{"vulnerability": "CVE-2022-2469", "sightings": [{"uuid": "210757c9-dd49-44ec-b0e2-e2045743b019", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24697", "type": "seen", "source": "https://t.me/cibsecurity/55559", "content": "\u203c CVE-2022-43396 \u203c\n\nIn the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-30T14:14:11.000000Z"}, {"uuid": "bdfe3553-7011-4463-9842-b0dbb2c376e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24697", "type": "seen", "source": "https://t.me/cibsecurity/51315", "content": "\u203c CVE-2022-24697 \u203c\n\nKylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of \u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u201c-- conf=\u00c3\u00a2\u00e2\u201a\u00ac? to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T16:27:39.000000Z"}, {"uuid": "5c9b1f8f-bee7-46ba-8f10-9638e4ba04d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24691", "type": "seen", "source": "https://t.me/cibsecurity/46440", "content": "\u203c CVE-2022-24691 \u203c\n\nAn issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T16:36:24.000000Z"}, {"uuid": "a2670da7-6b0f-40ba-9c23-4c2604466f3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24690", "type": "seen", "source": "https://t.me/cibsecurity/46442", "content": "\u203c CVE-2022-24690 \u203c\n\nAn issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. (An unauthenticated attacker can discover the endpoint by abusing a Broken Access Control issue with further SQL injection attacks to gather all user's badge numbers and PIN codes.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T16:36:26.000000Z"}, {"uuid": "5cd64d14-6369-4b68-a3a7-6681898b17c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24692", "type": "seen", "source": "https://t.me/cibsecurity/46437", "content": "\u203c CVE-2022-24692 \u203c\n\nAn issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code delivery, with the final goal of achieving client-side code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-20T05:16:33.000000Z"}, {"uuid": "9353f6a5-eb38-44d9-94ec-db8f7cdaa9c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24693", "type": "seen", "source": "https://t.me/cibsecurity/39790", "content": "\u203c CVE-2022-24693 \u203c\n\nBaicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T07:11:59.000000Z"}, {"uuid": "98f5e823-11fb-4d39-bb57-55b2ae25ff9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24694", "type": "seen", "source": "https://t.me/cibsecurity/37045", "content": "\u203c CVE-2022-24694 \u203c\n\nIn Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T07:12:30.000000Z"}, {"uuid": "101fa031-6e50-47d1-b1da-e50dd255c435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-2469", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mioufnqhuk22", "content": "", "creation_timestamp": "2026-04-04T18:27:52.469605Z"}, {"uuid": "7b48df3d-7394-4b95-9d6b-97486b56fe13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2469", "type": "seen", "source": "https://t.me/cibsecurity/46569", "content": "\u203c CVE-2022-2469 \u203c\n\nGNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T20:41:02.000000Z"}]}