{"vulnerability": "CVE-2022-2474", "sightings": [{"uuid": "47a90a6e-12bf-40cc-a375-065807000e78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2474", "type": "seen", "source": "https://t.me/cibsecurity/52241", "content": "\u203c CVE-2022-2474 \u203c\n\nAuthentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the \u00e2\u20ac\u0153Ethernet Q Commands\u00e2\u20ac\ufffd service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T22:29:32.000000Z"}, {"uuid": "6f873f96-4f09-4a50-ae92-988fbd2b2176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24741", "type": "seen", "source": "https://t.me/cibsecurity/38630", "content": "\u203c CVE-2022-24741 \u203c\n\nNextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `'enable_previews'` config flag.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T00:12:08.000000Z"}, {"uuid": "b948700d-9aae-4987-8290-cb45744c157e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24743", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/38906", "content": "\u203c CVE-2022-24743 \u203c\n\nSylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-14T23:18:25.000000Z"}]}