chore: generate CVEs metadata 🤖

cves.json

@@ -2169,6 +2169,7 @@
 {"ID":"CVE-2022-37299","Info":{"Name":"Shirne CMS 1.2.0 - Local File Inclusion","Severity":"medium","Description":"Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-37299.yaml"}
 {"ID":"CVE-2022-3766","Info":{"Name":"phpMyFAQ \u003c 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"phpMyFAQ versions prior to 3.1.8 contain a reflected cross-site scripting vulnerability in the search functionality. The application fails to properly sanitize user input in the search parameter, allowing attackers to inject and execute malicious JavaScript code in the context of other users' browsers.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3766.yaml"}
 {"ID":"CVE-2022-3768","Info":{"Name":"WordPress WPSmartContracts \u003c1.3.12 - SQL Injection","Severity":"high","Description":"WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-3768.yaml"}
+{"ID":"CVE-2022-37932","Info":{"Name":"HP Switch - Authentication Bypass","Severity":"high","Description":"A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions- Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-37932.yaml"}
 {"ID":"CVE-2022-3800","Info":{"Name":"IBAX - SQL Injection","Severity":"high","Description":"IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-3800.yaml"}
 {"ID":"CVE-2022-3805","Info":{"Name":"Jeg Elementor Kit \u003c 2.5.7 - Unauthenticated Settings Update","Severity":"high","Description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2022/CVE-2022-3805.yaml"}
 {"ID":"CVE-2022-38130","Info":{"Name":"KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution","Severity":"critical","Description":"The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\\\\u003cattacker-host\u003e\\sms\\\u003cattacker-db.zip\u003e), effectively controlling the content of the database to be restored.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-38130.yaml"}
@@ -3680,7 +3681,6 @@
 {"ID":"CVE-2022-0543","Info":{"Name":"Redis Sandbox Escape - Remote Code Execution","Severity":"critical","Description":"This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The\nvulnerability was introduced by Debian and Ubuntu Redis packages that\ninsufficiently sanitized the Lua environment. The maintainers failed to\ndisable the package interface, allowing attackers to load arbitrary libraries.\n","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2022/CVE-2022-0543.yaml"}
 {"ID":"CVE-2022-24706","Info":{"Name":"CouchDB Erlang Distribution - Remote Command Execution","Severity":"critical","Description":"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2022/CVE-2022-24706.yaml"}
 {"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c=1.1.5 - Local Inclusion","Severity":"high","Description":"muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2022/CVE-2022-31793.yaml"}
-{"ID":"CVE-2022-37932","Info":{"Name":"HP Switch - Authentication Bypass","Severity":"high","Description":"A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions- Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;\n","Classification":{"CVSSScore":"8.8"}},"file_path":"network/cves/2022/CVE-2022-37932.yaml"}
 {"ID":"CVE-2023-22629","Info":{"Name":"TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal","Severity":"high","Description":"TitanFTP versions up to 1.94.1205 contain a path traversal vulnerability in the move-file function where the newPath parameter is improperly validated. An authenticated user can upload a file and then move it to any location on the server filesystem, potentially allowing arbitrary file placement and system compromise.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"network/cves/2023/CVE-2023-22629.yaml"}
 {"ID":"CVE-2023-33246","Info":{"Name":"RocketMQ \u003c= 5.1.0 - Remote Code Execution","Severity":"critical","Description":"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2023/CVE-2023-33246.yaml"}
 {"ID":"CVE-2023-37582","Info":{"Name":"Apache RocketMQ - Remote Command Execution","Severity":"critical","Description":"The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2023/CVE-2023-37582.yaml"}