{"vulnerability": "cve-2022-3229", "sightings": [{"uuid": "f03a046e-87ce-465b-bddc-605b8dbd62c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32292", "type": "seen", "source": "https://t.me/cibsecurity/47495", "content": "\u203c CVE-2022-32292 \u203c\n\nIn ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T18:18:50.000000Z"}, {"uuid": "8e703edc-cb65-4de1-bec8-5acecab853d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32290", "type": "seen", "source": "https://t.me/cibsecurity/45636", "content": "\u203c CVE-2022-32290 \u203c\n\nThe client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device's client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn't represent a direct threat, because it doesn't expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:38.000000Z"}, {"uuid": "bf4506b1-0a80-4524-a3ef-9a45b1d6aa08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32293", "type": "seen", "source": "https://t.me/cibsecurity/47489", "content": "\u203c CVE-2022-32293 \u203c\n\nIn ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T18:18:40.000000Z"}, {"uuid": "fbee4836-05e3-48f5-a3bd-5e105eff9c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32299", "type": "seen", "source": "https://t.me/cibsecurity/44551", "content": "\u203c CVE-2022-32299 \u203c\n\nYoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T20:20:40.000000Z"}, {"uuid": "f22bf580-e2cf-4a6f-b74b-1fdbe17e51f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3229", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "abff7854-2a8d-4e8c-b482-02e63d9673bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3229", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:46.000000Z"}, {"uuid": "8b704293-c2e1-45b6-8943-166031bdeeb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32294", "type": "seen", "source": "https://t.me/cibsecurity/45886", "content": "\u203c CVE-2022-32294 \u203c\n\nZimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the \"zmprove ca\" command). It is visible in cleartext on port UDP 514 (aka the syslog port).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-11T07:20:19.000000Z"}, {"uuid": "3f96f431-bc6b-480a-a1be-c9c4b890cf19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3229", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/unified_remote_rce.rb", "content": "", "creation_timestamp": "2022-09-21T12:32:25.000000Z"}, {"uuid": "52cd73bf-afdf-493c-8c8a-a4fea436229a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3229", "type": "seen", "source": "https://t.me/cibsecurity/57635", "content": "\u203c CVE-2022-3229 \u203c\n\nBecause the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T02:28:29.000000Z"}]}