{"vulnerability": "cve-2022-2534", "sightings": [{"uuid": "54e6e327-2743-4ea1-b747-5d3d58328817", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25345", "type": "seen", "source": "https://t.me/cibsecurity/44765", "content": "\u203c CVE-2022-25345 \u203c\n\nAll versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-18T00:23:20.000000Z"}, {"uuid": "513910e3-c00f-4206-aaeb-0fe030ca47c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25342", "type": "seen", "source": "https://t.me/cibsecurity/41169", "content": "\u203c CVE-2022-25342 \u203c\n\nAn issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, it allows a potential attacker to view pages that are not allowed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T16:25:17.000000Z"}, {"uuid": "932f64cb-d399-466d-b44b-d0193e87235c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25343", "type": "seen", "source": "https://t.me/cibsecurity/41168", "content": "\u203c CVE-2022-25343 \u203c\n\nAn issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the service provided by the Web Application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T16:25:15.000000Z"}, {"uuid": "cc25c4fe-dee1-4e44-b2e0-f6301c09e8dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25344", "type": "seen", "source": "https://t.me/cibsecurity/41167", "content": "\u203c CVE-2022-25344 \u203c\n\nAn XSS issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is then reflected back to the end user and executed by the web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T16:25:14.000000Z"}, {"uuid": "60119e5d-d7a9-4965-88c7-1145b1d60be8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25347", "type": "seen", "source": "https://t.me/cibsecurity/39757", "content": "\u203c CVE-2022-25347 \u203c\n\nDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T20:11:30.000000Z"}, {"uuid": "4ebf5f44-0efc-4199-8a60-80db0a600fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25348", "type": "seen", "source": "https://t.me/cibsecurity/39905", "content": "\u203c CVE-2022-25348 \u203c\n\nUntrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-31T12:18:30.000000Z"}]}