{"vulnerability": "cve-2022-3251", "sightings": [{"uuid": "5e53fb46-c913-41e4-a53a-d9b1af4f6074", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32512", "type": "seen", "source": "https://t.me/cibsecurity/57186", "content": "\u203c CVE-2022-32512 \u203c\n\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:42:55.000000Z"}, {"uuid": "743f1e95-ffd6-4bd7-b6d8-efa5fcd55774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32518", "type": "seen", "source": "https://t.me/cibsecurity/57185", "content": "\u203c CVE-2022-32520 \u203c\n\nA CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:42:54.000000Z"}, {"uuid": "db908518-df4c-48e3-b84e-e9186c35f6d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32519", "type": "seen", "source": "https://t.me/cibsecurity/57180", "content": "\u203c CVE-2022-32519 \u203c\n\nA CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:42:49.000000Z"}, {"uuid": "d9db4490-0c00-4bb8-a447-55108851155f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32517", "type": "seen", "source": "https://t.me/cibsecurity/57178", "content": "\u203c CVE-2022-32517 \u203c\n\nA CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext\u00e2\u201e\u00a2 ComBox (All Versions)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:42:46.000000Z"}, {"uuid": "765eb9be-86b8-4b74-8d00-e456bcf807dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3251", "type": "seen", "source": "https://t.me/cibsecurity/50215", "content": "\u203c CVE-2022-3251 \u203c\n\nSensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T20:41:27.000000Z"}, {"uuid": "fad52f30-6445-4380-b200-bb707ddf4e76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32511", "type": "seen", "source": "https://t.me/cibsecurity/43901", "content": "\u203c CVE-2022-32511 \u203c\n\njmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-07T02:30:22.000000Z"}, {"uuid": "2bd3fc06-5420-4ff6-a57c-847adc222316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32511", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3lzzeuxkcgj2c", "content": "", "creation_timestamp": "2025-09-30T01:31:31.327406Z"}, {"uuid": "f44bef82-f29b-4252-b5a8-58bfb7378a33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32514", "type": "seen", "source": "https://t.me/cibsecurity/57197", "content": "\u203c CVE-2022-32514 \u203c\n\nA CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:50:43.000000Z"}, {"uuid": "c1e70c23-cb3e-4b86-b4bd-4acbc8f332fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32515", "type": "seen", "source": "https://t.me/cibsecurity/57190", "content": "\u203c CVE-2022-32515 \u203c\n\nA CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext\u00e2\u201e\u00a2 ComBox (All Versions)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:42:59.000000Z"}, {"uuid": "1636da9d-1b53-4fea-8633-2887de06bd06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32516", "type": "seen", "source": "https://t.me/cibsecurity/57174", "content": "\u203c CVE-2022-32516 \u203c\n\nA CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system\u00e2\u20ac\u2122s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext\u00e2\u201e\u00a2 ComBox (All Versions)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:42:42.000000Z"}, {"uuid": "5dc11c65-d14f-47db-922c-4edca428b679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-32513", "type": "seen", "source": "https://t.me/cibsecurity/57173", "content": "\u203c CVE-2022-32513 \u203c\n\nA CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:42:41.000000Z"}]}