{"vulnerability": "CVE-2022-2488", "sightings": [{"uuid": "cf89f578-a7c7-41de-a6fb-59c3b6f62a65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-31)", "content": "", "creation_timestamp": "2025-01-31T00:00:00.000000Z"}, {"uuid": "0f15ac15-4027-4cd4-8cbf-d84b636bdcf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-02)", "content": "", "creation_timestamp": "2025-02-02T00:00:00.000000Z"}, {"uuid": "83641dca-8069-4c55-ae4c-9ef399913f9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "8563d306-6699-441e-8083-821300ec2625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-03)", "content": "", "creation_timestamp": "2025-02-03T00:00:00.000000Z"}, {"uuid": "6b47f115-25e5-40ee-8ec7-d1d0576288fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-08)", "content": "", "creation_timestamp": "2025-02-08T00:00:00.000000Z"}, {"uuid": "fbb8c53b-e00f-44f4-bd0f-ead795921a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-09)", "content": "", "creation_timestamp": "2025-02-09T00:00:00.000000Z"}, {"uuid": "08c30d3e-c2b5-43d9-931a-7a232c0925d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-09)", "content": "", "creation_timestamp": "2025-02-09T00:00:00.000000Z"}, {"uuid": "366d078b-6b0b-4623-aca9-7281bda7671d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-22)", "content": "", "creation_timestamp": "2025-02-22T00:00:00.000000Z"}, {"uuid": "d58313fe-5edb-41bb-a85f-5c66125a443b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-22)", "content": "", "creation_timestamp": "2025-02-22T00:00:00.000000Z"}, {"uuid": "4c8abba1-4e76-4d34-8181-f695f5ed1c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-21)", "content": "", "creation_timestamp": "2025-03-21T00:00:00.000000Z"}, {"uuid": "0c46f29d-386b-4c40-8c9f-47a83e4b62a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-09)", "content": "", "creation_timestamp": "2025-04-09T00:00:00.000000Z"}, {"uuid": "d78311f8-5446-4871-b257-9ee9af8efeef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-17)", "content": "", "creation_timestamp": "2025-06-17T00:00:00.000000Z"}, {"uuid": "6d3ddfca-b2be-4203-9226-332eaa1d164e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-14)", "content": "", "creation_timestamp": "2025-04-14T00:00:00.000000Z"}, {"uuid": "cff766ee-1dc3-4617-b3bc-29f953c7dec2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-02)", "content": "", "creation_timestamp": "2025-06-02T00:00:00.000000Z"}, {"uuid": "5e4411a8-92b2-4913-8ee0-1d3184931914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-06)", "content": "", "creation_timestamp": "2025-07-06T00:00:00.000000Z"}, {"uuid": "3d58a7f3-6359-4f3b-885e-a266a7b8c336", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-23)", "content": "", "creation_timestamp": "2025-07-23T00:00:00.000000Z"}, {"uuid": "95dd4a7a-899e-43a5-b183-98983f11e86e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-25)", "content": "", "creation_timestamp": "2025-07-25T00:00:00.000000Z"}, {"uuid": "48af40ca-8cec-4761-a9df-210e75a38bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-29)", "content": "", "creation_timestamp": "2025-10-29T00:00:00.000000Z"}, {"uuid": "dd203d1f-e859-44b8-95b5-bc06711c68e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-26)", "content": "", "creation_timestamp": "2025-07-26T00:00:00.000000Z"}, {"uuid": "e4706f1a-2041-4741-bae2-03305eb6dfc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-13)", "content": "", "creation_timestamp": "2025-09-13T00:00:00.000000Z"}, {"uuid": "0b9e0bdd-1211-4c6b-a4f5-f9a8dede055b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-08)", "content": "", "creation_timestamp": "2025-11-08T00:00:00.000000Z"}, {"uuid": "ae02e1fb-6b4c-4a26-8049-c78790af33b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-28)", "content": "", "creation_timestamp": "2025-10-28T00:00:00.000000Z"}, {"uuid": "d0a4d8a0-b608-4a8b-84bb-ec3b4ea9081c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-17)", "content": "", "creation_timestamp": "2025-08-17T00:00:00.000000Z"}, {"uuid": "adcb3744-43df-4379-9f32-a88ccaddee69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-16)", "content": "", "creation_timestamp": "2025-10-16T00:00:00.000000Z"}, {"uuid": "750e435e-d922-4380-801f-506ab2b569e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-25)", "content": "", "creation_timestamp": "2025-11-25T00:00:00.000000Z"}, {"uuid": "9815b116-6001-440b-ab24-7f3e2f6e9ebd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-22)", "content": "", "creation_timestamp": "2025-09-22T00:00:00.000000Z"}, {"uuid": "bb790198-c0e8-4f4e-83cf-9d3474c18a59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-14)", "content": "", "creation_timestamp": "2025-10-14T00:00:00.000000Z"}, {"uuid": "fd527896-097e-4875-8541-5cb880811a98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-17)", "content": "", "creation_timestamp": "2025-10-17T00:00:00.000000Z"}, {"uuid": "0b509bac-b122-45f7-bb12-86f1d6e42e59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-28)", "content": "", "creation_timestamp": "2026-02-28T00:00:00.000000Z"}, {"uuid": "f0422a18-084b-43e1-bf28-89a26a94ee1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-03)", "content": "", "creation_timestamp": "2025-12-03T00:00:00.000000Z"}, {"uuid": "600a6069-54d5-40b6-9a5a-75611b13a622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-01)", "content": "", "creation_timestamp": "2026-03-01T00:00:00.000000Z"}, {"uuid": "14257b73-8f46-450d-bd87-49a00d12bd35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-12)", "content": "", "creation_