automatic update

1 files changed, 88 insertions, 47 deletions

diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index bdd407bef7..1f02e3760e 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,7 +1,49 @@
-CVE-2022-25323
+CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
+	TODO: check
+CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
+	TODO: check
+CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...)
+	TODO: check
+CVE-2022-25334
+	RESERVED
+CVE-2022-25333
+	RESERVED
+CVE-2022-25332
+	RESERVED
+CVE-2022-25331
+	RESERVED
+CVE-2022-25330
+	RESERVED
+CVE-2022-25329
+	RESERVED
+CVE-2022-25328
+	RESERVED
+CVE-2022-25327
+	RESERVED
+CVE-2022-25326
+	RESERVED
+CVE-2022-23183
+	RESERVED
+CVE-2022-21179
+	RESERVED
+CVE-2022-0683
+	RESERVED
+CVE-2022-0682
+	RESERVED
+CVE-2022-0681
+	RESERVED
+CVE-2022-0680
 	RESERVED
-CVE-2022-25322
+CVE-2022-0679
 	RESERVED
+CVE-2022-0678
+	RESERVED
+CVE-2022-0677
+	RESERVED
+CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...)
+	TODO: check
+CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ...)
+	TODO: check
 CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...)
 	NOT-FOR-US: Cerebrate
 CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...)
@@ -52,12 +94,12 @@ CVE-2022-21158
 	RESERVED
 CVE-2022-0674
 	RESERVED
-CVE-2022-0673
-	RESERVED
-CVE-2022-0672
-	RESERVED
-CVE-2022-0671
-	RESERVED
+CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...)
+	TODO: check
+CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...)
+	TODO: check
+CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...)
+	TODO: check
 CVE-2022-0670
 	RESERVED
 CVE-2022-0669
@@ -66,20 +108,20 @@ CVE-2022-0668
 	RESERVED
 CVE-2022-0667
 	RESERVED
-CVE-2022-0666
-	RESERVED
+CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering  ...)
+	TODO: check
 CVE-2022-0665
 	RESERVED
-CVE-2022-0664
-	RESERVED
+CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker  ...)
+	TODO: check
 CVE-2022-0663
 	RESERVED
 CVE-2022-0662
 	RESERVED
 CVE-2022-0661
 	RESERVED
-CVE-2022-0660
-	RESERVED
+CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
+	TODO: check
 CVE-2022-0659
 	RESERVED
 CVE-2022-0658
@@ -92,10 +134,10 @@ CVE-2022-XXXX [Arbitrary File Write Vulnerability ]
 	- libpgjava 42.3.3-1
 	NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
 	NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1)
-CVE-2022-25299
-	RESERVED
-CVE-2022-25298
-	RESERVED
+CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe handl ...)
+	TODO: check
+CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible  ...)
+	TODO: check
 CVE-2022-25297
 	RESERVED
 CVE-2022-25296
@@ -234,8 +276,7 @@ CVE-2022-0648
 	RESERVED
 CVE-2022-0647
 	RESERVED
-CVE-2022-0646 [mctp: serial: Cancel pending work from ndo_uninit handler]
-	RESERVED
+CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
 CVE-2022-0645
@@ -272,8 +313,8 @@ CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium b
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0632
 	RESERVED
-CVE-2022-0631
-	RESERVED
+CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
+	TODO: check
 CVE-2022-0630
 	RESERVED
 CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
@@ -956,8 +997,7 @@ CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html
-CVE-2022-0585
-	RESERVED
+CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...)
 	- wireshark <unfixed>
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <no-dsa> (Minor issue)
@@ -1738,6 +1778,7 @@ CVE-2022-0544
 	RESERVED
 CVE-2022-0543 [sandbox escape]
 	RESERVED
+	{DSA-5081-1}
 	- redis <unfixed> (bug #1005787)
 	NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
 CVE-2022-0542
@@ -2273,7 +2314,7 @@ CVE-2022-24447
 CVE-2022-24446
 	RESERVED
 CVE-2022-24445
-	RESERVED
+	REJECTED
 CVE-2022-24444
 	RESERVED
 CVE-2022-24443
@@ -2831,8 +2872,8 @@ CVE-2022-0452
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0451
-	RESERVED
+CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...)
+	TODO: check
 CVE-2022-0450
 	RESERVED
 CVE-2022-0449
@@ -3665,10 +3706,10 @@ CVE-2022-23984
 	RESERVED
 CVE-2022-23983
 	RESERVED
-CVE-2022-23982
-	RESERVED
-CVE-2022-23981
-	RESERVED
+CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...)
+	TODO: check
+CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...)
+	TODO: check
 CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr &#8211; Ye ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
@@ -4188,12 +4229,12 @@ CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.
 	NOT-FOR-US: TransmitMail
 CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
 	NOT-FOR-US: TransmitMail
-CVE-2022-21176
-	RESERVED
-CVE-2022-21143
-	RESERVED
-CVE-2022-21141
-	RESERVED
+CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
+CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
+CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
 CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
 	- moodle <removed>
 CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
@@ -4617,8 +4658,8 @@ CVE-2022-23649
 	RESERVED
 CVE-2022-23648
 	RESERVED
-CVE-2022-23647
-	RESERVED
+CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...)
+	TODO: check
 CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
 	TODO: check
 CVE-2022-23645
@@ -7383,8 +7424,8 @@ CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.
 	- radare2 <unfixed>
 	NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/
 	NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0)
-CVE-2022-0138
-	RESERVED
+CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
 CVE-2022-0137
 	RESERVED
 CVE-2022-0136
@@ -8856,12 +8897,12 @@ CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocati
 	NOT-FOR-US: Juniper
 CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...)
 	NOT-FOR-US: Juniper
-CVE-2022-21800
-	RESERVED
-CVE-2022-21215
-	RESERVED
-CVE-2022-21196
-	RESERVED
+CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
+CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...)
+	TODO: check
+CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
 CVE-2022-21155
 	RESERVED
 CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...)