{"vulnerability": "CVE-2022-2343", "sightings": [{"uuid": "070afe41-2f8f-454d-adb0-ffaf2ac077cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23439", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgd562gsma27", "content": "", "creation_timestamp": "2025-01-22T10:16:06.163010Z"}, {"uuid": "036ab86b-cd52-4d12-8599-72737f614d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23439", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2531", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23439\n\ud83d\udd39 Description: A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver\n\ud83d\udccf Published: 2025-01-22T09:10:28.669Z\n\ud83d\udccf Modified: 2025-01-22T09:10:28.669Z\n\ud83d\udd17 References:\n1. https://fortiguard.com/psirt/FG-IR-21-254", "creation_timestamp": "2025-01-22T10:02:01.000000Z"}, {"uuid": "c5ea94f9-5426-462c-bb55-e95009068df5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23439", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgd6hwthi72b", "content": "", "creation_timestamp": "2025-01-22T10:39:31.764066Z"}, {"uuid": "e1e4e03c-7faf-41df-a9fa-652aed90789a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23439", "type": "seen", "source": "https://t.me/cvedetector/16086", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-23439 - Fortinet Web Cache Poisoning Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-23439 \nPublished : Jan. 22, 2025, 10:15 a.m. | 44\u00a0minutes ago \nDescription : A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T12:12:47.000000Z"}, {"uuid": "7a8ec19c-8c8e-41b0-a520-2d0139b6605a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23439", "type": "seen", "source": "Telegram/_UOpF2tpULisHajua9myyGJ8An1w36xwf5FXLPWmrlS5XyTZ", "content": "", "creation_timestamp": "2025-02-14T10:05:00.000000Z"}, {"uuid": "1fc3269c-64c4-4248-a418-c0a908ab00c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2343", "type": "seen", "source": "https://t.me/cibsecurity/45835", "content": "\u203c CVE-2022-2343 \u203c\n\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-08T22:18:37.000000Z"}, {"uuid": "38c498c4-6606-4f24-a04c-e40457489784", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23438", "type": "seen", "source": "https://t.me/cibsecurity/46488", "content": "\u203c CVE-2022-23438 \u203c\n\nAn improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T22:39:45.000000Z"}, {"uuid": "b6ded535-4a2d-45d5-9885-01cac0f3c9cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23432", "type": "seen", "source": "https://t.me/cibsecurity/37309", "content": "\u203c CVE-2022-23432 \u203c\n\nAn improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:28:52.000000Z"}, {"uuid": "4509d3a5-31c7-4f49-a944-943a2daaad1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23433", "type": "seen", "source": "https://t.me/cibsecurity/37308", "content": "\u203c CVE-2022-23433 \u203c\n\nImproper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:28:51.000000Z"}, {"uuid": "eafb070f-d882-4f49-9b76-032d3633b4e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23437", "type": "seen", "source": "https://t.me/cibsecurity/36130", "content": "\u203c CVE-2022-23437 \u203c\n\nThere's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-24T18:17:28.000000Z"}, {"uuid": "6165f063-8f92-4bff-a9ee-645f1a1a0266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23431", "type": "seen", "source": "https://t.me/cibsecurity/37316", "content": "\u203c CVE-2022-23431 \u203c\n\nAn improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:29:01.000000Z"}, {"uuid": "48b605b8-3b37-4aad-8395-708f048e218c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23435", "type": "seen", "source": "https://t.me/cibsecurity/35766", "content": "\u203c CVE-2022-23435 \u203c\n\ndecoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-19T07:31:30.000000Z"}]}