{"vulnerability": "CVE-2022-2989", "sightings": [{"uuid": "e9be5651-e46d-4bfb-a9bf-fc0ddf23ea02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29894", "type": "seen", "source": "https://t.me/cibsecurity/44249", "content": "\u203c CVE-2022-29894 \u203c\n\nStrapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T12:17:44.000000Z"}, {"uuid": "f70ee51c-19a1-4e08-b1e7-7093d817c43c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2989", "type": "seen", "source": "https://t.me/cibsecurity/49645", "content": "\u203c CVE-2022-2989 \u203c\n\nAn incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T18:25:27.000000Z"}, {"uuid": "386d042f-6f46-4ea4-902d-ff6fb93e7cc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29891", "type": "seen", "source": "https://t.me/cibsecurity/48331", "content": "\u203c CVE-2022-29891 \u203c\n\nBrowse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T12:41:15.000000Z"}, {"uuid": "87bf9bb4-cd8e-41ed-8611-8e0dae82b00f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29890", "type": "seen", "source": "https://t.me/cibsecurity/46292", "content": "\u203c CVE-2022-29890 \u203c\n\nIn affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-15T12:34:16.000000Z"}, {"uuid": "0364058e-5893-43b9-83b0-d497d7a25d01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29897", "type": "seen", "source": "https://t.me/cibsecurity/42370", "content": "\u203c CVE-2022-29897 \u203c\n\nOn various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T18:35:47.000000Z"}, {"uuid": "273d4fb7-f323-4c45-86e4-0f01260e91d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29898", "type": "seen", "source": "https://t.me/cibsecurity/42360", "content": "\u203c CVE-2022-29898 \u203c\n\nOn various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T18:35:36.000000Z"}, {"uuid": "6dfc55c1-11d3-4899-ab65-b50d3a778d64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29893", "type": "seen", "source": "https://t.me/cibsecurity/52919", "content": "\u203c CVE-2022-29893 \u203c\n\nImproper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:52:14.000000Z"}]}