{"vulnerability": "CVE-2022-3719", "sightings": [{"uuid": "69d20f7f-011e-4d3c-874f-fc78bd3c9d32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37197", "type": "seen", "source": "https://t.me/cibsecurity/53191", "content": "\u203c CVE-2022-37197 \u203c\n\nIOBit IOTransfer V4 is vulnerable to Unquoted Service Path.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T00:29:50.000000Z"}, {"uuid": "746535ea-9e0c-4451-9f23-92932c7ee5e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3719", "type": "seen", "source": "https://t.me/cibsecurity/52136", "content": "\u203c CVE-2022-3719 \u203c\n\nA vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-27T14:28:17.000000Z"}, {"uuid": "cd5c6eb4-f02f-4822-9b14-c848910b4fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37193", "type": "seen", "source": "https://t.me/cibsecurity/50554", "content": "\u203c CVE-2022-37193 \u203c\n\nChipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-28T02:36:42.000000Z"}, {"uuid": "0009c2bb-298b-42c1-be95-432385fea8ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37191", "type": "seen", "source": "https://t.me/cibsecurity/49746", "content": "\u203c CVE-2022-37191 \u203c\n\nThe component \"cuppa/api/index.php\" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T02:25:50.000000Z"}, {"uuid": "2435d337-9a38-4120-864d-1e1d7dfcbb91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37190", "type": "seen", "source": "https://t.me/cibsecurity/49742", "content": "\u203c CVE-2022-37190 \u203c\n\nCuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from \"/api/index.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T02:25:46.000000Z"}, {"uuid": "7a46c52a-2dbb-47fd-92c0-85f07d928e28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37199", "type": "seen", "source": "https://t.me/cibsecurity/48580", "content": "\u203c CVE-2022-37199 \u203c\n\nJFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T16:32:37.000000Z"}]}