{"vulnerability": "cve-2022-3639", "sightings": [{"uuid": "053ba57e-f936-4336-b159-2c7e2e308429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3639", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15323", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3639\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.\n\ud83d\udccf Published: 2022-10-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-07T14:53:08.897Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/366876\n2. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3639.json", "creation_timestamp": "2025-05-07T15:22:39.000000Z"}, {"uuid": "71da6c29-ffd0-423b-85c9-2bf31f2f03dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36399", "type": "seen", "source": "https://t.me/ctinow/170649", "content": "https://ift.tt/93oyWfJ\nCVE-2022-36399 | BoxyStudio Booked Plugin up to 2.4.3 on WordPress information disclosure", "creation_timestamp": "2024-01-20T15:17:13.000000Z"}, {"uuid": "f7a4f2fd-4d7f-441c-829d-5261b3cbd4c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36399", "type": "seen", "source": "https://t.me/ctinow/160241", "content": "https://ift.tt/OkMF6GU\nCVE-2022-36399", "creation_timestamp": "2023-12-28T23:26:35.000000Z"}, {"uuid": "9bf93535-f8c4-4fcc-ae0c-43d1a380a07b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36394", "type": "seen", "source": "https://t.me/cibsecurity/48609", "content": "\u203c CVE-2022-36394 \u203c\n\nAuthenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T22:27:07.000000Z"}, {"uuid": "6a902dee-74ed-479a-a566-e9c39aa6d408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36399", "type": "seen", "source": "https://t.me/arpsyndicate/2288", "content": "#ExploitObserverAlert\n\nCVE-2022-36399\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-36399. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4.", "creation_timestamp": "2023-12-31T03:46:14.000000Z"}, {"uuid": "2c4866b8-fdc3-4c37-9507-d283ffdf834c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36392", "type": "seen", "source": "https://t.me/cibsecurity/68278", "content": "\u203c CVE-2022-36392 \u203c\n\nImproper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-11T07:26:33.000000Z"}, {"uuid": "4251f2c3-d5ea-4255-a4fb-72e3d15c19f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36397", "type": "seen", "source": "https://t.me/cibsecurity/58403", "content": "\u203c CVE-2022-36397 \u203c\n\nIncorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-17T00:12:54.000000Z"}, {"uuid": "0e7d21ae-ff53-41f7-8980-f504137911b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36390", "type": "seen", "source": "https://t.me/cibsecurity/50240", "content": "\u203c CVE-2022-36390 \u203c\n\nAuthenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar \u00e2\u20ac\u201c Calendar plugin <= 1.4.6 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-22T00:41:17.000000Z"}, {"uuid": "f92e966d-20c9-475d-8965-5553c2e9f0b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3639", "type": "seen", "source": "https://t.me/cibsecurity/51925", "content": "\u203c CVE-2022-3639 \u203c\n\nA potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-21T20:22:42.000000Z"}]}