{"vulnerability": "cve-2022-4065", "sightings": [{"uuid": "4e634723-3697-4c25-b359-bc60741d5f54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40654", "type": "seen", "source": "https://t.me/cibsecurity/49836", "content": "\u203c CVE-2022-40654 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18351.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T20:27:43.000000Z"}, {"uuid": "a734856c-963f-457c-b3ca-3253e8a711c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4065", "type": "seen", "source": "https://t.me/cibsecurity/53204", "content": "\u203c CVE-2022-4065 \u203c\n\nA vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-214027.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T22:30:25.000000Z"}, {"uuid": "82a746e5-5232-4ad6-ae2c-b6325c223ec9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40655", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10217", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40655\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15071.\n\ud83d\udccf Published: 2022-09-15T15:26:31.000Z\n\ud83d\udccf Modified: 2025-04-03T14:24:35.663Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-22-1211/", "creation_timestamp": "2025-04-03T14:35:01.000000Z"}, {"uuid": "c2bb001b-7c95-4cb7-b51d-f92a951399f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40657", "type": "seen", "source": "https://t.me/cibsecurity/49839", "content": "\u203c CVE-2022-40657 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. Crafted data in a PSD file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15073.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T20:27:46.000000Z"}, {"uuid": "e9f0d7a3-d83a-48e2-8aa3-658a403b97d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40650", "type": "seen", "source": "https://t.me/cibsecurity/49849", "content": "\u203c CVE-2022-40650 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17838.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T20:28:02.000000Z"}, {"uuid": "27fd361e-ecd1-4432-ab83-e143d0f3300a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4065", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrsq24het2u", "content": "", "creation_timestamp": "2025-08-19T21:02:28.801979Z"}]}