+	RESERVED
+CVE-2022-31226
+	RESERVED
+CVE-2022-31225
+	RESERVED
+CVE-2022-31224
+	RESERVED
+CVE-2022-31223
+	RESERVED
+CVE-2022-31222
+	RESERVED
+CVE-2022-31221
+	RESERVED
+CVE-2022-31220
+	RESERVED
+CVE-2022-31219
+	RESERVED
+CVE-2022-31218
+	RESERVED
+CVE-2022-31217
+	RESERVED
+CVE-2022-31216
+	RESERVED
+CVE-2022-1801
+	RESERVED
+CVE-2022-1800
+	RESERVED
+CVE-2022-1799
+	RESERVED
+CVE-2022-1798
+	RESERVED
 CVE-2022-31215
 	RESERVED
 CVE-2022-31214
@@ -476,8 +532,8 @@ CVE-2022-30977
 	RESERVED
 CVE-2022-29496
 	RESERVED
-CVE-2022-1796
-	RESERVED
+CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...)
 	- gpac <unfixed>
 	NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc
@@ -500,8 +556,8 @@ CVE-2022-1787
 	RESERVED
 CVE-2022-1786
 	RESERVED
-CVE-2022-1785
-	RESERVED
+CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-1784
 	RESERVED
 CVE-2022-1783
@@ -822,8 +878,8 @@ CVE-2022-1732
 	RESERVED
 CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to ...)
 	NOT-FOR-US: Metasonic Doc WebClient
-CVE-2022-1730
-	RESERVED
+CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
+	TODO: check
 CVE-2022-1729
 	RESERVED
 CVE-2022-1728 (Allowing long password leads to denial of service in polonel/trudesk i ...)
@@ -1432,10 +1488,10 @@ CVE-2022-30620
 	RESERVED
 CVE-2022-30619
 	RESERVED
-CVE-2022-30618
-	RESERVED
-CVE-2022-30617
-	RESERVED
+CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can view p ...)
+	TODO: check
+CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...)
+	TODO: check
 CVE-2022-29525
 	RESERVED
 CVE-2022-28704
@@ -3163,8 +3219,8 @@ CVE-2022-30020
 	RESERVED
 CVE-2022-30019
 	RESERVED
-CVE-2022-30018
-	RESERVED
+CVE-2022-30018 (Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Prote ...)
+	TODO: check
 CVE-2022-30017
 	RESERVED
 CVE-2022-30016
@@ -4594,8 +4650,8 @@ CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a co
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1424
 	RESERVED
-CVE-2022-1423
-	RESERVED
+CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab CE/EE a ...)
+	TODO: check
 CVE-2022-1422
 	RESERVED
 CVE-2022-1421
@@ -4706,14 +4762,14 @@ CVE-2022-29526
 	NOTE: Introduced by: https://github.com/golang/go/commit/60f78765022a59725121d3b800268adffe78bde3 (go1.15rc1)
 CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions startin ...)
 	TODO: check
-CVE-2022-1416
-	RESERVED
+CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab CE/E ...)
+	TODO: check
 CVE-2022-1415
 	RESERVED
 CVE-2022-1414
 	RESERVED
-CVE-2022-1413
-	RESERVED
+CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting  ...)
+	TODO: check
 CVE-2022-1412
 	RESERVED
 CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...)
@@ -4935,14 +4991,14 @@ CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Uplo
 	NOT-FOR-US: WordPress plugin
 CVE-2022-29450
 	RESERVED
-CVE-2022-29449
-	RESERVED
+CVE-2022-29449 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
+	TODO: check
 CVE-2022-29448
 	RESERVED
 CVE-2022-29447
 	RESERVED
-CVE-2022-29446
-	RESERVED
+CVE-2022-29446 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
+	TODO: check
 CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...)
@@ -5712,6 +5768,7 @@ CVE-2022-29156 (drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel befor
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixedy by: https://git.kernel.org/linus/8700af2cc18c919b2a83e74e0479038fd113c15d (5.17-rc6)
 CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection  ...)
+	{DSA-5140-1}
 	- openldap 2.5.12+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9815
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134 (master)
@@ -6287,8 +6344,8 @@ CVE-2022-28948
 	RESERVED
 CVE-2022-28947
 	RESERVED
-CVE-2022-28946
-	RESERVED
+CVE-2022-28946 (An issue in the component ast/parser.go of Open Policy Agent v0.39.0 c ...)
+	TODO: check
 CVE-2022-28945
 	RESERVED
 CVE-2022-28944
@@ -6325,8 +6382,8 @@ CVE-2022-28929 (Hospital Management System v1.0 was discovered to contain a SQL
 	NOT-FOR-US: kabirkhyrul/HMS
 CVE-2022-28928
 	RESERVED
-CVE-2022-28927
-	RESERVED
+CVE-2022-28927 (A remote code execution (RCE) vulnerability in Subconverter v0.7.2 all ...)
+	TODO: check
 CVE-2022-28926
 	RESERVED
 CVE-2022-28925
@@ -8281,8 +8338,7 @@ CVE-2022-1184
 	RESERVED
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205
-CVE-2022-1183
-	RESERVED
+CVE-2022-1183 (On vulnerable configurations, the named daemon may, in some circumstan ...)
 	- bind9 1:9.18.3-1
 	[bullseye] - bind9 <not-affected> (Vulnerable code not present)
 	[buster] - bind9 <not-affected> (Vulnerable code not present)
@@ -17088,8 +17144,8 @@ CVE-2021-46687
 	RESERVED
 CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Contr ...)
