{"vulnerability": "CVE-2022-3854", "sightings": [{"uuid": "58906d9d-2af4-4795-8a7c-62166ecf7263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3854", "type": "seen", "source": "Telegram/QQKGpWYwFd5k5Dn30pIbUkgJV-hMsnxy-YJov4VGGuI5Ig_X", "content": "", "creation_timestamp": "2025-03-08T04:34:11.000000Z"}, {"uuid": "79f75a95-7ada-46e2-bf8e-4e4c947f0c9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3854", "type": "seen", "source": "https://t.me/cibsecurity/59543", "content": "\u203c CVE-2022-3854 \u203c\n\nA flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T02:13:36.000000Z"}, {"uuid": "e0b9263d-cccf-4f57-9a3b-1ba2ac5a37cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38547", "type": "seen", "source": "https://t.me/cibsecurity/57643", "content": "\u203c CVE-2022-38547 \u203c\n\nA post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T07:23:38.000000Z"}, {"uuid": "d771ce46-4908-4c7c-8f06-ccd65c3564db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38546", "type": "seen", "source": "https://t.me/cibsecurity/55039", "content": "\u203c CVE-2022-38546 \u203c\n\nA DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T07:12:43.000000Z"}, {"uuid": "b5c500ea-0b80-4da5-a786-962f1ed55652", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38542", "type": "seen", "source": "https://t.me/cibsecurity/49654", "content": "\u203c CVE-2022-38542 \u203c\n\nArchery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T18:25:37.000000Z"}, {"uuid": "0bc360d2-6bbd-4968-9e81-d7547a69add9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38545", "type": "seen", "source": "https://t.me/cibsecurity/50107", "content": "\u203c CVE-2022-38545 \u203c\n\nValine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T02:38:28.000000Z"}, {"uuid": "5d6a996a-ecd6-4efe-86a2-e9814503b823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38540", "type": "seen", "source": "https://t.me/cibsecurity/49648", "content": "\u203c CVE-2022-38540 \u203c\n\nArchery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T18:25:31.000000Z"}, {"uuid": "22779e9f-b3f6-4380-ba37-8b68a8571744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38541", "type": "seen", "source": "https://t.me/cibsecurity/49638", "content": "\u203c CVE-2022-38541 \u203c\n\nArchery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T18:25:20.000000Z"}]}