{"vulnerability": "CVE-2022-4344", "sightings": [{"uuid": "dc519dd1-6f1e-402a-9261-40882cc66cb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43449", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14573", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43449\n\ud83d\udd25 CVSS Score: 6.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.\n\ud83d\udccf Published: 2022-11-03T19:15:14.052Z\n\ud83d\udccf Modified: 2025-05-02T18:49:44.928Z\n\ud83d\udd17 References:\n1. https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md", "creation_timestamp": "2025-05-02T19:16:22.000000Z"}, {"uuid": "fddc2ebf-9ac7-4331-ac58-ec4b01ff6f3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4344", "type": "seen", "source": "https://t.me/cibsecurity/56402", "content": "\u203c CVE-2022-4344 \u203c\n\nMemory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-12T02:29:37.000000Z"}, {"uuid": "009fe0a8-b759-40fc-a67f-62f181a4ce75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43447", "type": "seen", "source": "https://t.me/cibsecurity/53129", "content": "\u203c CVE-2022-43447 \u203c\n\nSQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-18T02:18:15.000000Z"}, {"uuid": "b18679ca-7cba-4204-a404-13aa86524407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43449", "type": "seen", "source": "https://t.me/cibsecurity/52547", "content": "\u203c CVE-2022-43449 \u203c\n\nOpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-04T01:28:22.000000Z"}]}