 	NOT-FOR-US: JFrog Artifactory
-CVE-2021-45730
-	RESERVED
+CVE-2021-45730 (JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Con ...)
+	TODO: check
 CVE-2021-45721
 	RESERVED
 CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken A ...)
@@ -24541,12 +24597,12 @@ CVE-2022-22980
 	RESERVED
 CVE-2022-22979
 	RESERVED
-CVE-2022-22978
-	RESERVED
+CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.5.7 and older unsupported vers ...)
+	TODO: check
 CVE-2022-22977
 	RESERVED
-CVE-2022-22976
-	RESERVED
+CVE-2022-22976 (Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, a ...)
+	TODO: check
 CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either LADPIde ...)
 	NOT-FOR-US: vmware-tanzu/pinniped
 CVE-2022-22974
@@ -43100,8 +43156,8 @@ CVE-2021-41940
 	RESERVED
 CVE-2021-41939
 	RESERVED
-CVE-2021-41938
-	RESERVED
+CVE-2021-41938 (An issue was discovered in ShopXO CMS 2.2.0. After entering the manage ...)
+	TODO: check
 CVE-2021-41937
 	RESERVED
 CVE-2021-41936
@@ -54576,8 +54632,8 @@ CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get  ...)
 	NOT-FOR-US: Zoho ManageEngine
-CVE-2021-37413
-	RESERVED
+CVE-2021-37413 (GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in t ...)
+	TODO: check
 CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...)
 	NOT-FOR-US: TechRadar app for Confluence Server
 CVE-2021-37411
@@ -65322,8 +65378,8 @@ CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering p
 	NOT-FOR-US: Open Design Alliance
 CVE-2021-32935
 	RESERVED
-CVE-2021-32934
-	RESERVED
+CVE-2021-32934 (The affected ThroughTek P2P products (SDKs using versions before 3.1.5 ...)
+	TODO: check
 CVE-2021-32933 (An attacker could leverage an API to pass along a malicious file that  ...)
 	NOT-FOR-US: Auvesy-MDT
 CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
@@ -81692,10 +81748,10 @@ CVE-2021-26633
 	RESERVED
 CVE-2021-26632
 	RESERVED
-CVE-2021-26631
-	RESERVED
-CVE-2021-26630
-	RESERVED
+CVE-2021-26631 (Improper input validation vulnerability in Mangboard commerce package  ...)
+	TODO: check
+CVE-2021-26630 (Improper input validation vulnerability in HANDY Groupware&#8217;s Act ...)
+	TODO: check
 CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive function ...)
 	NOT-FOR-US: Tobesoft Xplatform
 CVE-2021-26628 (Insufficient script validation of the admin page enables XSS, which ca ...)
@@ -97575,7 +97631,7 @@ CVE-2021-20773 (There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5
 	NOT-FOR-US: Cybozu
 CVE-2021-20772 (Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10 ...)
 	NOT-FOR-US: Cybozu
-CVE-2021-20771 (Cross-site scripting vulnerability in some functions of Group Mail of  ...)
+CVE-2021-20771 (Cross-site scripting vulnerability in some functions of E-Mail of Cybo ...)
 	NOT-FOR-US: Cybozu
 CVE-2021-20770 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 t ...)
 	NOT-FOR-US: Cybozu
@@ -136428,16 +136484,16 @@ CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives
 	NOT-FOR-US: Philips SureSigns
 CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a  ...)
 	NOT-FOR-US: FPWIN Pro
-CVE-2020-16235
-	RESERVED
+CVE-2020-16235 (Inadequate encryption may allow the credentials used by Emerson OpenEn ...)
+	TODO: check
 CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...)
 	NOT-FOR-US: PLC WinProladder
 CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...)
 	NOT-FOR-US: CodeMeter
 CVE-2020-16232 (In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be cause ...)
 	NOT-FOR-US: Yokogawa WideField3
-CVE-2020-16231
-	RESERVED
+CVE-2020-16231 (The affected Bachmann Electronic M-Base Controllers of version MSYS v1 ...)
+	TODO: check
 CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...)
 	NOT-FOR-US: HMS Networks
 CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
@@ -136480,8 +136536,8 @@ CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A
 	NOT-FOR-US: Advantech WebAccess
 CVE-2020-16210 (The affected product is vulnerable to reflected cross-site scripting,  ...)
 	NOT-FOR-US: N-Tron
-CVE-2020-16209
-	RESERVED
+CVE-2020-16209 (A malicious attacker could exploit the interface of the Fieldcomm Grou ...)
+	TODO: check
 CVE-2020-16208 (The affected product is vulnerable to cross-site request forgery, whic ...)
 	NOT-FOR-US: N-Tron
 CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...)
@@ -140964,8 +141020,8 @@ CVE-2020-14498 (HMS Industrial Networks AB eCatcher all versions prior to 6.5.5.
 	NOT-FOR-US: HMS Industrial Networks AB eCatche
 CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...)
 	NOT-FOR-US: Advantech
-CVE-2020-14496
-	RESERVED
+CVE-2020-14496 (Successful exploitation of this vulnerability for multiple Mitsubishi  ...)
+	TODO: check
 CVE-2020-14495
 	REJECTED
 CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication  ...)
@@ -167940,8 +167996,8 @@ CVE-2020-4972
 	RESERVED
 CVE-2020-4971
 	RESERVED
-CVE-2020-4970
-	RESERVED
+CVE-2020-4970 (IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5. ...)
+	TODO: check
 CVE-2020-4969 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4968 (IBM Security Identity Governance and Intelligence 5.2.6 uses weaker th ...)