{"vulnerability": "CVE-2022-2403", "sightings": [{"uuid": "7a4f328d-b4e1-4d49-8663-5e1b067e33a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24030", "type": "seen", "source": "https://t.me/cibsecurity/36741", "content": "\u203c CVE-2022-24030 \u203c\n\nSMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T07:29:38.000000Z"}, {"uuid": "6d14d634-d023-46d9-b197-d6a50ab490ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24039", "type": "seen", "source": "https://t.me/cibsecurity/42229", "content": "\u203c CVE-2022-24039 \u203c\n\nA vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The \u00e2\u20ac\u0153addCell\u00e2\u20ac\ufffd JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file. An attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator\u00e2\u20ac\u2122s workstation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-10T14:43:05.000000Z"}, {"uuid": "a916d07a-e435-47c2-aeea-0717963c13f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24035", "type": "seen", "source": "https://t.me/cibsecurity/62517", "content": "\u203c CVE-2022-24035 \u203c\n\nAn issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-20T16:30:47.000000Z"}, {"uuid": "ffd5239d-58f0-4173-a7fb-8b1989008aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24036", "type": "seen", "source": "https://t.me/cibsecurity/53035", "content": "\u203c CVE-2022-24036 \u203c\n\nKarmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to modificate logs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T15:52:48.000000Z"}, {"uuid": "cd849353-becd-4559-b678-b7608e99c852", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2403", "type": "seen", "source": "https://t.me/cibsecurity/49213", "content": "\u203c CVE-2022-2403 \u203c\n\nA credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-02T00:38:42.000000Z"}]}