This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2022-4415
N/A
https://nvd.nist.gov/vuln/detail/CVE-2022-4415
2. CVE-2022-41080
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.
https://nvd.nist.gov/vuln/detail/CVE-2022-41080
3. CVE-2012-2459
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
https://nvd.nist.gov/vuln/detail/CVE-2012-2459
4. CVE-2018-17144
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
https://nvd.nist.gov/vuln/detail/CVE-2018-17144
5. CVE-2022-40684
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
https://nvd.nist.gov/vuln/detail/CVE-2022-40684
6. CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-41082
7. CVE-2022-47941
An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.
https://nvd.nist.gov/vuln/detail/CVE-2022-47941
8. CVE-2022-41040
Microsoft Exchange Server Elevation of Privilege Vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-41040
9. CVE-2016-20018
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
https://nvd.nist.gov/vuln/detail/CVE-2016-20018
10. CVE-2022-41649
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2022-41649