{"vulnerability": "CVE-2022-2848", "sightings": [{"uuid": "6891b731-4dab-47d9-b0c1-3b0c157ae88d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2848", "type": "seen", "source": "Telegram/PBjf0TkifZB9gs4JhfyMsOBEJktktcaOFxD5hxYU00AfkNNc", "content": "", "creation_timestamp": "2025-02-18T21:11:32.000000Z"}, {"uuid": "d52ef72c-ba25-46ed-97d5-6b47af3bcdd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2848", "type": "seen", "source": "https://t.me/cibsecurity/61100", "content": "\u203c CVE-2022-2848 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX V6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T22:28:48.000000Z"}, {"uuid": "412e91a1-952c-4c87-8a25-ad4f9b44288d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28487", "type": "seen", "source": "https://t.me/cibsecurity/41913", "content": "\u203c CVE-2022-28487 \u203c\n\nTcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T18:35:07.000000Z"}, {"uuid": "b787809f-5392-4c03-aafe-730a5f86b842", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28488", "type": "seen", "source": "https://t.me/cibsecurity/41919", "content": "\u203c CVE-2022-28488 \u203c\n\nThe function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T18:35:15.000000Z"}]}