{"vulnerability": "cve-2022-4817", "sightings": [{"uuid": "5b89cd11-55a5-4756-9025-9480358b1daf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48174", "type": "seen", "source": "https://gist.github.com/Ant0wan/47ec3e4d21f0d679eabde1000c04eb92", "content": "", "creation_timestamp": "2025-04-21T18:16:35.000000Z"}, {"uuid": "4f5a1c00-9dc8-4fbb-bb86-4367de22b679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48174", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3maejvmc2ay2k", "content": "", "creation_timestamp": "2025-12-19T20:31:52.781222Z"}, {"uuid": "6b87ad07-bb7f-49c2-b8bb-aaf4fea90f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48174", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-06", "content": "", "creation_timestamp": "2026-02-12T11:00:00.000000Z"}, {"uuid": "444ea9f7-80a1-4fcf-a62a-ae1e01e78f73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4817", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11271", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4817\n\ud83d\udd25 CVSS Score: 3.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988.\n\ud83d\udccf Published: 2022-12-28T18:22:43.535Z\n\ud83d\udccf Modified: 2025-04-10T16:39:50.756Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.216988\n2. https://vuldb.com/?ctiid.216988\n3. https://github.com/centic9/jgit-cookbook/pull/86\n4. https://github.com/centic9/jgit-cookbook/commit/b8cb29b43dc704708d598c60ac1881db7cf8e9c3", "creation_timestamp": "2025-04-10T16:49:21.000000Z"}, {"uuid": "5389dbe4-51d5-404a-aa8c-6f0e3565280e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48174", "type": "seen", "source": "https://t.me/ctinow/180718", "content": "https://ift.tt/Dvtk189\nCVE-2022-48174 | Oracle Communications Cloud Native Core Network Function Cloud Native Environment OSO out-of-bounds write", "creation_timestamp": "2024-02-07T14:46:51.000000Z"}, {"uuid": "b41b5309-6b75-4504-9790-a5c82635292c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48178", "type": "seen", "source": "https://t.me/cibsecurity/62217", "content": "\u203c CVE-2022-48178 \u203c\n\nX2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T07:26:38.000000Z"}, {"uuid": "b902f559-a0e4-4302-8049-d6c0395ea9a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48177", "type": "seen", "source": "https://t.me/cibsecurity/62210", "content": "\u203c CVE-2022-48177 \u203c\n\nX2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T07:26:28.000000Z"}, {"uuid": "89e235c3-6e46-4fb2-b1cf-9345a9a0158e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48176", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9351", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48176\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.\n\ud83d\udccf Published: 2023-01-30T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T14:12:40.732Z\n\ud83d\udd17 References:\n1. https://www.netgear.com/about/security/\n2. https://hdwsec.fr/blog/20221109-netgear/\n3. https://kb.netgear.com/000065242/Security-Advisory-for-Pre-authentication-Stack-Overflow-on-some-Routers-and-Nighthawk-WiFi-Mesh-Systems-PSV-2022-0146", "creation_timestamp": "2025-03-28T14:27:34.000000Z"}, {"uuid": "d462f723-8cb1-4e54-b859-38f9f912223f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48175", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9350", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48175\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.\n\ud83d\udccf Published: 2023-01-30T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T14:13:24.627Z\n\ud83d\udd17 References:\n1. https://github.com/y1s3m0/vulnfind/blob/main/rukovoditel/rce_ajax_request.md", "creation_timestamp": "2025-03-28T14:27:33.000000Z"}, {"uuid": "e34dd2ed-c6cd-4a2b-9f47-ec81451096a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48176", "type": "seen", "source": "https://t.me/cibsecurity/57193", "content": "\u203c CVE-2022-48176 \u203c\n\nNetgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:47:35.000000Z"}, {"uuid": "b7521661-eec0-452c-905a-f2af6ad81ef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48175", "type": "seen", "source": "https://t.me/cibsecurity/57192", "content": "\u203c CVE-2022-48175 \u203c\n\nRukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:47:34.000000Z"}, {"uuid": "a5b6aaff-3439-4124-9147-65ffb946a22a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48174", "type": "seen", "source": "Telegram/I5NXyMjytHIYu-yIRizuBywJYFS7aYMm5NxfIk522dlINd0p", "content": "", "creation_timestamp": "2025-02-06T02:44:19.000000Z"}, {"uuid": "fea4a9d5-af77-4348-91e3-5bbdace25110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4817", "type": "seen", "source": "https://t.me/cibsecurity/55510", "content": "\u203c CVE-2022-4817 \u203c\n\nA vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T22:12:33.000000Z"}]}