{"vulnerability": "CVE-2022-3525", "sightings": [{"uuid": "40cb79d8-fd3a-45dd-a785-7d66bb6c2c62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35252", "type": "seen", "source": "https://daniel.haxx.se/blog/2024/12/12/a-twenty-five-years-old-curl-bug/", "content": "", "creation_timestamp": "2024-12-12T08:18:34.000000Z"}, {"uuid": "f85697f2-c1f3-4bc7-bfea-ba05bd373d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35256", "type": "seen", "source": "https://t.me/ctinow/67061", "content": "HTTP request smuggling vulnerability in Node.js (CVE-2022-35256)\n\nhttps://ift.tt/DqcajPB", "creation_timestamp": "2022-10-04T06:02:24.000000Z"}, {"uuid": "7014d961-3456-4a23-8018-95b8febabb22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35256", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1296", "content": "CVE-2022-35256: HTTP Request Smuggling in NodeJS https://feed.prelude.org/p/cve-2022-35256", "creation_timestamp": "2022-10-26T17:44:59.000000Z"}, {"uuid": "8dd2e8ac-3fa9-44e5-b0c0-8f536bf3e276", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3525", "type": "seen", "source": "https://t.me/cibsecurity/53206", "content": "\u203c CVE-2022-3525 \u203c\n\nDeserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-20T07:30:53.000000Z"}, {"uuid": "a3f129bb-c2f7-4134-b721-4af6cdb4e01b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35250", "type": "seen", "source": "https://t.me/cibsecurity/50375", "content": "\u203c CVE-2022-35250 \u203c\n\nA privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:13:49.000000Z"}, {"uuid": "332de588-6ff9-4efb-840b-393c4636d23e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35253", "type": "seen", "source": "https://t.me/cibsecurity/50344", "content": "\u203c CVE-2022-35253 \u203c\n\nA vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:19:37.000000Z"}, {"uuid": "29a62045-06bd-44b9-83da-c52ee9cb502b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35257", "type": "seen", "source": "https://t.me/cibsecurity/50343", "content": "\u203c CVE-2022-35257 \u203c\n\nA local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:19:36.000000Z"}, {"uuid": "6c0b320a-e71e-437b-bd23-060b6ebdf4cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35252", "type": "seen", "source": "https://t.me/cibsecurity/50340", "content": "\u203c CVE-2022-35252 \u203c\n\nWhen curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:19:32.000000Z"}, {"uuid": "9877c383-d5d3-467c-9bd6-5e291fa673a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35255", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13985", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-35255\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.\n\ud83d\udccf Published: 2022-12-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T05:48:45.486Z\n\ud83d\udd17 References:\n1. https://hackerone.com/reports/1690000\n2. https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\n3. https://security.netapp.com/advisory/ntap-20230113-0002/\n4. https://www.debian.org/security/2023/dsa-5326", "creation_timestamp": "2025-04-30T06:14:19.000000Z"}, {"uuid": "3a1fe92b-ca63-4400-afc8-3d5f59b4c877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35258", "type": "seen", "source": "https://t.me/cibsecurity/54028", "content": "\u203c CVE-2022-35258 \u203c\n\nAn unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:17.000000Z"}, {"uuid": "82318b10-140a-4920-a8a6-9dbfaf4c9abc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35254", "type": "seen", "source": "https://t.me/cibsecurity/54026", "content": "\u203c CVE-2022-35254 \u203c\n\nAn unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:12.000000Z"}]}