The SOS Intelligence CVE Chatter Weekly Top Ten – 26 December 2022

by Amir Hadzipasic

December 26, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2022-4415

N/A

https://nvd.nist.gov/vuln/detail/CVE-2022-4415

2. CVE-2022-41080

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.

https://nvd.nist.gov/vuln/detail/CVE-2022-41080

3. CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

4. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

5. CVE-2022-40684

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

6. CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-41082

7. CVE-2022-47941

An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.

https://nvd.nist.gov/vuln/detail/CVE-2022-47941

8. CVE-2022-41040

Microsoft Exchange Server Elevation of Privilege Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-41040

9. CVE-2016-20018

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.

https://nvd.nist.gov/vuln/detail/CVE-2016-20018

10. CVE-2022-41649

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-41649

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 19 December 2022

by Amir Hadzipasic

December 19, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2018-17144

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

2. CVE-2012-2459

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

3. CVE-2022-42475

N/A

https://nvd.nist.gov/vuln/detail/CVE-2022-42475

4. CVE-2022-40684

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

5. CVE-2022-44698

Windows SmartScreen Security Feature Bypass Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-44698

6. CVE-2022-41049

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091.

https://nvd.nist.gov/vuln/detail/CVE-2022-41049

7. CVE-2022-27518

Unauthenticated remote arbitrary code execution

https://nvd.nist.gov/vuln/detail/CVE-2022-27518

8. CVE-2022-20240

In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105

https://nvd.nist.gov/vuln/detail/CVE-2022-20240

9. CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

https://nvd.nist.gov/vuln/detail/CVE-2022-22965

10. CVE-2021-3821

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.

https://nvd.nist.gov/vuln/detail/CVE-2021-3821

Investigation, The Dark Web

Dark Web Services Current Average Prices

by Amir Hadzipasic

December 14, 2022

It started with a tweet.

The dark web has long been associated with illegal activities and the sale of illicit goods and services. Among the many services offered on the dark web, hacking services are particularly prevalent.

We had our PIR and got to writing an Intelligence Requirements sheet following the PESTLEP model and that allowed us to prioritise our Collection Plan.

With which we were able to start our collection process and begin answering Daniel Card’s Tweet.

The collection process consisted of using the SOS Intelligence platform to identify current active market places for the specific IR areas we had to answer to.

Our platform has the capability to scan the dark web very quickly, with the ability to rotate around all active Onion services within 24-48 hours. This gives us a clear view of current and active Onion services.

In addition SOS Intelligence has a broad range of automatic closed and open forum collection giving us a real time view into purchases and sales.

Gathering the relevant information and calculating averages per service, per market place.

The research

The research for this article looked at around 40 different current dark web marketplaces and clear web and dark web forums, where hacking services are commonly offered for sale. The average prices for the services mentioned were determined based on the information gathered from these sources.

According to our research, the average price for a stolen credit card on the dark web is around $243.15.

This may seem like a low price, but the value of a stolen credit card can vary depending on the country it was issued in and the remaining balance on the card. For example, a credit card from the United States may be worth more than one from a less economically developed country. To keep things as like for like as possible we took the average card limit for a USA bank.

Counterfeit money is also commonly available on the dark web, with the average price per $1,000 coming in at around $396.24.

This may seem like a high price, but it’s important to remember that producing high-quality counterfeit money can be a time-consuming and expensive process.

Botnets, which are networks of compromised computers used to launch distributed denial of service (DDoS) attacks, are also commonly available on the dark web.

The average price for a botnet or DDoS attack is around $382.41.

Another common service offered on the dark web is the sale of so called residential proxies, which are more difficult to detect and block as they “proxy” a cyber criminals connection out through a residential ISP. These proxies are used to mask the true IP address of the user and are often used by hackers to avoid detection.

The average price for a residential proxy is around $645 per month.

Finally, initial access to a target network is often available for sale on closed forums and marketplaces. This can include login credentials or vulnerabilities in a network that can be exploited to gain access, Initial Access or AI is typically the first ‘open door’ into a victim’s network and can lead to ransomware.

