{"vulnerability": "CVE-2022-3053", "sightings": [{"uuid": "a45a68ef-a415-4d5a-8296-de94901a65b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30530", "type": "seen", "source": "https://t.me/cibsecurity/58387", "content": "\u203c CVE-2022-30530 \u203c\n\nProtection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:27:06.000000Z"}, {"uuid": "e1dcc415-0b48-40bb-b429-e09ca105c0cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30531", "type": "seen", "source": "https://t.me/cibsecurity/58373", "content": "\u203c CVE-2022-30531 \u203c\n\nOut-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:26:44.000000Z"}, {"uuid": "6a2bc330-52db-46a8-a96e-25fd3f37739e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3053", "type": "seen", "source": "https://t.me/cibsecurity/50507", "content": "\u203c CVE-2022-3053 \u203c\n\nInappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-26T20:22:54.000000Z"}, {"uuid": "8cca537c-9f84-4633-87c9-8e9eae8ccf8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30533", "type": "seen", "source": "https://t.me/cibsecurity/44603", "content": "\u203c CVE-2022-30533 \u203c\n\nCross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T07:28:21.000000Z"}, {"uuid": "0a19dee8-b8d7-428b-a1a8-7af264f5a239", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30538", "type": "seen", "source": "https://t.me/cibsecurity/44601", "content": "\u203c CVE-2022-30538 \u203c\n\nOut-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T07:20:56.000000Z"}, {"uuid": "37ed856d-7cd9-45bf-963b-c732d93b4b87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30532", "type": "seen", "source": "https://t.me/cibsecurity/46529", "content": "\u203c CVE-2022-30532 \u203c\n\nIn affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T12:40:31.000000Z"}, {"uuid": "daf1e554-fbbe-47d3-a6d5-8e8a5e0fe617", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30534", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11877", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-30534\n\ud83d\udd25 CVSS Score: 9.9 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.\n\ud83d\udccf Published: 2022-08-22T18:23:38.366Z\n\ud83d\udccf Modified: 2025-04-15T18:51:44.789Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql\n2. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1546", "creation_timestamp": "2025-04-15T18:54:45.000000Z"}, {"uuid": "e43d62fb-2ff5-48e0-836e-33264da160e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30536", "type": "seen", "source": "https://t.me/cibsecurity/46773", "content": "\u203c CVE-2022-30536 \u203c\n\nAuthenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-21T22:23:37.000000Z"}, {"uuid": "cb49a52c-c04e-438b-aaae-d3e635ca38a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30534", "type": "seen", "source": "https://t.me/cibsecurity/48548", "content": "\u203c CVE-2022-30534 \u203c\n\nAn OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T22:20:57.000000Z"}, {"uuid": "6b3bfdaf-66c0-4596-8992-5bcd52fa20e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30535", "type": "seen", "source": "https://t.me/cibsecurity/47582", "content": "\u203c CVE-2022-30535 \u203c\n\nIn versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-04T22:20:05.000000Z"}]}