{"vulnerability": "CVE-2022-2953", "sightings": [{"uuid": "a7ee2287-e1fb-4e69-800b-dfad38704a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29538", "type": "seen", "source": "https://t.me/cibsecurity/42487", "content": "\u203c CVE-2022-29538 \u203c\n\nRESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T18:36:03.000000Z"}, {"uuid": "e53b4978-7666-437b-a890-1f207b562424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29539", "type": "seen", "source": "https://t.me/cibsecurity/42488", "content": "\u203c CVE-2022-29539 \u203c\n\nresi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\\r\\ commands) and inject arbitrary system commands with the privileges of the application user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T18:36:04.000000Z"}, {"uuid": "12882391-4b42-464c-9beb-ed9ae5dd6a22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29535", "type": "seen", "source": "https://t.me/cibsecurity/42070", "content": "\u203c CVE-2022-29535 \u203c\n\nZoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-06T02:11:58.000000Z"}, {"uuid": "9f7f0a60-4aef-4725-9d41-23786e90fbda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29536", "type": "seen", "source": "https://t.me/cibsecurity/41214", "content": "\u203c CVE-2022-29536 \u203c\n\nIn GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T02:26:13.000000Z"}, {"uuid": "72cbcbdc-0b93-4a9d-bf3c-c8d4ca7a6d2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29533", "type": "seen", "source": "https://t.me/cibsecurity/41212", "content": "\u203c CVE-2022-29533 \u203c\n\nAn issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a \"weird single checkbox page.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T02:26:11.000000Z"}, {"uuid": "7cc3103f-93e4-4524-9fc5-dacaae973429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29537", "type": "seen", "source": "https://t.me/cibsecurity/41211", "content": "\u203c CVE-2022-29537 \u203c\n\ngp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T02:26:10.000000Z"}, {"uuid": "e90e69cc-f3f8-4634-8df2-c072e2743f81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29534", "type": "seen", "source": "https://t.me/cibsecurity/41210", "content": "\u203c CVE-2022-29534 \u203c\n\nAn issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an \"Accept: application/json\" header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T02:26:09.000000Z"}, {"uuid": "b993c947-2f55-48c7-9521-b868d21d75e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29532", "type": "seen", "source": "https://t.me/cibsecurity/41209", "content": "\u203c CVE-2022-29532 \u203c\n\nAn issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T02:26:08.000000Z"}, {"uuid": "6d1557f6-baf3-45b5-bd74-f347b318777f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29530", "type": "seen", "source": "https://t.me/cibsecurity/41207", "content": "\u203c CVE-2022-29530 \u203c\n\nAn issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T02:26:06.000000Z"}, {"uuid": "5a3d68ac-88ea-4f29-afe4-8233d428e93f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29531", "type": "seen", "source": "https://t.me/cibsecurity/41208", "content": "\u203c CVE-2022-29531 \u203c\n\nAn issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T02:26:07.000000Z"}]}