{"vulnerability": "CVE-2022-3517", "sightings": [{"uuid": "a5f00cc3-1185-445e-89ee-560b3b69f3c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35170", "type": "seen", "source": "https://t.me/cibsecurity/46092", "content": "\u203c CVE-2022-35170 \u203c\n\nSAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-13T00:25:31.000000Z"}, {"uuid": "a3f95db9-c074-48fa-aa0d-675a66dc5fe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35173", "type": "seen", "source": "https://t.me/cibsecurity/48344", "content": "\u203c CVE-2022-35173 \u203c\n\nAn issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T12:41:31.000000Z"}, {"uuid": "2a39582f-2ce3-4bd7-9c5f-b125e9ccb880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35175", "type": "seen", "source": "https://t.me/cibsecurity/48377", "content": "\u203c CVE-2022-35175 (barangay_management_system) \u203c\n\nBarangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T22:29:52.000000Z"}, {"uuid": "67d4b7a2-0ed8-472d-92aa-f7b36a482a60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35174", "type": "seen", "source": "https://t.me/cibsecurity/48366", "content": "\u203c CVE-2022-35174 (starterkit) \u203c\n\nA stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T22:26:39.000000Z"}, {"uuid": "21287619-5a0c-4f22-b78d-66d9fb2696bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3517", "type": "seen", "source": "https://t.me/cibsecurity/51639", "content": "\u203c CVE-2022-3517 \u203c\n\nA vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T00:13:32.000000Z"}, {"uuid": "f30c1b65-9eb4-4c31-91e9-3a17504cb478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35172", "type": "seen", "source": "https://t.me/cibsecurity/46103", "content": "\u203c CVE-2022-35172 \u203c\n\nSAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-13T00:25:48.000000Z"}, {"uuid": "4ae92fcb-7d1b-427e-9b02-6c828a3a29bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35171", "type": "seen", "source": "https://t.me/cibsecurity/46101", "content": "\u203c CVE-2022-35171 \u203c\n\nWhen a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-13T00:25:42.000000Z"}]}