{"vulnerability": "cve-2022-4141", "sightings": [{"uuid": "0c58c16a-e378-4bc7-98c1-51430a5a0e69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41412", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lkr3elzhsd2s", "content": "", "creation_timestamp": "2025-03-19T21:02:01.349845Z"}, {"uuid": "5fded0b9-3ddf-4b53-9e72-2dff35f38dae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41415", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15605", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41415\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable.\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-08T20:20:49.818Z\n\ud83d\udd17 References:\n1. http://acer.com\n2. http://altos.com\n3. https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-41415/CVE-2022-41415.md", "creation_timestamp": "2025-05-08T20:23:45.000000Z"}, {"uuid": "62ee3ae7-ddbd-4d54-92df-8f517370654e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41412", "type": "seen", "source": "https://t.me/arpsyndicate/4344", "content": "#ExploitObserverAlert\n\nPD/http/cves/2022/CVE-2022-41412\n\nDESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to PD/http/cves/2022/CVE-2022-41412. An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.", "creation_timestamp": "2024-04-06T18:31:05.000000Z"}, {"uuid": "f418ad61-c867-426f-8b20-166acc8ba4f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41417", "type": "seen", "source": "https://t.me/cibsecurity/56666", "content": "\u203c CVE-2022-41417 \u203c\n\nBlogEngine.NET v3.3.8.0 allows an attacker to create any folder with \"files\" prefix under ~/App_Data/.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T16:21:03.000000Z"}, {"uuid": "09ee190a-b4d8-477e-ad4a-407408e8cdf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41412", "type": "seen", "source": "https://t.me/cibsecurity/53696", "content": "\u203c CVE-2022-41412 \u203c\n\nAn issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T07:29:24.000000Z"}, {"uuid": "7c90ea41-6494-4b26-8dc5-a0abd962c1f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41413", "type": "seen", "source": "https://t.me/cibsecurity/53694", "content": "\u203c CVE-2022-41413 \u203c\n\nperfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T07:29:22.000000Z"}, {"uuid": "affa2acd-3800-4d83-bcdc-fa148227e83f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4141", "type": "seen", "source": "https://t.me/cibsecurity/53494", "content": "\u203c CVE-2022-4141 \u203c\n\nThe target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T16:15:20.000000Z"}, {"uuid": "1b1b0a7d-101b-47b0-9480-7450e4808d75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41418", "type": "seen", "source": "https://t.me/cibsecurity/54915", "content": "\u203c CVE-2022-41418 \u203c\n\nAn issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T22:24:53.000000Z"}, {"uuid": "f945daef-be81-42ec-a392-2c2445a27203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41416", "type": "seen", "source": "https://t.me/cibsecurity/51515", "content": "\u203c CVE-2022-41416 \u203c\n\nOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-15T00:29:23.000000Z"}, {"uuid": "6afd39fc-f0e7-4e18-861f-eae2116df755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41414", "type": "seen", "source": "https://t.me/cibsecurity/51008", "content": "\u203c CVE-2022-41414 \u203c\n\nAn insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T22:17:39.000000Z"}]}