The SOS Intelligence CVE Chatter Weekly Top Ten –

by Amir Hadzipasic

October 10, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

https://nvd.nist.gov/vuln/detail/

10.

https://nvd.nist.gov/vuln/detail/

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 03 October 2022

by Amir Hadzipasic

October 3, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

2. CVE-2022-41847

An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.

https://nvd.nist.gov/vuln/detail/CVE-2022-41847

3. CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

4. CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

https://nvd.nist.gov/vuln/detail/CVE-2022-38178

5. CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

https://nvd.nist.gov/vuln/detail/CVE-2022-38177

6. CVE-2021-3800

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

https://nvd.nist.gov/vuln/detail/CVE-2021-3800

7. CVE-2022-3057

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-3057

8. CVE-2011-4820

IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user’s preferences.

https://nvd.nist.gov/vuln/detail/CVE-2011-4820

9. CVE-2012-2201

IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.

https://nvd.nist.gov/vuln/detail/CVE-2012-2201

10. CVE-2022-24086

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer’s wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.

https://nvd.nist.gov/vuln/detail/CVE-2022-24086

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 26 September 2022

by Amir Hadzipasic

September 26, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2022-2568

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with ‘change user’ permissions to modify the account settings of the superuser account and also remove the superuser privileges.

https://nvd.nist.gov/vuln/detail/CVE-2022-2568

2. CVE-2022-25636

https://nvd.nist.gov/vuln/detail/CVE-2022-25636

3. CVE-2022-2588

https://nvd.nist.gov/vuln/detail/CVE-2022-2588

4. CVE-2022-35085

SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.

https://nvd.nist.gov/vuln/detail/CVE-2022-35085

5. CVE-2021-44733

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

https://nvd.nist.gov/vuln/detail/CVE-2021-44733

6. CVE-2022-35896

An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure.

https://nvd.nist.gov/vuln/detail/CVE-2022-35896

7. CVE-2021-1675

Windows Print Spooler Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-1675

8. CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

https://nvd.nist.gov/vuln/detail/CVE-2022-29499

9. CVE-2022-38177

https://nvd.nist.gov/vuln/detail/CVE-2022-38177

10. CVE-2018-9999

In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.

https://nvd.nist.gov/vuln/detail/CVE-2018-9999

Product news

pwnReport tool for MSSP and Enterprise customers

by Amir Hadzipasic

September 23, 2022

One of the features which we’ve been working on recently is a pwnREPORT Breach Report Tool. I’m pleased to say this is now available for our MSSP and Enterprise customers.

What does it do?

Generates an aggregated breach report for records found across our BreachDB, OSINT collections and Dark Web.
Searches for a provided company email domain.
Returns a CSV document on completion for you to download.

Watch the short video below to see it in action.

pwnREPORT Breach Report Tool

This kind of tool is precisely what we try and focus on. Simple execution of a query and a quick, useful output for you to use and potentially share.

If you have any questions, please don’t hesitate to get in touch and book a call / demo here.

Photo by Kevin Ku on Unsplash.

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 19 September 2022

by Amir Hadzipasic

September 19, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

https://nvd.nist.gov/vuln/detail/CVE-2022-27593

2. CVE-2022-38600

Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.

https://nvd.nist.gov/vuln/detail/CVE-2022-38600

3. CVE-2022-3202

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.

https://nvd.nist.gov/vuln/detail/CVE-2022-3202

4. CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

https://nvd.nist.gov/vuln/detail/CVE-2022-29499

5. CVE-2012-2459

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

6. CVE-2020-8516

** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2020-8516

7. CVE-2022-24086

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-24086

8. CVE-2021-34557

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.

https://nvd.nist.gov/vuln/detail/CVE-2021-34557

9. CVE-2018-17144

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

10. CVE-2021-44733

https://nvd.nist.gov/vuln/detail/CVE-2021-44733

Opinion

Attending the International Cyber Expo on the 27th / 28th September

by Amir Hadzipasic

September 14, 2022

We are going to be attending the International Cyber Expo on the 27th / 28th September and we would love to meet up if you are attending.

