{"vulnerability": "CVE-2022-2308", "sightings": [{"uuid": "35a882a9-898b-4a23-92dc-04c749e31816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23082", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwmrsaspw72n", "content": "", "creation_timestamp": "2025-08-17T21:02:26.597977Z"}, {"uuid": "a78316ca-8dc3-4e64-a3f5-5030bcfde71a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23088", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "be7b6038-6f71-4d79-b99c-6c497cfe96c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23088", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9790", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Exploiting a heap overflow in the FreeBSD Wi-fi stack (CVE-2022-23088).\n\nhttps://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack", "creation_timestamp": "2022-06-18T16:05:43.000000Z"}, {"uuid": "7e4713c4-7d22-48b3-81e2-4c1155cc5d4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23089", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7513", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23089\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.\n\nAn out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash.\n\ud83d\udccf Published: 2024-02-15T05:07:13.996Z\n\ud83d\udccf Modified: 2025-03-13T21:52:54.797Z\n\ud83d\udd17 References:\n1. https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc\n2. https://security.netapp.com/advisory/ntap-20240415-0006/", "creation_timestamp": "2025-03-13T22:44:01.000000Z"}, {"uuid": "385cc980-01fb-4dfd-b207-0f6183dd46f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23087", "type": "published-proof-of-concept", "source": "Telegram/07TDzsfw38y8odRc60JQGpHccY9x9GSXRGQOsqt_XAy76Bw", "content": "", "creation_timestamp": "2023-02-06T16:44:05.000000Z"}, {"uuid": "cab6da6e-056a-4e8c-82cf-11524a057cf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23087", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2101", "content": "#exploit\n1. CVE-2022-46164:\nNodeBB Account Takeover Flaw\nhttps://github.com/stephenbradshaw/CVE-2022-46164-poc\n\n2. CVE-2022-23087:\n\"Escaping from bhyve\"\nhttps://www.synacktiv.com/publications/escaping-from-bhyve.html\nhttps://github.com/synacktiv/bhyve", "creation_timestamp": "2023-01-05T15:07:56.000000Z"}, {"uuid": "982d31f7-cde2-4106-8619-600026c8698a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23087", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2554", "content": "CVE-2022-23087\nhttps://github.com/synacktiv/bhyve", "creation_timestamp": "2023-02-08T18:54:05.000000Z"}, {"uuid": "51bcbde4-2cda-44bc-a182-c04299ee099e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2308", "type": "seen", "source": "https://t.me/cibsecurity/49206", "content": "\u203c CVE-2022-2308 \u203c\n\nA flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-02T00:38:30.000000Z"}, {"uuid": "f5993d97-6868-4788-a7e5-9b0f39481f22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23081", "type": "seen", "source": "https://t.me/cibsecurity/44955", "content": "\u203c CVE-2022-23081 \u203c\n\nIn openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-22T22:28:45.000000Z"}, {"uuid": "b6e2b694-742d-48b2-b8ec-07d0afb3d693", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23080", "type": "seen", "source": "https://t.me/cibsecurity/44949", "content": "\u203c CVE-2022-23080 \u203c\n\nIn directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-22T20:33:45.000000Z"}, {"uuid": "71002ac5-f3ba-4962-bf3c-5af34fd1f3a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23082", "type": "seen", "source": "https://t.me/cibsecurity/43565", "content": "\u203c CVE-2022-23082 \u203c\n\nIn CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function \u00c3\u00a2\u00e2\u201a\u00ac\u00cb\u0153isFileOutsideDir\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2 fails to sanitize the user input which may lead to path traversal.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-31T18:23:46.000000Z"}, {"uuid": "b4cc6a41-97bb-4198-b8da-f50af38e1c11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23087", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7492", "content": "#exploit\n1. CVE-2022-46164:\nNodeBB Account Takeover Flaw\nhttps://github.com/stephenbradshaw/CVE-2022-46164-poc\n\n2. CVE-2022-23087:\n\"Escaping from bhyve\"\nhttps://www.synacktiv.com/publications/escaping-from-bhyve.html\nhttps://github.com/synacktiv/bhyve", "creation_timestamp": "2023-01-05T11:30:20.000000Z"}, {"uuid": "4336f96f-3fe3-4d53-8db0-463a92716fe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23088", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6225", "content": "#exploit\n1. CVE-2022-23088:\nExploiting a Heap Overflow in the FreeBSD Wi-Fi Stack\nhttps://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack\n\n2. CVE-2022-30136:\nUnauthenticated RCE in MS Windows Network File System\nhttps://github.com/oturu/Cve-2022-30136-RCE", "creation_timestamp": "2022-06-18T12:45:01.000000Z"}, {"uuid": "a14d00e1-bf0b-4066-b6be-a72adf548881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23088", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6326", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (June 1-30)\n\nCVE-2022-30190 - Follina exploit\nCVE-2022-26134 - OGNL injection in Atlassian Confluence Server/Data Center\nCVE-2022-26809 - Weakness in a core Windows 7/10/Srv19/22 component (RPC)\nCVE-2022-30075 - TP-Link AX50 Auth RCE\nCVE-2022-23222 - Linux Kernel eBPF LPE\nCVE-2022-32275 - Grafana 8.4.3 allows reading files\nCVE-2022-26937 - Windows NFS NLM Portmap Stack Buffer Overflow\nCVE-2022-23088 - Heap Overflow in FreeBSD Wi-Fi Stack\nCVE-2022-31626 - RCE in PHP <=7.4.29\nCVE-2022-30333 - Dir Traversal in rar", "creation_timestamp": "2024-10-12T06:49:41.000000Z"}]}