https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 11 Jun 2026 13:38:58 +0000 https://vulnerability.circl.lu/sighting/c39a6393-6664-4e04-9114-91f0c40f62ea/export {"uuid": "c39a6393-6664-4e04-9114-91f0c40f62ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47952", "type": "seen", "source": "https://t.me/cibsecurity/55723", "content": "\u203c CVE-2022-47952 \u203c\n\nlxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-01T12:15:46.000000Z"} {"uuid": "c39a6393-6664-4e04-9114-91f0c40f62ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47952", "type": "seen", "source": "https://t.me/cibsecurity/55723", "content": "\u203c CVE-2022-47952 \u203c\n\nlxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-01T12:15:46.000000Z"} https://vulnerability.circl.lu/sighting/c39a6393-6664-4e04-9114-91f0c40f62ea/export Sun, 01 Jan 2023 12:15:46 +0000 https://vulnerability.circl.lu/sighting/238002bf-7ff3-474d-8522-87b645790456/export {"uuid": "238002bf-7ff3-474d-8522-87b645790456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47950", "type": "seen", "source": "https://t.me/cibsecurity/56683", "content": "\u203c CVE-2022-47950 \u203c\n\nAn issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T20:21:08.000000Z"} {"uuid": "238002bf-7ff3-474d-8522-87b645790456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47950", "type": "seen", "source": "https://t.me/cibsecurity/56683", "content": "\u203c CVE-2022-47950 \u203c\n\nAn issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T20:21:08.000000Z"} https://vulnerability.circl.lu/sighting/238002bf-7ff3-474d-8522-87b645790456/export Wed, 18 Jan 2023 20:21:08 +0000 https://vulnerability.circl.lu/sighting/c34627af-ce20-4ebd-b70a-9f3dccec4f4b/export {"uuid": "c34627af-ce20-4ebd-b70a-9f3dccec4f4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47951", "type": "seen", "source": "https://t.me/cvedetector/1540", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-40767 - OpenStack Nova Unauthorized File Disclosure Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-40767 \nPublished : July 24, 2024, 5:15 a.m. | 46\u00a0minutes ago \nDescription : In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"24 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-24T08:17:20.000000Z"} {"uuid": "c34627af-ce20-4ebd-b70a-9f3dccec4f4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47951", "type": "seen", "source": "https://t.me/cvedetector/1540", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-40767 - OpenStack Nova Unauthorized File Disclosure Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-40767 \nPublished : July 24, 2024, 5:15 a.m. | 46\u00a0minutes ago \nDescription : In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"24 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-24T08:17:20.000000Z"} https://vulnerability.circl.lu/sighting/c34627af-ce20-4ebd-b70a-9f3dccec4f4b/export Wed, 24 Jul 2024 08:17:20 +0000 https://vulnerability.circl.lu/sighting/c093713b-3886-4f41-aaa4-63dcc9d69df0/export {"uuid": "c093713b-3886-4f41-aaa4-63dcc9d69df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4795", "type": "seen", "source": "Telegram/fLJ6lGx5SEGUsUQppi4LqCab5KRVCC88F1bP657NGgXm_69U", "content": "", "creation_timestamp": "2025-03-10T19:39:13.000000Z"} {"uuid": "c093713b-3886-4f41-aaa4-63dcc9d69df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4795", "type": "seen", "source": "Telegram/fLJ6lGx5SEGUsUQppi4LqCab5KRVCC88F1bP657NGgXm_69U", "content": "", "creation_timestamp": "2025-03-10T19:39:13.000000Z"} https://vulnerability.circl.lu/sighting/c093713b-3886-4f41-aaa4-63dcc9d69df0/export Mon, 10 Mar 2025 19:39:13 +0000 https://vulnerability.circl.lu/sighting/0c52af5d-9825-4743-81ef-7b1b0a60c608/export {"uuid": "0c52af5d-9825-4743-81ef-7b1b0a60c608", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47951", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9707", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-47951\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.\n\ud83d\udccf Published: 2023-01-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-31T16:49:31.493Z\n\ud83d\udd17 References:\n1. https://launchpad.net/bugs/1996188\n2. https://security.openstack.org/ossa/OSSA-2023-002.html\n3. https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html\n4. https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html\n5. https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html\n6. https://www.debian.org/security/2023/dsa-5336\n7. https://www.debian.org/security/2023/dsa-5338\n8. https://www.debian.org/security/2023/dsa-5337", "creation_timestamp": "2025-03-31T17:30:57.000000Z"} {"uuid": "0c52af5d-9825-4743-81ef-7b1b0a60c608", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47951", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9707", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-47951\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.\n\ud83d\udccf Published: 2023-01-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-31T16:49:31.493Z\n\ud83d\udd17 References:\n1. https://launchpad.net/bugs/1996188\n2. https://security.openstack.org/ossa/OSSA-2023-002.html\n3. https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html\n4. https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html\n5. https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html\n6. https://www.debian.org/security/2023/dsa-5336\n7. https://www.debian.org/security/2023/dsa-5338\n8. https://www.debian.org/security/2023/dsa-5337", "creation_timestamp": "2025-03-31T17:30:57.000000Z"} https://vulnerability.circl.lu/sighting/0c52af5d-9825-4743-81ef-7b1b0a60c608/export Mon, 31 Mar 2025 17:30:57 +0000