{"vulnerability": "CVE-2022-2194", "sightings": [{"uuid": "f8b284e1-2bcb-4875-880d-1235fb99ffe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21948", "type": "seen", "source": "https://t.me/cibsecurity/57648", "content": "\u203c CVE-2022-21948 \u203c\n\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T14:23:24.000000Z"}, {"uuid": "ed5a9f29-f6c9-4481-ad9f-5a97f468a097", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2194", "type": "seen", "source": "https://t.me/cibsecurity/46392", "content": "\u203c CVE-2022-2194 \u203c\n\nThe Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-17T14:27:50.000000Z"}, {"uuid": "077d35a9-e3e0-4d78-a6d3-9e3b25e18f0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21949", "type": "seen", "source": "https://t.me/cibsecurity/41792", "content": "\u203c CVE-2022-21949 \u203c\n\nA Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T12:28:32.000000Z"}, {"uuid": "50f8fedb-4812-4f85-9ba2-0dc4f6da8721", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21940", "type": "seen", "source": "https://t.me/cibsecurity/57905", "content": "\u203c CVE-2022-21940 \u203c\n\nSensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-10T16:57:49.000000Z"}, {"uuid": "8fd58627-5ada-41f8-86e2-45b32280e35e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21941", "type": "seen", "source": "https://t.me/cibsecurity/49129", "content": "\u203c CVE-2022-21941 \u203c\n\nAll versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that could allow an unauthenticated user root access to the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T20:37:23.000000Z"}, {"uuid": "3929d63e-7c9e-4789-a253-afdde17c5dcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21947", "type": "seen", "source": "https://t.me/cibsecurity/39982", "content": "\u203c CVE-2022-21947 \u203c\n\nA Improper Access Control vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-01T12:19:23.000000Z"}, {"uuid": "feb8e844-2fb0-40ec-919b-081493c6a497", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21945", "type": "seen", "source": "https://t.me/cibsecurity/39017", "content": "\u203c CVE-2022-21945 \u203c\n\nA Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T13:20:23.000000Z"}, {"uuid": "27efa5de-5028-43eb-a37b-b0fd67694f54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21946", "type": "seen", "source": "https://t.me/cibsecurity/39016", "content": "\u203c CVE-2022-21946 \u203c\n\nA Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T13:20:21.000000Z"}]}