{"vulnerability": "CVE-2022-2861", "sightings": [{"uuid": "4faca2d4-668e-4d7d-a4e5-3ce075ea7df5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28615", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-133-01", "content": "", "creation_timestamp": "2025-05-13T10:00:00.000000Z"}, {"uuid": "8d2f4da5-4497-4ef6-96b7-ac8d10f3b6a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28614", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-133-01", "content": "", "creation_timestamp": "2025-05-13T10:00:00.000000Z"}, {"uuid": "c20c40fa-b0f5-4191-8226-9eff00c1f7d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2861", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17192", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2861\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.\n\ud83d\udccf Published: 2022-09-26T15:01:17.000Z\n\ud83d\udccf Modified: 2025-05-21T19:09:28.492Z\n\ud83d\udd17 References:\n1. https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html\n2. https://crbug.com/1346236\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/", "creation_timestamp": "2025-05-21T19:43:04.000000Z"}, {"uuid": "32d8121f-9e4d-4ce9-a950-36272db4a0a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28615", "type": "seen", "source": "Telegram/Hf_SunJuoYNf_bsQCJ20cuXyI7bzH8EMEXzusn30k3vpXeQ", "content": "", "creation_timestamp": "2024-10-15T10:14:15.000000Z"}, {"uuid": "7ff31a9a-57cc-4318-b73e-aaa50825e0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28614", "type": "seen", "source": "Telegram/Hf_SunJuoYNf_bsQCJ20cuXyI7bzH8EMEXzusn30k3vpXeQ", "content": "", "creation_timestamp": "2024-10-15T10:14:15.000000Z"}, {"uuid": "17467ff9-73d7-4666-81dc-7786672813be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2861", "type": "seen", "source": "https://t.me/cibsecurity/50503", "content": "\u203c CVE-2022-2861 \u203c\n\nInappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-26T20:22:49.000000Z"}, {"uuid": "c6c0d62d-9f2a-4b5f-8eea-58713392355c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28611", "type": "seen", "source": "https://t.me/cibsecurity/52936", "content": "\u203c CVE-2022-28611 \u203c\n\nImproper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:55:08.000000Z"}, {"uuid": "297a48bf-11a1-42e7-8524-f8249c6ea2e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28618", "type": "seen", "source": "https://t.me/cibsecurity/43102", "content": "\u203c CVE-2022-28618 \u203c\n\nA command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-21T00:31:14.000000Z"}, {"uuid": "e440469b-006e-4b1b-8bcd-a4cde0741bde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28617", "type": "seen", "source": "https://t.me/cibsecurity/42863", "content": "\u203c CVE-2022-28617 \u203c\n\nA remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T00:27:46.000000Z"}, {"uuid": "1a7b8980-769b-4da5-90f9-c2fa4caa30f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28616", "type": "seen", "source": "https://t.me/cibsecurity/42878", "content": "\u203c CVE-2022-28616 \u203c\n\nA remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T00:28:04.000000Z"}, {"uuid": "7582462a-6d60-4261-ab71-88504d76fac9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28613", "type": "seen", "source": "https://t.me/cibsecurity/41770", "content": "\u203c CVE-2022-28613 \u203c\n\nA vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-02T22:28:26.000000Z"}]}