{"vulnerability": "CVE-2022-4139", "sightings": [{"uuid": "83f16bdd-42e8-45df-883a-8b5a6b8254d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4139", "type": "seen", "source": "https://t.me/ctinow/78856", "content": "Zero day Privilege escalation flaw CVE-2022-4139 (CVSS score: 7.0), impacts Linux kernel - Information Security Newspaper\n\nhttps://ift.tt/GAiHM0c", "creation_timestamp": "2022-12-01T22:55:36.000000Z"}, {"uuid": "6282bac9-cde8-4450-8a56-7c500ba598d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41397", "type": "seen", "source": "https://t.me/cibsecurity/63040", "content": "\u203c CVE-2022-41397 \u203c\n\nThe optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key (\"LandlordPassKey\") to encrypt and decrypt secrets stored in configuration files and in database tables.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T16:27:13.000000Z"}, {"uuid": "1fa1dd7d-8973-422d-8c7d-227951fd81cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41398", "type": "seen", "source": "Telegram/mj4u6vRN8WHQpoJCrqyLu358eR2YvjDgJFTkKgQopx35gIQf", "content": "", "creation_timestamp": "2025-02-01T17:28:11.000000Z"}, {"uuid": "d60fb99b-d3b8-4af7-81ef-f5cd4811ef69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41399", "type": "seen", "source": "Telegram/dfwrpHd7stqrOK1S2cOYfN8oLlQZpRV6SiApLtE3DvW1L5RR", "content": "", "creation_timestamp": "2025-02-01T17:28:11.000000Z"}, {"uuid": "bb71b20c-9f27-4050-9764-699e2e98fdb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41399", "type": "seen", "source": "https://t.me/cibsecurity/63050", "content": "\u203c CVE-2022-41399 \u203c\n\nThe optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key (\"PASS_KEY\") to encrypt and decrypt the database connection string for the PORTAL database found in the \"dbconfig.xml\". This issue could allow attackers to obtain access to the SQL database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T16:27:30.000000Z"}, {"uuid": "857895fe-722d-4888-95c6-ca95939b37f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41398", "type": "seen", "source": "https://t.me/cibsecurity/63044", "content": "\u203c CVE-2022-41398 \u203c\n\nThe optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T16:27:20.000000Z"}, {"uuid": "73dce9bf-a08d-485d-8853-ed18e9bb0d0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41391", "type": "seen", "source": "https://t.me/cibsecurity/51379", "content": "\u203c CVE-2022-41391 \u203c\n\nOcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T02:28:23.000000Z"}, {"uuid": "7f1f3e43-d825-494f-b234-e2ae5f095798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41390", "type": "seen", "source": "https://t.me/cibsecurity/51375", "content": "\u203c CVE-2022-41390 \u203c\n\nOcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T02:28:18.000000Z"}, {"uuid": "9b2939f2-99be-45c0-993e-d9b08373c030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41392", "type": "seen", "source": "https://t.me/cibsecurity/51022", "content": "\u203c CVE-2022-41392 \u203c\n\nA cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T22:23:36.000000Z"}]}