Prices for this service ranged wildly from a few hundred dollars to tens of thousands, due to wide ranging victims and seller motivations, varying greatly depending on access offered, method of access and compromised company.

The average price for initial access to a network is around $7,700.

In conclusion, the dark web is a hub for a wide range of hacking services, from stolen credit card information to initial access to target networks.

While the prices for these services may seem steep, it’s important to remember that at least for some of the services offered there is a more demand than supply.

It is also important to note that there is no guarantee with any of the services provided and the sellers or marketplaces themselves could be scams or scammers although a majority do offer purchase through escrow.

Header photo by Jefferson Santos on Unsplash.

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 12 December 2022

by Amir Hadzipasic

December 12, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2020-4463

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484.

https://nvd.nist.gov/vuln/detail/CVE-2020-4463

2. CVE-2021-38003

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2021-38003

3. CVE-2022-41049

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.

https://nvd.nist.gov/vuln/detail/CVE-2022-41049

4. CVE-2022-23467

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.

https://nvd.nist.gov/vuln/detail/CVE-2022-23467

5. CVE-2022-26485

N/A

https://nvd.nist.gov/vuln/detail/CVE-2022-26485

6. CVE-2021-42298

N/A

https://nvd.nist.gov/vuln/detail/CVE-2021-42298

7. CVE-2022-23093

N/A

https://nvd.nist.gov/vuln/detail/CVE-2022-23093

8. CVE-2022-30206

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

https://nvd.nist.gov/vuln/detail/CVE-2022-30206

9. CVE-2022-38599

Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.

https://nvd.nist.gov/vuln/detail/CVE-2022-38599

10. CVE-2022-3328

N/A

https://nvd.nist.gov/vuln/detail/CVE-2022-3328

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 05 December 2022

by Amir Hadzipasic

December 5, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2022-45204

GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.

https://nvd.nist.gov/vuln/detail/CVE-2022-45204

2. CVE-2022-40684

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

3. CVE-2022-43272

DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.

https://nvd.nist.gov/vuln/detail/CVE-2022-43272

4. CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

https://nvd.nist.gov/vuln/detail/CVE-2022-22963

5. CVE-2009-1143

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

https://nvd.nist.gov/vuln/detail/CVE-2009-1143

6. CVE-2009-1142

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.

https://nvd.nist.gov/vuln/detail/CVE-2009-1142

7. CVE-2022-41040

Microsoft Exchange Server Elevation of Privilege Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-41040

8. CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter.

https://nvd.nist.gov/vuln/detail/CVE-2022-0698

9. CVE-2021-32749

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`n~`) are available in “foreign” input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually.

https://nvd.nist.gov/vuln/detail/CVE-2021-32749

10. CVE-2022-41082

Microsoft Exchange Server Elevation of Privilege Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-41082

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 November 2022

by Amir Hadzipasic

November 28, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2018-17144

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

2. CVE-2012-2459

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

3. CVE-2022-41040

Microsoft Exchange Server Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-41040

4. CVE-2022-42895

There is an infoleak vulnerability in the Linux kernel’s net/bluetooth/l2cap_core.c’s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

https://nvd.nist.gov/vuln/detail/CVE-2022-42895

5. CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-41082

6. CVE-2018-18955

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

https://nvd.nist.gov/vuln/detail/CVE-2018-18955

7. CVE-2022-45887

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

https://nvd.nist.gov/vuln/detail/CVE-2022-45887

8. CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

https://nvd.nist.gov/vuln/detail/CVE-2014-0160

9. CVE-2022-41157

A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.

https://nvd.nist.gov/vuln/detail/CVE-2022-41157

10. CVE-2021-4122

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.

https://nvd.nist.gov/vuln/detail/CVE-2021-4122

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 21 November 2022

by Amir Hadzipasic

November 21, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2021-44733

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

https://nvd.nist.gov/vuln/detail/CVE-2021-44733

2. CVE-2022-41073

Windows Print Spooler Elevation of Privilege Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-41073

3. CVE-2022-40684

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

4. CVE-2012-2459

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

5. CVE-2022-41049

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091.

