{"vulnerability": "CVE-2022-2677", "sightings": [{"uuid": "da6c0918-a910-45e2-9f8b-beeeb0beb240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26772", "type": "seen", "source": "https://t.me/cibsecurity/43453", "content": "\u203c CVE-2022-26772 \u203c\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-27T00:14:34.000000Z"}, {"uuid": "b2e31937-be26-4eee-a54e-add5752e7568", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26770", "type": "seen", "source": "https://t.me/cibsecurity/43452", "content": "\u203c CVE-2022-26770 \u203c\n\nAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-27T00:14:33.000000Z"}, {"uuid": "a9997831-bc43-4c4f-8d76-d9e46f931a0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26771", "type": "seen", "source": "https://t.me/cibsecurity/43450", "content": "\u203c CVE-2022-26771 \u203c\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-27T00:14:30.000000Z"}, {"uuid": "d7902000-0b73-44b9-b725-e5235c8e5da8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26777", "type": "seen", "source": "https://t.me/cibsecurity/40999", "content": "\u203c CVE-2022-26777 \u203c\n\nZoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T20:21:17.000000Z"}, {"uuid": "5cba6260-bdf7-4191-8b60-53fef0b74e22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26779", "type": "seen", "source": "https://t.me/cibsecurity/38952", "content": "\u203c CVE-2022-26779 \u203c\n\nApache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-15T19:19:47.000000Z"}]}