This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2022-40684
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30226.
https://nvd.nist.gov/vuln/detail/CVE-2022-40684
2. CVE-2021-38385
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
https://nvd.nist.gov/vuln/detail/CVE-2021-38385
3. CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-41082
4. CVE-2022-41040
Microsoft Exchange Server Remote Code Execution Vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-41040
5. CVE-2012-2459
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
https://nvd.nist.gov/vuln/detail/CVE-2012-2459
6. CVE-2022-27510
Unauthenticated remote arbitrary code execution
https://nvd.nist.gov/vuln/detail/CVE-2022-27510
7. CVE-2022-27518
Unauthenticated remote arbitrary code execution
https://nvd.nist.gov/vuln/detail/CVE-2022-27518
8. CVE-2020-36619
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2020-36619
9. CVE-2014-12502
N/A
https://nvd.nist.gov/vuln/detail/CVE-2014-12502
10. CVE-2016-20018
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
https://nvd.nist.gov/vuln/detail/CVE-2016-20018