https://nvd.nist.gov/vuln/detail/CVE-2022-41049

6. CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-41082

7. CVE-1999-0524

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

https://nvd.nist.gov/vuln/detail/CVE-1999-0524

8. CVE-2022-24521

Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24481.

https://nvd.nist.gov/vuln/detail/CVE-2022-24521

9. CVE-2022-22613

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

https://nvd.nist.gov/vuln/detail/CVE-2022-22613

10. CVE-2021-38819

A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through “id” parameter on the album page.

https://nvd.nist.gov/vuln/detail/CVE-2021-38819

Product news

Join us for our first SOS Intelligence webinar on December 8th at 11am

by Amir Hadzipasic

November 16, 2022

We are delighted to invite you to our first webinar. This is at 11am on Wednesday 8th December and will last around twenty minutes.

Hosted by myself, I’ll give you a short overview of the product and how it fits as an essential part of your business or organisation’s online security plus a demonstration of how easy it is to use the keyword alert feature.

Who is this for?

Anyone in a business or organisation who has responsibility for online security
CTOs who wants to understand the risks of cyber breaches and how to monitor them
MSSPs who would like to leverage our solution with their clients

You will learn:

Why cyber threat intelligence and especially on the Dark Web is so vital
What SOS Intelligence does and what you can expect when using it
How it meets the need of a modern business / organisation

All you need to do is click the button below. We look forward to seeing you!

Click to register

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 14 November 2022

by Amir Hadzipasic

November 14, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2021-44733

https://nvd.nist.gov/vuln/detail/CVE-2021-44733

2. CVE-2012-2459

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

3. CVE-2022-40684

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

4. CVE-2022-29455

DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions.

https://nvd.nist.gov/vuln/detail/CVE-2022-29455

5. CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:.gitconfig`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:Users` if the user profile is located in `C:Usersmy-user-name`.

https://nvd.nist.gov/vuln/detail/CVE-2022-24765

6. CVE-2018-17144

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

7. CVE-2022-41049

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.

https://nvd.nist.gov/vuln/detail/CVE-2022-41049

8. CVE-2022-3786

https://nvd.nist.gov/vuln/detail/CVE-2022-3786

9. CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

10. CVE-2022-30206

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30226.

https://nvd.nist.gov/vuln/detail/CVE-2022-30206

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 07 November 2022

by Amir Hadzipasic

November 7, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

https://nvd.nist.gov/vuln/detail/CVE-2022-3602

2. CVE-2022-3786

https://nvd.nist.gov/vuln/detail/CVE-2022-3786

3. CVE-2022-40684

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

4. CVE-2021-1675

Windows Print Spooler Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-1675

5. CVE-2022-3816

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-3816

6. CVE-2022-3814

A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212680.

https://nvd.nist.gov/vuln/detail/CVE-2022-3814

7. CVE-2022-43222

open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.

https://nvd.nist.gov/vuln/detail/CVE-2022-43222

8. CVE-2022-3813

A vulnerability classified as problematic has been found in Axiomatic Bento4. This affects an unknown part of the component mp4edit. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212679.

https://nvd.nist.gov/vuln/detail/CVE-2022-3813

9. CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

https://nvd.nist.gov/vuln/detail/CVE-2022-38177

10. CVE-2021-44228

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The SOS Intelligence CVE Chatter Weekly Top Ten – 26 December 2022

The SOS Intelligence CVE Chatter Weekly Top Ten – 19 December 2022

Dark Web Services Current Average Prices

The research

The SOS Intelligence CVE Chatter Weekly Top Ten – 12 December 2022

The SOS Intelligence CVE Chatter Weekly Top Ten – 05 December 2022

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 November 2022

The SOS Intelligence CVE Chatter Weekly Top Ten – 21 November 2022

Join us for our first SOS Intelligence webinar on December 8th at 11am

The SOS Intelligence CVE Chatter Weekly Top Ten – 14 November 2022

The SOS Intelligence CVE Chatter Weekly Top Ten – 07 November 2022

Recent Posts

Recent Comments