{"vulnerability": "CVE-2022-2822", "sightings": [{"uuid": "afaf9be3-e648-4180-a4d4-2764d415d727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28228", "type": "seen", "source": "https://t.me/cibsecurity/55265", "content": "\u203c CVE-2022-28228 \u203c\n\nOut-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T05:09:57.000000Z"}, {"uuid": "76a0a982-740d-4949-a93e-e0c14b661b67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28229", "type": "seen", "source": "https://t.me/cibsecurity/55266", "content": "\u203c CVE-2022-28229 \u203c\n\nThe hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-24T00:14:48.000000Z"}, {"uuid": "dc7cb68c-7cf5-4fb6-ba32-383fd651ed11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28220", "type": "seen", "source": "https://t.me/cibsecurity/49441", "content": "\u203c CVE-2022-28220 \u203c\n\nApache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-08T12:15:00.000000Z"}, {"uuid": "fc379963-fe1a-489d-9dd2-ac4f0250edf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2822", "type": "seen", "source": "https://t.me/cibsecurity/48133", "content": "\u203c CVE-2022-2822 \u203c\n\nAn attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T14:37:46.000000Z"}, {"uuid": "7c3a8726-ff3d-41c7-815f-e07e29e8cd81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28224", "type": "seen", "source": "https://t.me/cibsecurity/43876", "content": "\u203c CVE-2022-28224 \u203c\n\nClusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-06T22:30:16.000000Z"}, {"uuid": "7b476a8d-c287-41dc-93f9-449d76617151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28223", "type": "seen", "source": "https://t.me/cibsecurity/39869", "content": "\u203c CVE-2022-28223 \u203c\n\nTekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T22:17:33.000000Z"}]}