{"vulnerability": "cve-2022-2374", "sightings": [{"uuid": "d036252b-e044-4e81-9edb-c11cb5893fc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23748", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113958093669259699", "content": "", "creation_timestamp": "2025-02-06T17:21:54.038523Z"}, {"uuid": "56dca119-163a-466d-87c7-75f41e14b985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23748", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lhjve3pi2k2t", "content": "", "creation_timestamp": "2025-02-06T20:10:11.597486Z"}, {"uuid": "517e1381-929c-4a9d-a107-4fd287a430f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23748", "type": "seen", "source": "https://bsky.app/profile/aakl.bsky.social/post/3lhjnigysgc2b", "content": "", "creation_timestamp": "2025-02-06T17:49:28.150193Z"}, {"uuid": "91339a4e-264d-4824-94b4-d96dcd2a1160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23748", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lhjvfakwak2t", "content": "", "creation_timestamp": "2025-02-06T20:10:50.505289Z"}, {"uuid": "f2f20953-d274-4a68-be8c-3ae93b32e8eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23748", "type": "seen", "source": "https://bsky.app/profile/aakl.bsky.social/post/3lhjnigysgd2b", "content": "", "creation_timestamp": "2025-02-06T17:49:29.298893Z"}, {"uuid": "0ec713d7-d1fb-4c2b-8f50-7bdcd1380c2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23748", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lhjpbek6bm25", "content": "", "creation_timestamp": "2025-02-06T18:21:14.837740Z"}, {"uuid": "90bd4edf-65a4-43d4-94d6-db8415f5b3db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23748", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/3282375", "content": "", "creation_timestamp": "2025-02-06T18:36:07.258194Z"}, {"uuid": "6b8745cd-8f2c-4ea4-addd-3e4a133d2320", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23748", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-06T21:10:03.000000Z"}, {"uuid": "ef6808f7-b34b-485d-9f6e-321c53cf98ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23746", "type": "seen", "source": "https://t.me/cibsecurity/53735", "content": "\u203c CVE-2022-23746 \u203c\n\nThe IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T22:29:47.000000Z"}, {"uuid": "dde8a2e5-7592-47d4-85dc-b7cf86b43bb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-23748", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/418bec9f-15f5-4538-9002-36683e159d0d", "content": "", "creation_timestamp": "2026-02-02T12:26:15.026664Z"}, {"uuid": "8ada09ca-65c2-4e5c-8e1b-38422e167d08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23740", "type": "seen", "source": "https://t.me/cibsecurity/53442", "content": "\u203c CVE-2022-23740 \u203c\n\nCRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T20:13:55.000000Z"}, {"uuid": "e338f7d0-811f-4742-881c-638db0aa3f7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23748", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:11:05.000000Z"}, {"uuid": "a8c4cec6-0d50-4249-86e8-39fcb14ee81a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23740", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13693", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23740\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T14:18:58.847Z\n\ud83d\udd17 References:\n1. https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1", "creation_timestamp": "2025-04-28T15:10:59.000000Z"}, {"uuid": "86a607d7-268b-4330-a1bf-8041f2079a47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23741", "type": "seen", "source": "https://t.me/cibsecurity/54553", "content": "\u203c CVE-2022-23741 \u203c\n\nAn incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T22:22:55.000000Z"}, {"uuid": "d4ad894b-f7b4-46fb-9b01-29541d95b07e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23744", "type": "seen", "source": "https://t.me/cibsecurity/45753", "content": "\u203c CVE-2022-23744 \u203c\n\nZoneAlarm Anti-Bad-Stuff before version 15.8.109.18436 allow an attacker to do really bad stuff when the user aims a light-saber to the ZoneAlarm UI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-07T20:18:20.000000Z"}, {"uuid": "1637e4be-4fdb-4912-9085-da36bfd49ea8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2374", "type": "seen", "source": "https://t.me/cibsecurity/49007", "content": "\u203c CVE-2022-2374 \u203c\n\nThe Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-29T22:34:30.000000Z"}, {"uuid": "4c64a48f-89b3-452f-ab4e-384ba85bc1fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23748", "type": "seen", "source": "https://t.me/cibsecurity/53122", "content": "\u203c CVE-2022-23748 \u203c\n\nmDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-18T02:18:05.000000Z"}, {"uuid": "807340a0-848f-462e-bef7-d5d55f892db7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23747", "type": "seen", "source": "https://t.me/cibsecurity/48307", "content": "\u203c CVE-2022-23747 \u203c\n\nIn Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T00:40:48.000000Z"}, {"uuid": "700f1dbb-e3e9-4b43-b6b2-0f1873823bfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23742", "type": "seen", "source": "https://t.me/cibsecurity/42569", "content": "\u203c CVE-2022-23742 \u203c\n\nCheck Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-13T00:42:35.000000Z"}, {"uuid": "55e06909-19b3-4308-90ac-edd9b8cfdc48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23745", "type": "seen", "source": "https://t.me/cibsecurity/46474", "content": "\u203c CVE-2022-23745 \u203c\n\nA potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T20:39:47.000000Z"}]}