This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2018-17144
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
https://nvd.nist.gov/vuln/detail/CVE-2018-17144
2. CVE-2012-2459
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
https://nvd.nist.gov/vuln/detail/CVE-2012-2459
3. CVE-2022-34570
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.
https://nvd.nist.gov/vuln/detail/CVE-2022-34570
4. CVE-2022-1488
Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
https://nvd.nist.gov/vuln/detail/CVE-2022-1488
5. CVE-2022-1501
Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
https://nvd.nist.gov/vuln/detail/CVE-2022-1501
6. CVE-2022-1873
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
https://nvd.nist.gov/vuln/detail/CVE-2022-1873
7. CVE-2022-24086
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
https://nvd.nist.gov/vuln/detail/CVE-2022-24086
8. CVE-2022-1637
Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
https://nvd.nist.gov/vuln/detail/CVE-2022-1637
9. CVE-2022-1875
Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
https://nvd.nist.gov/vuln/detail/CVE-2022-1875
10. CVE-2022-1498
Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
https://nvd.nist.gov/vuln/detail/CVE-2022-1498