{"vulnerability": "CVE-2022-2820", "sightings": [{"uuid": "a84f6d3f-cb5b-4659-9f0b-eafddb3338f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28204", "type": "seen", "source": "https://t.me/cibsecurity/50094", "content": "\u203c CVE-2022-28204 \u203c\n\nA denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&amp;target=Property%3AP31&amp;namespace=1&amp;invert=1 can take more than thirty seconds. There is a DDoS risk.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T00:38:58.000000Z"}, {"uuid": "d1a1d153-035a-473a-9ea4-d45ac799e829", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28201", "type": "seen", "source": "https://t.me/cibsecurity/50090", "content": "\u203c CVE-2022-28201 \u203c\n\nAn issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T00:38:51.000000Z"}, {"uuid": "1ddfd31d-183b-4006-bd31-9292f11dadcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28203", "type": "seen", "source": "https://t.me/cibsecurity/50089", "content": "\u203c CVE-2022-28203 \u203c\n\nA denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T00:38:50.000000Z"}, {"uuid": "09b0d2db-07d7-4adb-8952-33619df3c424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28200", "type": "seen", "source": "https://t.me/cibsecurity/45544", "content": "\u203c CVE-2022-28200 \u203c\n\nNVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-02T08:27:01.000000Z"}, {"uuid": "08b84227-a360-4072-9995-14d3ea3f6e7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28200", "type": "seen", "source": "https://t.me/cibsecurity/45543", "content": "\u203c CVE-2022-28200 \u203c\n\nNVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-02T08:26:55.000000Z"}, {"uuid": "a28cde83-d7c6-4a58-bd98-66892438d500", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28205", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mozchexunc2k", "content": "\ud83d\udccc CVE-2022-28205 - An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. https://www.cyberhub.blog/cves/CVE-2022-28205", "creation_timestamp": "2026-06-24T06:37:07.191184Z"}, {"uuid": "7c39b613-d88c-4fc6-82c6-586bc6b4a7be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28206", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3moze4zc3pd2n", "content": "\ud83d\udccc CVE-2022-28206 - An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. https://www.cyberhub.blog/cves/CVE-2022-28206", "creation_timestamp": "2026-06-24T07:07:07.102076Z"}, {"uuid": "c2b06e9d-602c-4d47-b7fd-5bf82656f26c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28209", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mozfsnt7gj24", "content": "\ud83d\udccc CVE-2022-28209 - An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. https://www.cyberhub.blog/cves/CVE-2022-28209", "creation_timestamp": "2026-06-24T07:37:07.125442Z"}]}