Get in touch by emailing us or via Twitter 🙂

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 13 September 2022

by Amir Hadzipasic

September 13, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2021-44733

https://nvd.nist.gov/vuln/detail/CVE-2021-44733

2. CVE-2022-27593

https://nvd.nist.gov/vuln/detail/CVE-2022-27593

3. CVE-2022-24637

Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ‘

https://nvd.nist.gov/vuln/detail/CVE-2022-24637

4. CVE-2022-27925

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

https://nvd.nist.gov/vuln/detail/CVE-2022-27925

5. CVE-2022-0337

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-0337

6. CVE-2018-17866

Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the “Ultimate Member – User Profile & Membership” plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the “Primary button Text” or “Second button text” field.

https://nvd.nist.gov/vuln/detail/CVE-2018-17866

7. CVE-2022-24086

https://nvd.nist.gov/vuln/detail/CVE-2022-24086

8. CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

https://nvd.nist.gov/vuln/detail/CVE-2021-43008

9. CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2020-1472

10. CVE-2021-34236

Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to ‘/bd_genie_create_account.cgi’ with a sufficiently long parameter ‘register_country’.

https://nvd.nist.gov/vuln/detail/CVE-2021-34236

Product news, The Dark Web

SOS Intelligence Dark Web Map

by Amir Hadzipasic

September 7, 2022

We thought it would be interesting to show you something we generate every now and again…

That is our representation of the SOS Intelligence Dark Web Index, the physical placement of the nodes represents the interconnectivity between onion services on the Dark Web (Tor).

It is an energy model of the network structure of the Dark Web.

The diagram is a visual representation of an energy model of the network structure for interconnecting onion services

Essentially, If a node has a lot of links, it has a heavier weight applied to it.

If a node has fewer links, it has a lighter weight applied to it and has less weight represented. The more links, the more central we represent that node on the map. Therefore onion services with fewer inbound or outbound links get ‘pushed’ outward to the edges of the map. Onions with more links weigh more so are positioned more centrally.

The colour is a computed modularity class – the social network of the nodes. We have calculated the community networks of the nodes. i.e. how likely it is that a node is linked to other nodes within the network.

What we get is a spatial representation and social network of around 43000 nodes in the past 24 hours.

The colour itself is random, but the membership of the colour is representative of their social network. What we don’t mean is their Facebook membership, but rather their community connections within the Dark Web.

The visualisation is stunning when seen on a large screen so we have made this available to download here in 4K.

If you are feeling kind, a tweet or short blog post about this would be much appreciated 🙂

Opinion, The Dark Web

Major UK transport company battles cyber-attack

by Amir Hadzipasic

September 7, 2022

Another week and yet another cyber-attack on a major UK company. The Guardian broke the news yesterday highlighting that Go-Ahead are facing problems with their back office systems, including bus services and payroll software.

Fortunately it is only affecting the bus services they run and not their rail business.

There are a couple of important things to note here. Firstly, the UK and other countries are seeing more threats to government organisations, transport and infrastructure companies. Infrastructure, by it’s nature, is vital to the smooth running of a countries’ daily life and an interruption to this can cause serious problems.

One of the most infamous cyber attacks to infrastructure took place last year when hackers breached the Colonial Pipeline using a compromised password.

The key aspect of this case was that investigators suspect hackers got password from dark web leak. This scenario is a perfect demonstration of how SOS Intelligence could have helped, alerting the company to this in time and possibly preventing what happened.

In the UK, companies have faced sizeable fines when they have been the subject of a breach and lost customer data.

British Airways was told in July 2019 that it faced a fine of £183m after hackers stole the personal information of half a million customers. Eventually they paid £20M, still a considerable amount.

If you are reading this and wonder if we can help, we probably can. You can book a call and demo here.

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 05 September 2022

by Amir Hadzipasic

September 5, 2022

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2012-2459

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

2. CVE-2022-24637

https://nvd.nist.gov/vuln/detail/CVE-2022-24637

3. CVE-2020-29260

libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

https://nvd.nist.gov/vuln/detail/CVE-2020-29260

4. CVE-2022-22067

Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

https://nvd.nist.gov/vuln/detail/CVE-2022-22067

5. CVE-2022-30075

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.

https://nvd.nist.gov/vuln/detail/CVE-2022-30075

6. CVE-2018-17144

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

7. CVE-2022-37042

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

https://nvd.nist.gov/vuln/detail/CVE-2022-37042

8. CVE-2021-41617

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

https://nvd.nist.gov/vuln/detail/CVE-2021-41617

9. CVE-2022-21449

https://nvd.nist.gov/vuln/detail/CVE-2022-21449

10. CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

https://nvd.nist.gov/vuln/detail/CVE-2022-29154

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The SOS Intelligence CVE Chatter Weekly Top Ten –

The SOS Intelligence CVE Chatter Weekly Top Ten – 03 October 2022

The SOS Intelligence CVE Chatter Weekly Top Ten – 26 September 2022

pwnReport tool for MSSP and Enterprise customers

The SOS Intelligence CVE Chatter Weekly Top Ten – 19 September 2022

Attending the International Cyber Expo on the 27th / 28th September

The SOS Intelligence CVE Chatter Weekly Top Ten – 13 September 2022

SOS Intelligence Dark Web Map

Major UK transport company battles cyber-attack

The SOS Intelligence CVE Chatter Weekly Top Ten – 05 September 2022

Recent Posts

Recent Comments