{"vulnerability": "cve-2022-4587", "sightings": [{"uuid": "3f966231-5df5-4804-9b0a-3ade4f9e14e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45878", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqbejkja2m2o", "content": "", "creation_timestamp": "2025-05-28T23:34:25.098938Z"}, {"uuid": "ed30b885-8100-47d3-a004-41a2568292af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2022-45872", "type": "seen", "source": "https://gist.github.com/sdushantha/3f8e4a07b8a74e37d0819e0cbaf5816b", "content": "", "creation_timestamp": "2025-09-22T12:42:57.000000Z"}, {"uuid": "e670f66b-97c6-4fe9-9a9e-c55484548232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45873", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13506", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45873\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T18:19:52.554Z\n\ud83d\udd17 References:\n1. https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437\n2. https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553\n3. https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/", "creation_timestamp": "2025-04-25T19:07:31.000000Z"}, {"uuid": "eb3b2645-618d-4a6c-b9fb-b28af5300b9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45872", "type": "seen", "source": "https://gist.github.com/jquast/4abdbbadb353ff3f6ed6ebd95d12fbf9", "content": "", "creation_timestamp": "2026-03-31T07:16:01.000000Z"}, {"uuid": "041648b9-cdf7-4505-9b97-4ea64776e571", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45875", "type": "seen", "source": "https://t.me/arpsyndicate/577", "content": "#ExploitObserverAlert\n\nCVE-2022-45875\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-45875. Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability.  This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.\n\nFIRST-EPSS: 0.001250000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-25T06:59:46.000000Z"}, {"uuid": "41e9e368-f5a1-4329-8f5e-79d15236eedd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45875", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10241", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45875\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability.  This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.\nThis attack can be performed only by authenticated users which can login to DS.\n\ud83d\udccf Published: 2023-01-04T14:57:45.334Z\n\ud83d\udccf Modified: 2025-04-03T15:27:57.287Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r\n2. http://www.openwall.com/lists/oss-security/2023/11/22/2", "creation_timestamp": "2025-04-03T15:34:49.000000Z"}, {"uuid": "1a80beb3-923d-476c-aaac-9e876bed149c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45872", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13505", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45872\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: iTerm2 before 3.4.18 mishandles a DECRQSS response.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T18:22:30.427Z\n\ud83d\udd17 References:\n1. https://iterm2.com/downloads.html", "creation_timestamp": "2025-04-25T19:07:27.000000Z"}, {"uuid": "426f2320-aa25-4ead-9287-56a69f179a14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45875", "type": "seen", "source": "https://t.me/cibsecurity/55896", "content": "\u203c CVE-2022-45875 \u203c\n\nImproper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T18:18:18.000000Z"}, {"uuid": "7e19296f-cce1-46fa-9d6c-61f3e38f7caf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45876", "type": "seen", "source": "https://t.me/cibsecurity/62951", "content": "\u203c CVE-2022-45876 \u203c\n\nVersions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T02:26:06.000000Z"}, {"uuid": "d14e0d45-c118-4870-ad62-7828d00a7805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45874", "type": "seen", "source": "https://t.me/cibsecurity/55506", "content": "\u203c CVE-2022-45874 \u203c\n\nHuawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit could allow the attacker to access certain file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T20:12:36.000000Z"}, {"uuid": "2bd20e95-dca9-4147-9c68-c5d4f7330fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45872", "type": "seen", "source": "https://t.me/cultofwire/1098", "content": "ANSI Terminal security in 2023 and finding 10 CVEs.\n\n\u041a\u0440\u0443\u0442\u043e\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0442 \u0414\u044d\u0432\u0438\u0434\u0430 \u041b\u0438\u0434\u0431\u0435\u0439\u0442\u0430 \u043f\u043e \u043f\u043e\u0438\u0441\u043a\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430\u0445 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u043e\u0432 \u0441 \u0430\u043a\u0446\u0435\u043d\u0442\u043e\u043c \u043d\u0430 \u041f\u041e \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u043a\u043e\u0434\u043e\u043c. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e 10 CVE \u0434\u043b\u044f \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u043e\u0432 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 (Remote Code Execution, RCE), \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438.\n\n\u041c\u0435\u043d\u0435\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0437\u0434\u0435\u0441\u044c: \nThe Terminal Escapes: Engineering unexpected execution from command line interfaces\n\n\u041d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0435 CVE \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430\u0445 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u0430:\n- CVE-2022-45872 - iTerm2 DECRQSS\n- CVE-2022-44702 - Windows Terminal + WSL working directory\n- CVE-2022-47583 - mintty DECRQSS\n- CVE-2022-45063 - xterm OSC 50\n- CVE-2022-46387 - ConEmu Title\n- CVE-2023-39150 - ConEmu Title Take 2\n- CVE-2022-4170  - rxvt-unicode background\n- CVE-2022-23465 - SwiftTerm DECRQSS\n- CVE-2022-46663 - less OSC 8\n- CVE-2023-39726 - mintty OSC 50\n- CVE-2023-40359 - xterm ReGIS\n- CVE-2023-40216 - OpenBSD wscons parameter overflow", "creation_timestamp": "2023-11-08T13:02:31.000000Z"}, {"uuid": "3ac8881f-009c-48fa-87e4-1c279cc7cd01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45872", "type": "seen", "source": "https://t.me/cibsecurity/53463", "content": "\u203c CVE-2022-45872 \u203c\n\niTerm2 before 3.4.18 mishandles a DECRQSS response.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-24T00:14:11.000000Z"}, {"uuid": "a86bb678-8cc4-4917-b029-6c7ca68088b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4587", "type": "seen", "source": "https://t.me/cibsecurity/54801", "content": "\u203c CVE-2022-4587 \u203c\n\nA vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3. This issue affects some unknown processing of the file htdocs/templates2/ocstyle/login.tpl of the component Login Page. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3296ebd61e7fe49e93b5755d5d7766d6e94a7667. It is recommended to apply a patch to fix this issue. The identifier VDB-216173 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-17T16:30:38.000000Z"}]}