{"vulnerability": "CVE-2022-2888", "sightings": [{"uuid": "b3e78e06-211b-4f32-8f65-d5574be2af98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28889", "type": "seen", "source": "https://t.me/cibsecurity/45769", "content": "\u203c CVE-2022-28889 \u203c\n\nIn Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-07T22:15:37.000000Z"}, {"uuid": "894ed270-467f-4dd9-82e9-881271558c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2888", "type": "seen", "source": "https://t.me/cibsecurity/50197", "content": "\u203c CVE-2022-2888 \u203c\n\nIf an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T16:40:52.000000Z"}, {"uuid": "e5c65267-cce0-4bbb-b98f-12de4dbc2b68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28887", "type": "seen", "source": "https://t.me/cibsecurity/51282", "content": "\u203c CVE-2022-28887 \u203c\n\nMultiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T22:27:00.000000Z"}, {"uuid": "fd385c18-ccf5-448c-a05c-a788172c8e3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28886", "type": "seen", "source": "https://t.me/cibsecurity/50395", "content": "\u203c CVE-2022-28886 \u203c\n\nA Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:19:55.000000Z"}, {"uuid": "13821adf-6ba1-4f62-9c14-3795e748a2b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28882", "type": "seen", "source": "https://t.me/cibsecurity/48594", "content": "\u203c CVE-2022-28882 \u203c\n\nA Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T20:21:42.000000Z"}, {"uuid": "7a779e32-dedf-45b9-939e-a5598868d628", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28888", "type": "seen", "source": "https://t.me/cibsecurity/46188", "content": "\u203c CVE-2022-28888 \u203c\n\nSpryker Commerce OS 1.4.2 allows Remote Command Execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-13T22:40:10.000000Z"}]}