{"vulnerability": "cve-2022-4504", "sightings": [{"uuid": "a44270c9-a402-4270-b89b-a34445d83865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45044", "type": "seen", "source": "https://t.me/ctinow/205602", "content": "https://ift.tt/MKHBxas\nCVE-2022-45044", "creation_timestamp": "2024-03-12T12:32:15.000000Z"}, {"uuid": "1660b475-899a-420c-b23d-3df98faab227", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45047", "type": "seen", "source": "https://t.me/ctinow/186441", "content": "https://ift.tt/LbfiYzB\nCVE-2022-45047 Apache MINA SSHD Vulnerability in NetApp Products", "creation_timestamp": "2024-02-16T15:31:45.000000Z"}, {"uuid": "b941edb4-5de7-436f-928b-c0ab2ff78d5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45048", "type": "seen", "source": "https://t.me/cibsecurity/63353", "content": "\u203c CVE-2022-45048 \u203c\n\nAuthenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.\u00c2\u00a0This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-05T12:24:14.000000Z"}, {"uuid": "306b8410-47b4-4d6f-8fde-5738b03c6c5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45043", "type": "seen", "source": "https://t.me/cibsecurity/54325", "content": "\u203c CVE-2022-45043 \u203c\n\nTenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T18:20:54.000000Z"}, {"uuid": "8e0a625e-5e30-4edd-b0b8-fc7ea73d82ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45045", "type": "exploited", "source": "https://t.me/cibsecurity/53750", "content": "\u203c CVE-2022-45045 \u203c\n\nMultiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-01T07:30:40.000000Z"}, {"uuid": "a7ef4f53-d822-47df-8b4c-cfb7494d3cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45040", "type": "seen", "source": "https://t.me/cibsecurity/53498", "content": "\u203c CVE-2022-45040 \u203c\n\nA cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T18:15:28.000000Z"}, {"uuid": "07de58ad-f124-4c0f-b54b-bd59bb21c775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45046", "type": "seen", "source": "https://t.me/cibsecurity/53970", "content": "\u203c CVE-2022-45046 \u203c\n\nThe camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-05T16:39:53.000000Z"}, {"uuid": "aa5fb3c7-4b9a-4680-b511-fd5dd1e81871", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45047", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "2df9c320-b526-4300-81b0-1ba0390670d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4504", "type": "seen", "source": "https://t.me/cibsecurity/54592", "content": "\u203c CVE-2022-4504 \u203c\n\nImproper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T07:23:12.000000Z"}, {"uuid": "067dc025-e27e-4e32-a0b7-0fb534c309b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45049", "type": "seen", "source": "https://t.me/cibsecurity/55915", "content": "\u203c CVE-2022-45049 \u203c\n\nA reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T22:18:17.000000Z"}, {"uuid": "09e92b66-73fd-41ad-8c79-ca13f88da085", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45044", "type": "seen", "source": "https://t.me/ctinow/205589", "content": "https://ift.tt/MKHBxas\nCVE-2022-45044", "creation_timestamp": "2024-03-12T12:26:19.000000Z"}, {"uuid": "926c63e1-a2b6-4c99-b4aa-fc9531e7cdf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45047", "type": "seen", "source": "https://t.me/cibsecurity/53051", "content": "\u203c CVE-2022-45047 \u203c\n\nClass org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T15:58:44.000000Z"}, {"uuid": "4fbc8302-8890-48dd-b705-1b86e3d2905f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45041", "type": "seen", "source": "https://t.me/cibsecurity/54929", "content": "\u203c CVE-2022-45041 \u203c\n\nSQL Injection exits in xinhu < 2.5.0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T00:10:41.000000Z"}]}