{"vulnerability": "CVE-2022-2778", "sightings": [{"uuid": "df7e7133-4013-41c2-a14c-f1975921bcd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27782", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3lzzeuxkcgj2c", "content": "", "creation_timestamp": "2025-09-30T01:31:31.718425Z"}, {"uuid": "60814019-b90f-448a-82b8-c841e3d085ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27781", "type": "seen", "source": "https://t.me/ctinow/52010", "content": "curl: CVE-2022-27781: CERTINFO never-ending busy-loop\n\nhttps://ift.tt/fneBOEM", "creation_timestamp": "2022-05-16T11:41:49.000000Z"}, {"uuid": "4bca59d7-8ef9-4a2a-87af-1e4d88bf3d33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2778", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17088", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2778\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.\n\ud83d\udccf Published: 2022-09-30T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-20T20:16:56.443Z\n\ud83d\udd17 References:\n1. https://advisories.octopus.com/post/2022/sa2022-15/", "creation_timestamp": "2025-05-20T20:41:21.000000Z"}, {"uuid": "1a41e5d3-5fc8-467b-8994-b24a4f956147", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27780", "type": "seen", "source": "https://t.me/ctinow/51778", "content": "curl: CVE-2022-27780: percent-encoded path separator in URL host\n\nhttps://ift.tt/yLRjWvJ", "creation_timestamp": "2022-05-11T17:56:49.000000Z"}, {"uuid": "6fb225bb-71f0-4e53-b417-7f1ce78dd791", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27782", "type": "seen", "source": "https://t.me/ctinow/51901", "content": "Internet Bug Bounty: CVE-2022-27782: TLS and SSH connection too eager reuse\n\nhttps://ift.tt/6evrDmM", "creation_timestamp": "2022-05-12T23:42:00.000000Z"}, {"uuid": "8bbb81c3-580c-4083-8e57-94a13d88c0b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27780", "type": "seen", "source": "https://t.me/ctinow/53635", "content": "Internet Bug Bounty: CVE-2022-27780: percent-encoded path separator in URL host\n\nhttps://ift.tt/XOB4w85", "creation_timestamp": "2022-06-11T22:01:07.000000Z"}, {"uuid": "eacec054-5a2d-4dfe-92bd-5d6cd87f317e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27782", "type": "seen", "source": "https://t.me/ctinow/51762", "content": "curl: CVE-2022-27782: TLS and SSH connection too eager reuse\n\nhttps://ift.tt/TgqwyNK", "creation_timestamp": "2022-05-11T15:57:40.000000Z"}, {"uuid": "dc46ee41-176a-45ae-ae9e-0f599846f704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27780", "type": "seen", "source": "https://t.me/true_secator/3334", "content": "IBM \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 IBM MQ, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u041f\u041e \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u043e\u0433\u043e \u0441\u043b\u043e\u044f IBM MQ \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043e\u0431\u043c\u0435\u043d \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u043c\u0435\u0436\u0434\u0443 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u043c\u0435\u0436\u0434\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430\u043c\u0438 \u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0447\u0438\u043a\u0430\u043c\u0438.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442 IBM \u0432\u00a0\u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u043c \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435, \u043e\u0431\u0435 \u0431\u0430\u0433\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u043e\u0439 libcurl \u0438 \u043c\u043e\u0433\u0443\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0438\u0437 \u043d\u0438\u0445 CVE-2022-27780 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0435 \u0438\u043c\u044f \u0445\u043e\u0441\u0442\u0430 \u0432 URL-\u0430\u0434\u0440\u0435\u0441\u0435.\n\n\u0412\u0442\u043e\u0440\u0430\u044f CVE-2022-30115 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 HSTS \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0443 HTTP \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0442\u0435\u043a\u0441\u0442\u043e\u043c.\n\n\u0412\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0439 IBM MQ, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 9.2 LTS, 9.1 LTS, 9.0 LTS, 9.2 CD \u0438 9.1 CD, \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 APAR IT40933.\n\nIBM \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u0443\u0442\u0435\u0447\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0432 \u041f\u041e SANNav, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u0430\u043c\u0438 SAN b-\u0442\u0438\u043f\u0430 IBM. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, IBM \u0437\u0430\u043a\u0440\u044b\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS) \u0432 Sterling Connect:Direct \u0434\u043b\u044f UNIX. CVE-2022-25647 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Google Gson \u0438 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0423\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043c\u0435\u0442\u043e\u0434 writeReplace Sterling Connect:Direct \u0434\u043b\u044f UNIX 6.2.0.4. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c iFix018 \u0440\u0435\u0448\u0430\u0435\u0442 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443.\n\nIBM \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435\u0439 \u0441 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 Security Guardium Key Lifecycle Manager (SKLM/GKLM), Sterling B2B Integrator \u0438 Security Verify Governance (ISVG).\n\n\u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431\u043e \u0432\u0441\u0435\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u0437\u0434\u0435\u0441\u044c.", "creation_timestamp": "2022-08-25T11:55:31.000000Z"}, {"uuid": "7b5a245a-896d-4d9c-90b1-da1f2afd12c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27781", "type": "seen", "source": "https://t.me/cibsecurity/43703", "content": "\u203c CVE-2022-27781 \u203c\n\nlibcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-02T18:38:39.000000Z"}, {"uuid": "de8f372e-cb9b-42bc-8396-af6b4e62228d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27784", "type": "seen", "source": "https://t.me/cibsecurity/42150", "content": "\u203c CVE-2022-27784 \u203c\n\nAdobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-06T22:23:17.000000Z"}, {"uuid": "a3b1ddc6-5fc1-4e40-b79b-8aa47074c6eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27782", "type": "seen", "source": "https://t.me/cibsecurity/43718", "content": "\u203c CVE-2022-27782 \u203c\n\nlibcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-02T18:38:57.000000Z"}, {"uuid": "f8780f00-6521-4261-babf-ce55979c361a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27780", "type": "seen", "source": "https://t.me/cibsecurity/43647", "content": "\u203c CVE-2022-27780 \u203c\n\nThe curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-03T04:56:48.000000Z"}, {"uuid": "6c42d056-e520-46e0-ba1d-19894aa77e1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27786", "type": "seen", "source": "https://t.me/cibsecurity/42416", "content": "\u203c CVE-2022-27786 \u203c\n\nAcrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T22:34:38.000000Z"}]}