{"vulnerability": "cve-2022-2182", "sightings": [{"uuid": "0e8b3195-66db-4070-a263-5e8a7f31b764", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2182", "type": "seen", "source": "https://t.me/cibsecurity/45048", "content": "\u203c CVE-2022-2182 \u203c\n\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T22:36:02.000000Z"}, {"uuid": "641797be-1a66-4b18-8621-f58d10820f1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21826", "type": "seen", "source": "https://t.me/cibsecurity/50786", "content": "\u203c CVE-2022-21826 \u203c\n\nPulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-30T20:36:26.000000Z"}, {"uuid": "c68c0545-288e-4328-bbb6-2ad1bdadb488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21825", "type": "seen", "source": "https://t.me/cibsecurity/37182", "content": "\u203c CVE-2022-21825 \u203c\n\nAn Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T02:23:30.000000Z"}, {"uuid": "46ecb502-a900-4fbf-972b-b4d5e0e7b9d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21822", "type": "seen", "source": "https://t.me/cibsecurity/39175", "content": "\u203c CVE-2022-21822 \u203c\n\nNVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-17T23:26:49.000000Z"}, {"uuid": "a2168a33-b7f9-40fd-a9dd-eb59d6c79db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21829", "type": "seen", "source": "https://t.me/cibsecurity/45088", "content": "\u203c CVE-2022-21829 \u203c\n\nConcrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing \u00e2\u20ac\u02dcconcrete_secure\u00e2\u20ac\u2122 instead of \u00e2\u20ac\u02dcconcrete\u00e2\u20ac\u2122. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-24T18:31:07.000000Z"}, {"uuid": "0f67bb87-79e4-4731-9c9e-533859284ca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21820", "type": "seen", "source": "https://t.me/cibsecurity/39499", "content": "\u203c CVE-2022-21820 \u203c\n\nNVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-24T19:29:42.000000Z"}, {"uuid": "e5b83db5-9c3d-4083-8430-c8f4e1767910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21828", "type": "seen", "source": "https://t.me/cibsecurity/38446", "content": "\u203c CVE-2022-21828 \u203c\n\nA user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T20:30:11.000000Z"}, {"uuid": "8fd79ed8-caf3-4c98-8ade-e068235a1df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21821", "type": "seen", "source": "https://t.me/cibsecurity/39778", "content": "\u203c CVE-2022-21821 \u203c\n\nNVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T00:11:34.000000Z"}]}