This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2022-41080
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.
https://nvd.nist.gov/vuln/detail/CVE-2022-41080
2. CVE-2022-42475
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
https://nvd.nist.gov/vuln/detail/CVE-2022-42475
3. CVE-2022-40684
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
https://nvd.nist.gov/vuln/detail/CVE-2022-40684
4. CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-41082
5. CVE-2021-26404
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.
https://nvd.nist.gov/vuln/detail/CVE-2021-26404
6. CVE-2014-12507
N/A
https://nvd.nist.gov/vuln/detail/CVE-2014-12507
7. CVE-2022-23087
N/A
https://nvd.nist.gov/vuln/detail/CVE-2022-23087
8. CVE-2014-12502
N/A
https://nvd.nist.gov/vuln/detail/CVE-2014-12502
9. CVE-2023-22417
A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the flowd process will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.
https://nvd.nist.gov/vuln/detail/CVE-2023-22417
10. CVE-2014-12503
N/A
https://nvd.nist.gov/vuln/detail/CVE-2014-12503