timestamp": "2025-12-12T00:00:00.000000Z"}, {"uuid": "c0e670fb-9bee-46e8-b232-07b6c40bb17a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-20)", "content": "", "creation_timestamp": "2025-12-20T00:00:00.000000Z"}, {"uuid": "08d3eaf7-e283-45fb-81dd-0db68b90f811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-30)", "content": "", "creation_timestamp": "2025-12-30T00:00:00.000000Z"}, {"uuid": "7879bd15-6609-4d0c-8769-6465bc67263a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-28)", "content": "", "creation_timestamp": "2026-01-28T00:00:00.000000Z"}, {"uuid": "a6ea69e8-6c8b-4a76-91da-386e269b9df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-04)", "content": "", "creation_timestamp": "2026-01-04T00:00:00.000000Z"}, {"uuid": "d5cae93d-3b45-4752-88f6-6ab576469721", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-02-13)", "content": "", "creation_timestamp": "2026-02-13T00:00:00.000000Z"}, {"uuid": "80431c83-1896-4f1f-a8b2-8210584c8718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-08)", "content": "", "creation_timestamp": "2026-01-08T00:00:00.000000Z"}, {"uuid": "02f296dd-004a-4a36-8deb-a5df17620dbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-14)", "content": "", "creation_timestamp": "2026-03-14T00:00:00.000000Z"}, {"uuid": "c0d0e198-f39d-4da0-b6f3-f0134d895289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-21)", "content": "", "creation_timestamp": "2026-01-21T00:00:00.000000Z"}, {"uuid": "151f4814-9811-4341-9117-8145a76ca8ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-31)", "content": "", "creation_timestamp": "2026-03-31T00:00:00.000000Z"}, {"uuid": "a41e24c5-d484-42c0-ae73-32a8b4c0034c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-01)", "content": "", "creation_timestamp": "2026-04-01T00:00:00.000000Z"}, {"uuid": "d93e5171-f5bf-458b-aea0-2dea11da99d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2488", "type": "seen", "source": "https://t.me/cibsecurity/46642", "content": "\u203c CVE-2022-2488 \u203c\n\nA vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-20T16:20:00.000000Z"}, {"uuid": "8e02d743-5108-419d-8e17-10c7f8637905", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24884", "type": "seen", "source": "https://t.me/cibsecurity/42090", "content": "\u203c CVE-2022-24884 \u203c\n\necdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-06T07:22:18.000000Z"}, {"uuid": "5daa83fd-6240-46ea-bc27-9f9dd9d9d159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24888", "type": "seen", "source": "https://t.me/cibsecurity/41497", "content": "\u203c CVE-2022-24888 \u203c\n\nNextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \\n, \\r, \\t, and \\v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T18:13:09.000000Z"}, {"uuid": "df5b7005-1b8a-442e-b73a-a40b00e09388", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24887", "type": "seen", "source": "https://t.me/cibsecurity/41502", "content": "\u203c CVE-2022-24887 \u203c\n\nNextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T18:13:15.000000Z"}, {"uuid": "9753fe73-45f3-4090-bdf9-fc03e828dcc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24889", "type": "seen", "source": "https://t.me/cibsecurity/41501", "content": "\u203c CVE-2022-24889 \u203c\n\nNextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling \"recommended\" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T18:13:14.000000Z"}, {"uuid": "4ec2a8ae-7105-40c9-a504-00e422189e07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24885", "type": "seen", "source": "https://t.me/cibsecurity/41499", "content": "\u203c CVE-2022-24885 \u203c\n\nNextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T18:13:11.000000Z"}, {"uuid": "b3f1290d-7130-41c8-a9a6-0052579ad723", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24886", "type": "seen", "source": "https://t.me/cibsecurity/41498", "content": "\u203c CVE-2022-24886 \u203c\n\nNextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T18:13:10.000000Z"}, {"uuid": "c8924075-e4e1-4d96-9217-7130d7e77133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24883", "type": "seen", "source": "https://t.me/cibsecurity/41444", "content": "\u203c CVE-2022-24883 \u203c\n\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-26T20:37:16.000000Z"}, {"uuid": "840be5d2-1430-493d-9a3a-fd231784fb85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24881", "type": "seen", "source": "https://t.me/cibsecurity/41443", "content": "\u203c CVE-2022-24881 \u203c\n\nBallcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-26T20:37:16.000000Z"}, {"uuid": "c5a524ce-9d50-4a1a-868d-95cc7d3493c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24882", "type": "seen", "source": "https://t.me/cibsecurity/41440", "content": "\u203c CVE-2022-24882 \u203c\n\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-26T20:37:13.000000Z"}, {"uuid": "39a49bef-be69-4252-887e-3629caae14c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24880", "type": "seen", "source": "https://t.me/cibsecurity/41420", "content": "\u203c CVE-2022-24880 \u203c\n\nflask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-26T02:46:54.000000Z"}, {"uuid": "c18d0c36-23ed-40fa-aa89-ab7114e21a89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24886", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1546", "content": "Notification implicit PendingIntent in Android NextCloud app allows to access contacts (CVE-2022-24886) https://hackerone.com/reports/1161401", "creation_timestamp": "2022-06-08T03:56:10.000000Z"}]}