{"vulnerability": "cve-2022-2118", "sightings": [{"uuid": "12de3a45-f49f-4f5b-be89-c26772f72678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21181", "type": "seen", "source": "https://t.me/cibsecurity/48385", "content": "\u203c CVE-2022-21181 \u203c\n\nImproper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T00:16:44.000000Z"}, {"uuid": "8e19804b-41c5-4233-b6e0-cf3b20d1c778", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21186", "type": "seen", "source": "https://t.me/cibsecurity/47597", "content": "\u203c CVE-2022-21186 \u203c\n\nThe package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-05T12:20:23.000000Z"}, {"uuid": "b0cda3c2-07b9-459e-9bce-14a99c662681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21184", "type": "seen", "source": "https://t.me/cibsecurity/44753", "content": "\u203c CVE-2022-21184 \u203c\n\nAn information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-17T22:23:00.000000Z"}, {"uuid": "897ef28f-3117-42dc-a774-2eeea57fbbfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2118", "type": "seen", "source": "https://t.me/cibsecurity/46388", "content": "\u203c CVE-2022-2118 \u203c\n\nThe 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-17T14:27:45.000000Z"}, {"uuid": "46b015be-d48c-4ab7-8ca0-0187ea784504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21182", "type": "seen", "source": "https://t.me/cibsecurity/42497", "content": "\u203c CVE-2022-21182 \u203c\n\nA privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T20:35:58.000000Z"}, {"uuid": "3fa17efb-98bc-4ac0-98e3-bbb17ab2125d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21187", "type": "seen", "source": "https://t.me/cibsecurity/38900", "content": "\u203c CVE-2022-21187 \u203c\n\nThe package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-14T21:18:21.000000Z"}]}