{"vulnerability": "CVE-2022-2268", "sightings": [{"uuid": "ba98c06c-7b3c-4871-b511-3a1e48da7b30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22682", "type": "seen", "source": "https://t.me/cibsecurity/45958", "content": "\u203c CVE-2022-22682 \u203c\n\nImproper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T12:19:55.000000Z"}, {"uuid": "efd78297-50cc-4a2d-b373-ba996e601766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22683", "type": "seen", "source": "https://t.me/cibsecurity/47188", "content": "\u203c CVE-2022-22683 \u203c\n\nBuffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T12:18:34.000000Z"}, {"uuid": "82f9f812-9634-4a98-8806-b5618143fbfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2268", "type": "seen", "source": "https://t.me/cibsecurity/45565", "content": "\u203c CVE-2022-2268 \u203c\n\nThe Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-04T16:12:36.000000Z"}, {"uuid": "8afc2000-16dc-4273-975b-817bef222fef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22686", "type": "seen", "source": "https://t.me/cibsecurity/46968", "content": "\u203c CVE-2022-22686 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-26T07:34:29.000000Z"}, {"uuid": "5aa6cf7b-96e2-4dc2-8846-defba475f96a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22681", "type": "seen", "source": "https://t.me/cibsecurity/45624", "content": "\u203c CVE-2022-22681 \u203c\n\nSession fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T12:14:09.000000Z"}, {"uuid": "fb169690-3b75-4cc4-b093-08d1c5f9e1e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22685", "type": "seen", "source": "https://t.me/cibsecurity/47186", "content": "\u203c CVE-2022-22685 \u203c\n\nImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T12:18:32.000000Z"}, {"uuid": "07c61657-9f42-488d-b8b1-95ee8da2a706", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22684", "type": "seen", "source": "https://t.me/cibsecurity/47182", "content": "\u203c CVE-2022-22684 \u203c\n\nImproper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote attackers to execute arbitrary commands via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T12:18:27.000000Z"}, {"uuid": "af0b86ef-c36f-47ed-83c9-1275c806a781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22688", "type": "seen", "source": "https://t.me/cibsecurity/39527", "content": "\u203c CVE-2022-22688 \u203c\n\nImproper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T11:30:28.000000Z"}, {"uuid": "f578acf3-abfa-4765-870a-879563607476", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22687", "type": "seen", "source": "https://t.me/cibsecurity/39526", "content": "\u203c CVE-2022-22687 \u203c\n\nBuffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T11:30:26.000000Z"}, {"uuid": "b2c422e0-d6d5-4db0-833e-cf51353f9eac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22689", "type": "seen", "source": "https://t.me/cibsecurity/36910", "content": "\u203c CVE-2022-22689 \u203c\n\nCA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-05T02:45:31.000000Z"}]}