{"vulnerability": "CVE-2022-4271", "sightings": [{"uuid": "ee5bbd05-b6e2-4a2d-b643-cfde896113fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42719", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16577", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42719\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.\n\ud83d\udccf Published: 2022-10-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-15T20:48:06.121Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=1204051\n2. http://www.openwall.com/lists/oss-security/2022/10/13/2\n3. http://www.openwall.com/lists/oss-security/2022/10/13/5\n4. https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6\n5. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/\n6. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/\n7. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/\n8. https://www.debian.org/security/2022/dsa-5257\n9. https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html\n10. https://security.netapp.com/advisory/ntap-20230203-0008/\n11. http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html", "creation_timestamp": "2025-05-15T21:33:32.000000Z"}, {"uuid": "5ed528ec-10a7-40f9-b669-ce6d933cfa68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42710", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11243", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42710\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS).\n\ud83d\udccf Published: 2023-01-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T14:39:51.769Z\n\ud83d\udd17 References:\n1. https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-42710/CVE-2022-42710.txt", "creation_timestamp": "2025-04-10T14:50:24.000000Z"}, {"uuid": "4b626366-d5c6-4d38-a020-ba09a5bbd583", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42715", "type": "seen", "source": "https://t.me/HacktivistOfGarudaOfficial/787", "content": "CVE-2022-42715\nCross Site Scripting / JavaScript Overlay\n####\nLive Target :\nhttps://kepustakaan-presiden.perpusnas.go.id/\n\nExploitation On Target Using XSS Vulnerabilities \nType Bug : Critical\n#HappyHacking", "creation_timestamp": "2022-10-13T16:43:33.000000Z"}, {"uuid": "3bcaae53-f024-4bdd-977f-4285b06d8f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42715", "type": "seen", "source": "https://t.me/HacktivistOfGarudaOfficial/241", "content": "CVE-2022-42715\nCross Site Scripting / JavaScript Overlay\n####\nLive Target :\nhttps://kepustakaan-presiden.perpusnas.go.id/\n\nExploitation On Target Using XSS Vulnerabilities \nType Bug : Critical\n#HappyHacking", "creation_timestamp": "2022-10-13T16:43:33.000000Z"}, {"uuid": "51689cf9-4d65-4b7c-be80-58354b036b27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42716", "type": "seen", "source": "https://t.me/cibsecurity/54357", "content": "\u203c CVE-2022-42716 \u203c\n\nAn issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r4p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40P0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T02:19:57.000000Z"}, {"uuid": "8283c6ef-1fe6-46e2-83c7-2a12da8fb59b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4271", "type": "seen", "source": "https://t.me/cibsecurity/53805", "content": "\u203c CVE-2022-4271 \u203c\n\nCross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-02T18:37:05.000000Z"}, {"uuid": "11de98eb-1f05-45a1-bd4c-61d2b76b6ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42719", "type": "seen", "source": "https://t.me/cibsecurity/51365", "content": "\u203c CVE-2022-42719 \u203c\n\nA use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T02:28:07.000000Z"}, {"uuid": "fccc4218-271d-4e35-8b50-e90e152a3c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42715", "type": "seen", "source": "https://t.me/cibsecurity/51261", "content": "\u203c CVE-2022-42715 \u203c\n\nA reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T16:26:41.000000Z"}, {"uuid": "320a5588-2fa4-48fe-a54c-1badf7eaa8d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42717", "type": "seen", "source": "https://t.me/cibsecurity/51238", "content": "\u203c CVE-2022-42717 \u203c\n\nAn issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T02:26:34.000000Z"}, {"uuid": "398e04c5-96b7-4079-b8f7-222a407f2811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42710", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6816", "content": "CVE-2022\u201342710: A journey through XXE to Stored-XSS\n\nhttps://omar0x01.medium.com/cve-2022-42710-a-journey-through-xxe-to-stored-xss-851d74dfe917", "creation_timestamp": "2022-12-17T10:25:34.000000Z"}]}