{"vulnerability": "CVE-2022-2963", "sightings": [{"uuid": "3bf6dd70-c94a-4e0c-8311-8c841e0caf0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2963", "type": "seen", "source": "https://t.me/cibsecurity/51489", "content": "\u203c CVE-2022-2963 \u203c\n\nA vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T22:29:10.000000Z"}, {"uuid": "89841297-0c52-4821-b021-4f5b6457a9fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29638", "type": "seen", "source": "https://t.me/cibsecurity/42896", "content": "\u203c CVE-2022-29638 \u203c\n\nTOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T16:28:32.000000Z"}, {"uuid": "dd379690-752c-48f4-a2b4-05544de8212f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29631", "type": "seen", "source": "https://t.me/cibsecurity/43894", "content": "\u203c CVE-2022-29631 \u203c\n\nJodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-07T00:30:19.000000Z"}, {"uuid": "6f6ab01c-e279-4dd4-805b-3338c95efef9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29632", "type": "seen", "source": "https://t.me/cibsecurity/43456", "content": "\u203c CVE-2022-29632 \u203c\n\nAn arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-27T00:14:38.000000Z"}, {"uuid": "7fa795eb-5df9-417f-a4da-f81134fcc31a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29639", "type": "seen", "source": "https://t.me/cibsecurity/42902", "content": "\u203c CVE-2022-29639 \u203c\n\nTOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T16:28:39.000000Z"}, {"uuid": "a6f7b525-78e4-43ef-a94d-274063e324ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29633", "type": "seen", "source": "https://t.me/cibsecurity/43448", "content": "\u203c CVE-2022-29633 \u203c\n\nAn access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-27T00:14:28.000000Z"}]}