{"vulnerability": "CVE-2022-2310", "sightings": [{"uuid": "b307235c-7a7e-435b-9ac1-abf98fcdcab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23100", "type": "seen", "source": "https://t.me/cibsecurity/47111", "content": "\u203c CVE-2022-23100 \u203c\n\nOX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:52:46.000000Z"}, {"uuid": "77c0c357-7f9d-45e1-ae32-678954280f58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23101", "type": "seen", "source": "https://t.me/cibsecurity/47094", "content": "\u203c CVE-2022-23101 \u203c\n\nOX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:49:48.000000Z"}, {"uuid": "66a08cfd-7c69-4d7b-bef4-d8d82e5e4650", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23103", "type": "seen", "source": "https://t.me/cibsecurity/47666", "content": "\u203c CVE-2022-23103 \u203c\n\nA stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-06T02:21:06.000000Z"}, {"uuid": "c80a9744-f8a1-4f12-925c-c3a423278168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23107", "type": "seen", "source": "https://t.me/cibsecurity/35370", "content": "\u203c CVE-2022-23107 \u203c\n\nJenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T22:17:36.000000Z"}, {"uuid": "dbe7c777-e0a0-4006-9fca-c1117f73da64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23106", "type": "seen", "source": "https://t.me/cibsecurity/35367", "content": "\u203c CVE-2022-23106 \u203c\n\nJenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T22:17:32.000000Z"}, {"uuid": "ed78ed86-65e1-4982-8503-6ea8ab440a15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23108", "type": "seen", "source": "https://t.me/cibsecurity/35360", "content": "\u203c CVE-2022-23108 \u203c\n\nJenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T22:17:25.000000Z"}, {"uuid": "37d0b10a-c802-4310-9dd8-daf8a1608722", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23109", "type": "seen", "source": "https://t.me/cibsecurity/35358", "content": "\u203c CVE-2022-23109 \u203c\n\nJenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T22:17:23.000000Z"}, {"uuid": "e740ff77-d8ff-474c-b023-1ae906565655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23102", "type": "seen", "source": "https://t.me/cibsecurity/37063", "content": "\u203c CVE-2022-23102 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions &lt; V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T18:12:53.000000Z"}]}