{"vulnerability": "CVE-2022-3806", "sightings": [{"uuid": "689a17d8-7c83-404c-ac56-f9d0413084a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38060", "type": "seen", "source": "https://t.me/cibsecurity/55048", "content": "\u203c CVE-2022-38060 \u203c\n\nA privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T14:12:52.000000Z"}, {"uuid": "8bdd1818-e488-4ea9-99a0-2068d178c22f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38062", "type": "seen", "source": "https://t.me/cibsecurity/66845", "content": "\u203c CVE-2022-38062 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin &lt;=\u00c2\u00a01.0.9 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-17T20:40:29.000000Z"}, {"uuid": "75659138-f780-478b-acd8-e54fe06f8b4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38066", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6592", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38066\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP response can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.\n\ud83d\udccf Published: 2023-01-26T21:24:36.877Z\n\ud83d\udccf Modified: 2025-03-05T19:27:57.780Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1615", "creation_timestamp": "2025-03-05T20:01:09.000000Z"}, {"uuid": "f7bf4d3e-35e1-466a-98cb-7104e119a68e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38063", "type": "seen", "source": "https://t.me/cibsecurity/60116", "content": "\u203c CVE-2022-38063 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin &lt;= 5.0.0.0 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-16T11:30:33.000000Z"}, {"uuid": "088a4116-d5e7-49dc-adac-ecfd22ad945e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38065", "type": "seen", "source": "https://t.me/cibsecurity/55049", "content": "\u203c CVE-2022-38065 \u203c\n\nA privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T14:12:53.000000Z"}, {"uuid": "5b952933-763a-49f2-b2e4-4490279284b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38064", "type": "seen", "source": "https://t.me/cibsecurity/49522", "content": "\u203c CVE-2022-38064 \u203c\n\nOpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T18:29:42.000000Z"}, {"uuid": "8d770951-cd57-451a-8f23-2249e63ef168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38061", "type": "seen", "source": "https://t.me/cibsecurity/50342", "content": "\u203c CVE-2022-38061 \u203c\n\nAuthenticated (author+) CSV Injection vulnerability in Export Post Info plugin &lt;= 1.2.0 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:19:35.000000Z"}, {"uuid": "1ac9cfa8-f66c-4882-9384-aafebd64cd17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38069", "type": "seen", "source": "https://t.me/cibsecurity/49640", "content": "\u203c CVE-2022-38069 \u203c\n\nMultiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T18:25:22.000000Z"}]}