{"vulnerability": "CVE-2022-2905", "sightings": [{"uuid": "83c4300b-1663-4903-a402-de1285198ab9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29056", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llcon5j67c2t", "content": "", "creation_timestamp": "2025-03-26T21:02:06.904728Z"}, {"uuid": "50c06080-26a9-4cac-b96f-bf39622ff059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29059", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114162103566286961", "content": "", "creation_timestamp": "2025-03-14T18:04:17.757667Z"}, {"uuid": "4fce0f67-d7c2-4910-8f9e-b91dc0d34b9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29059", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lke2qg2f3b26", "content": "", "creation_timestamp": "2025-03-14T16:46:08.937065Z"}, {"uuid": "2c988645-4daf-4196-8c45-5ab960fdf1f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29055", "type": "seen", "source": "https://t.me/cibsecurity/51684", "content": "\u203c CVE-2022-29055 \u203c\n\nA access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T18:14:28.000000Z"}, {"uuid": "a4a30009-bb60-4d9f-a566-f3e680ba03e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29059", "type": "seen", "source": "https://t.me/cvedetector/20323", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-29059 - FortiWeb SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-29059 \nPublished : March 14, 2025, 4:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : An improper neutralization of special elements used in an SQL command\u00a0('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T19:13:20.000000Z"}, {"uuid": "23dcd1dd-b42d-4171-a26f-bb21fb9a3659", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29054", "type": "seen", "source": "https://t.me/cibsecurity/58383", "content": "\u203c CVE-2022-29054 \u203c\n\nA missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:26:59.000000Z"}, {"uuid": "1825db24-7c8d-44de-8e57-68fb8720ccf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29056", "type": "seen", "source": "https://t.me/cibsecurity/59732", "content": "\u203c CVE-2022-29056 \u203c\n\nA improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-09T18:20:34.000000Z"}, {"uuid": "60bf334b-515a-4964-9b5f-3654f019b38f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29051", "type": "seen", "source": "https://t.me/cibsecurity/40694", "content": "\u203c CVE-2022-29051 \u203c\n\nMissing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-13T00:17:21.000000Z"}, {"uuid": "6944fd7e-a095-4af4-bdcb-a3b4d9dc7b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2905", "type": "seen", "source": "https://t.me/cibsecurity/49516", "content": "\u203c CVE-2022-2905 \u203c\n\nAn out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T18:29:35.000000Z"}, {"uuid": "94c9f9ba-fbfe-4b00-b4c2-be86acecdec4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29053", "type": "seen", "source": "https://t.me/cibsecurity/49334", "content": "\u203c CVE-2022-29053 \u203c\n\nA missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-06T22:13:21.000000Z"}, {"uuid": "89c7a4c8-6d5b-4486-8ddb-dc3c5799d6e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29057", "type": "seen", "source": "https://t.me/cibsecurity/46554", "content": "\u203c CVE-2022-29057 \u203c\n\nA improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T18:40:58.000000Z"}, {"uuid": "edd7684f-805e-43b5-a849-40b89206e388", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29052", "type": "seen", "source": "https://t.me/cibsecurity/40693", "content": "\u203c CVE-2022-29052 \u203c\n\nJenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-13T00:17:20.000000Z"}]}