{"vulnerability": "CVE-2022-3256", "sightings": [{"uuid": "a5292193-3913-462b-b980-009be1ecc3e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3256", "type": "seen", "source": "https://t.me/cibsecurity/50261", "content": "\u203c CVE-2022-3256 \u203c\n\nUse After Free in GitHub repository vim/vim prior to 9.0.0530.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-22T16:12:06.000000Z"}, {"uuid": "7a822787-5627-4d4f-8243-0bc33c262ece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3256", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17458", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3256\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Use After Free in GitHub repository vim/vim prior to 9.0.0530.\n\ud83d\udccf Published: 2022-09-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-23T20:31:50.981Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3\n2. https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/\n5. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/\n6. https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html\n7. https://security.gentoo.org/glsa/202305-16", "creation_timestamp": "2025-05-23T20:45:21.000000Z"}, {"uuid": "d32f5d1f-324a-48b8-b149-e6a0154d3ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32564", "type": "seen", "source": "https://t.me/cibsecurity/44342", "content": "\u203c CVE-2022-32564 \u203c\n\nAn issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T00:17:20.000000Z"}, {"uuid": "fe5430d6-7a7d-4d34-96ef-d3da8cd76823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32567", "type": "seen", "source": "https://t.me/cibsecurity/45721", "content": "\u203c CVE-2022-32567 \u203c\n\nThe Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-07T14:15:09.000000Z"}, {"uuid": "ddab5d8f-1939-4059-a4af-185c3dba8280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32562", "type": "seen", "source": "https://t.me/cibsecurity/44351", "content": "\u203c CVE-2022-32562 \u203c\n\nAn issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T02:18:23.000000Z"}, {"uuid": "190fcd81-f7d2-4b77-8a8b-f7e052c983aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32563", "type": "seen", "source": "https://t.me/cibsecurity/44177", "content": "\u203c CVE-2022-32563 \u203c\n\nAn issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-10T16:40:44.000000Z"}, {"uuid": "144accdb-e30f-4d58-b002-58425a1687f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32561", "type": "seen", "source": "https://t.me/cibsecurity/44427", "content": "\u203c CVE-2022-32561 \u203c\n\nAn issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T20:18:16.000000Z"}, {"uuid": "e4297f34-4ff3-4c18-a49e-8fc8262b05de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32565", "type": "seen", "source": "https://t.me/cibsecurity/44350", "content": "\u203c CVE-2022-32565 \u203c\n\nAn issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T02:18:22.000000Z"}, {"uuid": "d1e10be0-e708-464f-89b7-cc490f84bd37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32560", "type": "seen", "source": "https://t.me/cibsecurity/44340", "content": "\u203c CVE-2022-32560 \u203c\n\nAn issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T00:17:19.000000Z"}]}