{"vulnerability": "cve-2022-4066", "sightings": [{"uuid": "09a1dfa3-01dc-4ab1-9233-e309d105a0ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40663", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/545", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40663\n\ud83d\udd39 Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15697.\n\ud83d\udccf Published: 2022-09-15T15:26:38\n\ud83d\udccf Modified: 2025-01-07T19:02:22.686Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-22-1219/", "creation_timestamp": "2025-01-07T19:40:11.000000Z"}, {"uuid": "8ea46714-d2cf-4f33-8839-6fd4d149b13a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40662", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14063", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40662\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15351.\n\ud83d\udccf Published: 2022-09-15T15:26:37.000Z\n\ud83d\udccf Modified: 2025-04-30T15:01:53.815Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-22-1218/", "creation_timestamp": "2025-04-30T15:13:49.000000Z"}, {"uuid": "6b49c84c-c64f-42ed-9fdf-75b2ffa90580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4066", "type": "seen", "source": "https://t.me/cibsecurity/53203", "content": "\u203c CVE-2022-4066 \u203c\n\nA vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c28024fd8393ebc27b8442a161. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-214028.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T22:30:24.000000Z"}, {"uuid": "002b22ad-912a-44fd-8964-075f3b3af92f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40663", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13898", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40663\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15697.\n\ud83d\udccf Published: 2022-09-15T15:26:38.000Z\n\ud83d\udccf Modified: 2025-04-29T18:38:35.378Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-22-1219/", "creation_timestamp": "2025-04-29T19:12:26.000000Z"}, {"uuid": "b1e7ac82-f7f7-4994-bb1c-f5e07af0dd9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40664", "type": "seen", "source": "https://t.me/arpsyndicate/3230", "content": "#ExploitObserverAlert\n\nCVE-2022-40664\n\nDESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2022-40664. Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.\n\nFIRST-EPSS: 0.013150000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-28T06:18:40.000000Z"}, {"uuid": "11a5801c-d12c-4fe1-bb5a-cff4d28adb8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40664", "type": "seen", "source": "https://t.me/cibsecurity/51254", "content": "\u203c CVE-2022-40664 \u203c\n\nApache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T12:37:45.000000Z"}, {"uuid": "99a81a11-aaab-4867-90a6-881099db0dd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40663", "type": "seen", "source": "https://t.me/cibsecurity/49835", "content": "\u203c CVE-2022-40663 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15697.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T20:27:42.000000Z"}, {"uuid": "fa84fc31-1ee9-4684-b023-5da0496f2091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40660", "type": "seen", "source": "https://t.me/cibsecurity/49838", "content": "\u203c CVE-2022-40660 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15135.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T20:27:45.000000Z"}, {"uuid": "f2bfbf54-3517-4cf5-b4a6-5e6f7da6b17b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-40661", "type": "seen", "source": "https://t.me/cibsecurity/49846", "content": "\u203c CVE-2022-40661 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15134.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T20:27:59.000000Z"}]}