{"vulnerability": "cve-2022-4318", "sightings": [{"uuid": "28362c50-2963-4d7d-be2d-6d9064066313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4318", "type": "seen", "source": "https://t.me/cibsecurity/71015", "content": "\u203c CVE-2022-4318 \u203c\n\nA vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-26T00:34:28.000000Z"}, {"uuid": "ad881a64-59d9-46e4-9fa4-8d8ca11b68cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43183", "type": "seen", "source": "https://t.me/cibsecurity/53115", "content": "\u203c CVE-2022-43183 \u203c\n\nXXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-18T00:18:07.000000Z"}, {"uuid": "3a628ce0-0c30-4fa2-8d5b-88ac41d1a7ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43184", "type": "seen", "source": "https://t.me/cibsecurity/51781", "content": "\u203c CVE-2022-43184 \u203c\n\nD-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T18:15:17.000000Z"}, {"uuid": "87e280e2-ecee-461e-b2e6-2d40e03300e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43185", "type": "seen", "source": "https://t.me/cibsecurity/51785", "content": "\u203c CVE-2022-43185 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T18:15:25.000000Z"}]}