{"vulnerability": "cve-2022-4290", "sightings": [{"uuid": "803930d0-f133-48b6-9e34-6a1e656c50ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42904", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14043", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42904\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.\n\ud83d\udccf Published: 2022-11-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T13:58:03.828Z\n\ud83d\udd17 References:\n1. https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2022-42904.html", "creation_timestamp": "2025-04-30T14:13:11.000000Z"}, {"uuid": "e27fe0ad-ebff-4eb0-ba69-70126e4c5273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42902", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16524", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42902\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.\n\ud83d\udccf Published: 2022-10-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-15T16:20:39.096Z\n\ud83d\udd17 References:\n1. https://git.lavasoftware.org/lava/lava/-/merge_requests/1834\n2. https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834\n3. https://www.debian.org/security/2022/dsa-5260\n4. https://lists.debian.org/debian-lts-announce/2022/11/msg00019.html", "creation_timestamp": "2025-05-15T16:35:18.000000Z"}, {"uuid": "8e58087b-9241-4afd-91f5-d86447b6eeef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42906", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16527", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42906\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. NOTE: this is similar to CVE-2022-20001.\n\ud83d\udccf Published: 2022-10-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-15T16:14:22.051Z\n\ud83d\udd17 References:\n1. https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45\n2. https://github.com/jaspernbrouwer/powerline-gitstatus/releases/tag/v1.3.2\n3. https://lists.debian.org/debian-lts-announce/2023/01/msg00017.html", "creation_timestamp": "2025-05-15T16:35:21.000000Z"}, {"uuid": "2d258dde-6e12-4cf2-b72b-bf8ff221fba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42909", "type": "seen", "source": "https://t.me/cibsecurity/57504", "content": "\u203c CVE-2022-42909 \u203c\n\nWEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don\u00c2\u00b4t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T22:20:52.000000Z"}, {"uuid": "57b32230-48b5-4a9d-aa94-930c080ca7c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42905", "type": "seen", "source": "https://t.me/arpsyndicate/3026", "content": "#ExploitObserverAlert\n\nCVE-2022-42905\n\nDESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-42905. In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)\n\nFIRST-EPSS: 0.001410000\nNVD-IS: 5.2\nNVD-ES: 3.9", "creation_timestamp": "2024-01-26T18:07:14.000000Z"}, {"uuid": "31dc6bc2-6b2f-4234-8ef9-e5a1e995a752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42905", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/3521", "content": "\u0412 \u0431\u043b\u043e\u0433\u0435 Trail of Bits \u0432\u044b\u0448\u043b\u0430 \u0441\u0442\u0430\u0442\u044c\u044f \"Keeping the wolves out of wolfSSL\". \u0422\u0430\u043a \u043a\u0430\u043a \u0443 \u043c\u0435\u043d\u044f \u0431\u044b\u043b \u0443\u0436\u0435 \u043d\u0430 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d \u043f\u043e\u0441\u0442 \u043e \u0444\u0430\u0437\u0437\u0435\u0440\u0430\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0442\u043e \u0434\u0443\u043c\u0430\u043b \u0437\u0430\u043a\u0438\u043d\u0443\u0442\u044c \u0441\u0442\u0430\u0442\u044c\u044e \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \"Someday\", \u043d\u043e \u0447\u0442\u043e-\u0442\u043e \u043f\u043e\u0432\u0435\u043b\u0435\u043b\u043e \u043c\u043d\u0435 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0435\u0451...\n\n\u041f\u043e \u0441\u0443\u0442\u0438 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043e \u043d\u043e\u0432\u043e\u043c \u0444\u0430\u0437\u0437\u0435\u0440\u0435 tlspuffin \u043d\u0430 \u043c\u043e\u0434\u043d\u043e\u043c Rust. \u041d\u043e \u043e\u043d \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0438 \u0435\u0433\u043e \u0446\u0435\u043b\u0438 \u044d\u0442\u043e \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b. tlspuffin \u0431\u0430\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043c\u043e\u0434\u0435\u043b\u0438 \u0443\u0433\u0440\u043e\u0437 \u0414\u043e\u043b\u0435\u0432\u0430-\u042f\u043e \u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d \u043f\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u0430\u043c LibAFL (\u043d\u0430 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 tlspuffin). \u0414\u0430, \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0442 ProVerif \u0438 Tamarin, \u043d\u043e \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0439 \u0444\u0430\u0437\u0437\u0435\u0440 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0439\u0442\u0438 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0431\u0430\u0433\u0438 \u043f\u0440\u0438 \u0441\u043b\u043e\u0436\u043d\u043e \u0443\u043b\u043e\u0432\u0438\u043c\u044b\u0445 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f\u0445\n\n\u0414\u043b\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0442\u0435\u0441\u0442\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043f\u0435\u0440\u0435\u043d\u0430\u0448\u0451\u043b, \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0435 Trail of Bits \u0440\u0430\u043d\u0435\u0435, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-25640 and CVE-2022-25638 \u0432 wolfSSL, \u0430 \u0437\u0430\u0442\u0435\u043c \u0441\u043c\u043e\u0433 \u043d\u0430\u0439\u0442\u0438 \u043d\u043e\u0432\u044b\u0435 (\u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0444\u0430\u0437\u0437\u0438\u043d\u0433\u0430 \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c \u0437\u0430\u043d\u044f\u043b \u043e\u043a\u043e\u043b\u043e \u0447\u0430\u0441\u0430 \u043d\u0430 \u043a\u0430\u0436\u0434\u0443\u044e \u0438\u0437 \u043d\u0438\u0445):\n\n- DOSC (Denial of service against clients): CVE-2022-38153\n- DOSS (Denial of service against servers): CVE-2022-38152\n- BUF: CVE-2022-39173\n- HEAP: CVE-2022-42905\n\n\u041a\u0430\u043a \u043f\u0438\u0448\u0435\u0442 \u0430\u0432\u0442\u043e\u0440, \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u0435\u0440\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0431\u0430\u0433\u0438 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0431\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u043e\u043a\u043e\u043b\u043e 30 \u0440\u0430\u0437\u043d\u044b\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439. \u041d\u043e \u044d\u0442\u043e\u0433\u043e \u043d\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c, \u0442\u0430\u043a \u043a\u0430\u043a tlspuffin \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043e\u0441\u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0435 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0438 \u0437\u0430\u0442\u0435\u043c \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 GDB. \u041f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u0431\u0430\u0433\u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043d\u0435\u043a\u043e\u0435\u0433\u043e \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u0449\u0435\u0433\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u043c\u0435\u0436\u0434\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c\u0438, \u0447\u0442\u043e \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f \u0442\u0430\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438.\n\n\u0418\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 tlspuffin \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0445\u043e\u0442\u044f \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u0442\u044c \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438. \u041a \u043f\u0440\u0438\u043c\u0435\u0440\u0443, \u0443 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0443\u0448\u043b\u043e 5-6 \u043d\u0435\u0434\u0435\u043b\u044c \u043d\u0430 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 SSH, \u043d\u043e \u0434\u043e\u0431\u0430\u0432\u0438\u0432 \u043e\u0434\u0438\u043d \u0440\u0430\u0437 \u044d\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043f\u0435\u0440\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c. \u0422\u0430\u043a tlspuffin \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0445 \u043d\u0430\u0431\u043e\u0440\u043e\u0432, \u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0440\u0435\u0433\u0440\u0435\u0441\u0441\u0438\u043e\u043d\u043d\u044b\u0435 \u0442\u0435\u0441\u0442\u044b. \u0422\u043e \u0435\u0441\u0442\u044c \u043f\u043e \u0441\u0443\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c TLS-Attacker\n\n\u041a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0430\u0432\u0442\u043e\u0440\u044b \u0432 \u0437\u0430\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438, TLS \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b, \u044d\u0442\u043e \u0442\u0430 \u043f\u043e\u0432\u0441\u0435\u0434\u043d\u0435\u0432\u043d\u0430\u044f \u0438 \u043f\u043e\u0432\u0441\u0435\u043c\u0435\u0441\u0442\u043d\u0430\u044f \u0432\u0435\u0449\u044c, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u044b \"\u0434\u043e\u0432\u0435\u0440\u044f\u0435\u043c\" \u0438 \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0435\u0451 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u0430\u0436\u043d\u0430\u044f \u0432\u0435\u0449\u044c", "creation_timestamp": "2023-01-17T10:37:08.000000Z"}, {"uuid": "64b4d56c-706f-4d18-b26a-0e1efff54ae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42908", "type": "seen", "source": "https://t.me/cibsecurity/57502", "content": "\u203c CVE-2022-42908 \u203c\n\nWEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T22:20:50.000000Z"}, {"uuid": "87752c65-16f4-45da-9f37-68c4904c6d09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42905", "type": "seen", "source": "https://t.me/cibsecurity/52577", "content": "\u203c CVE-2022-42905 \u203c\n\nIn wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T02:33:44.000000Z"}, {"uuid": "74d5ead1-154e-4047-9788-5fb6fdabb9ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42904", "type": "seen", "source": "https://t.me/cibsecurity/53192", "content": "\u203c CVE-2022-42904 \u203c\n\nZoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T00:29:51.000000Z"}, {"uuid": "495a8bef-40b4-4871-ba18-219a23759607", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42903", "type": "seen", "source": "https://t.me/cibsecurity/53106", "content": "\u203c CVE-2022-42903 \u203c\n\nZoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-18T00:17:56.000000Z"}, {"uuid": "954ed9ab-461a-4c4e-9467-c6b019545ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42901", "type": "seen", "source": "https://t.me/cibsecurity/51299", "content": "\u203c CVE-2022-42901 \u203c\n\nBentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T07:27:18.000000Z"}, {"uuid": "772e0300-dcf1-40fb-88cf-aa38c9ab4630", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42902", "type": "seen", "source": "https://t.me/cibsecurity/51307", "content": "\u203c CVE-2022-42902 \u203c\n\nIn Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T07:27:28.000000Z"}, {"uuid": "48d58395-66bf-4666-ad44-1027fba2b687", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42906", "type": "seen", "source": "https://t.me/cibsecurity/51304", "content": "\u203c CVE-2022-42906 \u203c\n\npowerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. NOTE: this is similar to CVE-2022-20001.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T07:27:25.000000Z"}, {"uuid": "cc3ac212-c28c-44fd-b400-534fe919ad40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42900", "type": "seen", "source": "https://t.me/cibsecurity/51303", "content": "\u203c CVE-2022-42900 \u203c\n\nBentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T07:27:21.000000Z"}]}