{"vulnerability": "cve-2022-3399", "sightings": [{"uuid": "0bf12b25-5076-4498-83a3-bd1bb13eeca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33993", "type": "seen", "source": "https://t.me/cibsecurity/48159", "content": "\u203c CVE-2022-33993 \u203c\n\nMisinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T16:37:55.000000Z"}, {"uuid": "43938395-d9d3-4401-9698-a69018bd52a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33992", "type": "seen", "source": "https://t.me/cibsecurity/48153", "content": "\u203c CVE-2022-33992 \u203c\n\nDNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T16:37:46.000000Z"}, {"uuid": "b0e72ccc-05dc-4e6d-b595-1812cd290a3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33991", "type": "seen", "source": "https://t.me/cibsecurity/48157", "content": "\u203c CVE-2022-33991 \u203c\n\ndproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T16:37:53.000000Z"}, {"uuid": "724904cc-f90b-4258-87af-30bb99bdb638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33990", "type": "seen", "source": "https://t.me/cibsecurity/48152", "content": "\u203c CVE-2022-33990 \u203c\n\nMisinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T16:37:46.000000Z"}, {"uuid": "c2e7f483-58fb-4fbd-8240-3ee0dfc5ea0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33996", "type": "seen", "source": "https://t.me/cibsecurity/45737", "content": "\u203c CVE-2022-33996 \u203c\n\nIncorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-07T16:15:27.000000Z"}, {"uuid": "c1c760a6-f65c-41f5-9b06-b7c4018390ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33995", "type": "seen", "source": "https://t.me/cibsecurity/44908", "content": "\u203c CVE-2022-33995 \u203c\n\nA path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-21T18:27:56.000000Z"}, {"uuid": "95e425e5-32b5-4dde-9932-41b2612b9a1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3399", "type": "seen", "source": "https://t.me/cvedetector/3321", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-3399 - WordPress Cookie Notice & Compliance for GDPR/CCPA Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-3399 \nPublished : Aug. 16, 2024, 3:15 a.m. | 39\u00a0minutes ago \nDescription : The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-16T06:11:57.000000Z"}]}