{"vulnerability": "CVE-2022-2685", "sightings": [{"uuid": "6293e5d0-aa37-4fd8-a98e-00bb20a3e539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26857", "type": "seen", "source": "https://t.me/cibsecurity/43417", "content": "\u203c CVE-2022-26857 \u203c\n\nDell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-26T20:14:33.000000Z"}, {"uuid": "a733043b-9ea5-4760-ab74-ba2fa2f4044b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26850", "type": "seen", "source": "https://t.me/arpsyndicate/3228", "content": "#ExploitObserverAlert\n\nCVE-2022-26850\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-26850. When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.\n\nFIRST-EPSS: 0.000460000\nNVD-IS: 1.4\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T06:12:42.000000Z"}, {"uuid": "bc8abe61-9e86-489b-80a3-d1db7615ca24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26858", "type": "seen", "source": "https://t.me/cibsecurity/49389", "content": "\u203c CVE-2022-26858 \u203c\n\nDell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-07T00:13:40.000000Z"}, {"uuid": "f1591dae-e36e-40cd-8edb-d9b46a22ebed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26859", "type": "seen", "source": "https://t.me/cibsecurity/49384", "content": "\u203c CVE-2022-26859 \u203c\n\nDell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-07T00:13:36.000000Z"}, {"uuid": "3fb2a86c-4999-4ef1-84b5-15859ea99661", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26850", "type": "seen", "source": "https://t.me/cibsecurity/40255", "content": "\u203c CVE-2022-26850 \u203c\n\nWhen creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-06T22:30:33.000000Z"}, {"uuid": "e721dacc-100e-4418-a340-6b03ff36e309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26854", "type": "seen", "source": "https://t.me/cibsecurity/40424", "content": "\u203c CVE-2022-26854 \u203c\n\nDell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-09T00:13:41.000000Z"}, {"uuid": "2114d342-f66d-4c3d-86ea-eda8e7637727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26851", "type": "seen", "source": "https://t.me/cibsecurity/40414", "content": "\u203c CVE-2022-26851 \u203c\n\nDell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-09T00:13:26.000000Z"}, {"uuid": "d57da9f9-2845-4068-b55b-bdfa3e4e76b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26855", "type": "seen", "source": "https://t.me/cibsecurity/40422", "content": "\u203c CVE-2022-26855 \u203c\n\nDell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-09T10:21:48.000000Z"}, {"uuid": "be2fdc92-631e-4e03-b083-ff001e3b0049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26852", "type": "seen", "source": "https://t.me/cibsecurity/40416", "content": "\u203c CVE-2022-26852 \u203c\n\nDell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-09T00:13:28.000000Z"}]}