{"vulnerability": "CVE-2022-2782", "sightings": [{"uuid": "5dc05562-889d-4494-9aee-555b6a19cbe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27824", "type": "exploited", "source": "https://t.me/BleepingComputer/13033", "content": "Latest news and stories from BleepingComputer.com\nHackers are actively exploiting password-stealing flaw in Zimbra\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) has added the Zimbra CVE-2022-27824 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by hackers. [...]", "creation_timestamp": "2022-08-05T21:46:39.000000Z"}, {"uuid": "0ce1ec73-c754-4fc7-8e73-bf23726ffb64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2782", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15388", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2782\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.\n\ud83d\udccf Published: 2022-10-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-07T18:54:06.675Z\n\ud83d\udd17 References:\n1. https://advisories.octopus.com/post/2022/sa2022-21/", "creation_timestamp": "2025-05-07T19:22:24.000000Z"}, {"uuid": "a42edc97-3a35-4d41-b205-b945736a39b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27824", "type": "seen", "source": "https://t.me/cibsecurity/40547", "content": "\u203c CVE-2022-27824 \u203c\n\nImproper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T00:26:04.000000Z"}, {"uuid": "dc59f542-9ada-4ac0-882d-a7d820d9f40d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27822", "type": "seen", "source": "https://t.me/cibsecurity/40568", "content": "\u203c CVE-2022-27822 \u203c\n\nInformation exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T00:31:21.000000Z"}, {"uuid": "a5668194-ebab-46dc-beea-cb62ec067ab9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27821", "type": "seen", "source": "https://t.me/cibsecurity/40555", "content": "\u203c CVE-2022-27821 \u203c\n\nImproper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T00:29:56.000000Z"}, {"uuid": "4b576389-e6a4-4196-9e5b-d9eaa562cc7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27828", "type": "seen", "source": "https://t.me/cibsecurity/40521", "content": "\u203c CVE-2022-27828 \u203c\n\nImproper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T00:22:15.000000Z"}, {"uuid": "930e6819-d5af-42bf-b60f-5c479f205ebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2782", "type": "seen", "source": "https://t.me/cibsecurity/52145", "content": "\u203c CVE-2022-2782 \u203c\n\nIn affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-07T02:41:35.000000Z"}, {"uuid": "7a8443bf-19ca-40fd-aab5-2705e0455eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27824", "type": "exploited", "source": "https://t.me/BleepingComputer/13028", "content": "Hackers are actively exploiting password-stealing flaw in Zimbra\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) has added the Zimbra CVE-2022-27824 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by hackers. [...]\n\nhttps://www.bleepingcomputer.com/news/security/hackers-are-actively-exploiting-password-stealing-flaw-in-zimbra/", "creation_timestamp": "2022-08-06T00:34:29.000000Z"}]}