{"vulnerability": "CVE-2022-3483", "sightings": [{"uuid": "618ce9ef-5049-4c25-9ffc-dae83cbfbdf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34833", "type": "seen", "source": "https://t.me/cibsecurity/73099", "content": "\u203c CVE-2022-34833 \u203c\n\nAn issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-28T00:17:39.000000Z"}, {"uuid": "888a4328-09d3-471c-983e-ccec3e214008", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34832", "type": "seen", "source": "https://t.me/cibsecurity/73097", "content": "\u203c CVE-2022-34832 \u203c\n\nAn issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-28T00:17:37.000000Z"}, {"uuid": "6a4c62ad-8aa6-4d21-9927-6c7c6c186e96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34834", "type": "seen", "source": "https://t.me/cibsecurity/73090", "content": "\u203c CVE-2022-34834 \u203c\n\nAn issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-28T00:17:30.000000Z"}, {"uuid": "f4af9bb4-89b9-4e75-b4f5-6a9364afe978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3483", "type": "seen", "source": "https://t.me/cibsecurity/52798", "content": "\u203c CVE-2022-3483 \u203c\n\nAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T02:41:25.000000Z"}, {"uuid": "399a9920-7815-47f6-bdb7-b1dcbc7bd9cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34830", "type": "seen", "source": "https://t.me/cibsecurity/53399", "content": "\u203c CVE-2022-34830 \u203c\n\nAn Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T07:13:49.000000Z"}, {"uuid": "ceca63d9-0f6e-486e-87d7-5adb24eccba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34831", "type": "seen", "source": "https://t.me/cibsecurity/49769", "content": "\u203c CVE-2022-34831 \u203c\n\nAn issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one or multiple dnsNames. These are validated properly in the ACME challenge. However, if the validation passes, a non-compliant client can include additional dnsNames the CSR sent to the finalize endpoint, resulting in EJBCA issuing a certificate including the identifiers that were not validated. This occurs even if the certificate profile is configured to not allow a DN override by the CSR.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T14:26:35.000000Z"}, {"uuid": "afda9ac2-3701-431c-ac41-3ed8911ef4fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34835", "type": "seen", "source": "https://t.me/cibsecurity/45390", "content": "\u203c CVE-2022-34835 \u203c\n\nIn Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the \"i2c md\" command enables the corruption of the return address pointer of the do_i2c_md function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T07:38:07.000000Z"}, {"uuid": "b90ffd03-383f-49e8-9829-367b1c58f3a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34838", "type": "seen", "source": "https://t.me/cibsecurity/48663", "content": "\u203c CVE-2022-34838 \u203c\n\nStoring Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-24T20:22:57.000000Z"}, {"uuid": "7b2b9436-98ac-429e-9d3b-a0eb4e3272e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34836", "type": "seen", "source": "https://t.me/cibsecurity/48662", "content": "\u203c CVE-2022-34836 \u203c\n\nRelative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-24T20:22:53.000000Z"}, {"uuid": "25e21457-870c-4ade-831c-16c4480f6d06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34839", "type": "seen", "source": "https://t.me/cibsecurity/46835", "content": "\u203c CVE-2022-34839 \u203c\n\nAuthentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-22T20:23:43.000000Z"}]}