{"vulnerability": "CVE-2022-3933", "sightings": [{"uuid": "914f613b-f3d7-4d7c-ba0d-a5bd4a19af6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39333", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12877", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39333\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2022-11-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T16:00:06.854Z\n\ud83d\udd17 References:\n1. https://github.com/nextcloud/desktop/pull/4972\n2. https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8\n3. https://hackerone.com/reports/1711847", "creation_timestamp": "2025-04-22T16:03:15.000000Z"}, {"uuid": "b512d204-0944-40e3-92ed-7af8f96ee12b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39337", "type": "seen", "source": "https://t.me/ctinow/158459", "content": "https://ift.tt/UCpPAxj\nCVE-2022-39337", "creation_timestamp": "2023-12-22T16:23:34.000000Z"}, {"uuid": "1169e8e1-b06e-463d-bf2c-a8deaa95c6c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39334", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12878", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39334\n\ud83d\udd25 CVSS Score: 3.9 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server.\n\ud83d\udccf Published: 2022-11-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T15:59:53.227Z\n\ud83d\udd17 References:\n1. https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv\n2. https://github.com/nextcloud/desktop/issues/4927\n3. https://github.com/nextcloud/desktop/pull/5022\n4. https://hackerone.com/reports/1699740", "creation_timestamp": "2025-04-22T16:03:16.000000Z"}, {"uuid": "8dea8045-0a4e-4e59-aee8-ab7ba50a15c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-39337", "type": "seen", "source": "https://bsky.app/profile/nerq-ai.bsky.social/post/3mhkj4mcsy32p", "content": "", "creation_timestamp": "2026-03-21T07:30:04.853363Z"}, {"uuid": "d91d4194-84fa-4ed4-b58c-86f6ca27e45c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39332", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12875", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39332\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2022-11-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T16:00:19.395Z\n\ud83d\udd17 References:\n1. https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p\n2. https://github.com/nextcloud/desktop/pull/4972\n3. https://hackerone.com/reports/1707977", "creation_timestamp": "2025-04-22T16:03:13.000000Z"}, {"uuid": "ba9caf1b-c5ce-408d-8092-c4ca37305c17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39337", "type": "seen", "source": "https://t.me/ctinow/162082", "content": "https://ift.tt/W5rytUd\nCVE-2022-39337 Exploit", "creation_timestamp": "2024-01-02T23:16:47.000000Z"}, {"uuid": "cd924c8d-c57a-4f75-beba-1c93f8ca1de3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39330", "type": "seen", "source": "https://t.me/cibsecurity/52154", "content": "\u203c CVE-2022-39330 \u203c\n\nNextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-27T18:28:23.000000Z"}]}