{"vulnerability": "CVE-2022-2419", "sightings": [{"uuid": "f8f5ffd8-6c94-47da-b39f-2a3400fae917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24196", "type": "seen", "source": "https://t.me/cibsecurity/36659", "content": "\u203c CVE-2022-24196 \u203c\n\niText v7.1.17 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-01T22:26:46.000000Z"}, {"uuid": "b8743524-2440-4e1d-82c3-69cd9afac842", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24198", "type": "seen", "source": "https://t.me/cibsecurity/36658", "content": "\u203c CVE-2022-24198 \u203c\n\niText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-01T22:26:45.000000Z"}, {"uuid": "b65efa05-27e8-47d3-88c9-8a58fb42ae25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24193", "type": "seen", "source": "https://t.me/cibsecurity/38661", "content": "\u203c CVE-2022-24193 \u203c\n\nCasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:13:04.000000Z"}, {"uuid": "cf82c462-3b20-4c21-8fdb-a00d5b70c4b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2419", "type": "seen", "source": "https://t.me/cibsecurity/46289", "content": "\u203c CVE-2022-2419 \u203c\n\nA vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-15T12:34:13.000000Z"}, {"uuid": "5f418a37-d3d6-4bc0-af1e-d636f9840b4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24197", "type": "seen", "source": "https://t.me/cibsecurity/36663", "content": "\u203c CVE-2022-24197 \u203c\n\niText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-01T22:26:53.000000Z"}, {"uuid": "4b118d01-e678-4742-afc3-8f99c37f8d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24190", "type": "seen", "source": "https://t.me/cibsecurity/53609", "content": "\u203c CVE-2022-24190 \u203c\n\nThe /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T00:28:25.000000Z"}, {"uuid": "d38c4c94-34de-4593-9244-5b5b5c286e3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24191", "type": "seen", "source": "https://t.me/cibsecurity/40087", "content": "\u203c CVE-2022-24191 \u203c\n\nIn HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-04T14:27:39.000000Z"}]}