https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 26 May 2026 13:04:50 +0000 https://db.gcve.eu/sighting/5eb4e39e-66e2-4790-9b4b-6b77180a6ae4/export {"uuid": "5eb4e39e-66e2-4790-9b4b-6b77180a6ae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2751", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bCVE-2022-20360\n\nAndroid setChecked LPE\n\nhttps://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20360\n\n#cve\n\n\u200b\u200bCVE-2022-20128\n\nAndroid Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.\n\nhttps://github.com/irsl/CVE-2022-20128\n\n#cve\n\n\u200b\u200bSandbox Scryer\n\nThe Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in the assembly of IOCs, understanding attack movement and in threat hunting By allowing researchers to send thousands of samples to a sandbox for building a profile that can be used with the ATT&CK technique, the Sandbox Scryer delivers an unprecedented ability to solve use cases at scale.\n\nThe tool is intended for cybersecurity professionals who are interested in threat hunting and attack analysis leveraging sandbox output data. The Sandbox Scryer tool currently consumes output from the free and public Hybrid Analysis malware analysis service helping analysts expedite and scale threat hunting.\n\nhttps://github.com/PayloadSecurity/Sandbox_Scryer\n\nCrowdStrike Introduces Sandbox Scryer: A Free Threat-Hunting Tool for Generating MITRE ATT&CK and Navigator Data: https://www.crowdstrike.com/blog/sandbox-scryer\n\n\u200b\u200bleaky-paths\n\nA collection of special paths linked to major web CVEs, known juicy APIs, misconfigurations.. etc. These could be used for web-content discovery as a way to find quick wins.\n\nUpdate: I have removed all the other sub-list files and kept everything consolidated on \"all-files\". This would be much better to remove confusion and keep it all-in-one.\n\nhttps://github.com/ayoubfathi/leaky-paths\n\n\u200b\u200bCVE-2022-25260\n\nJetBrains Hub pre-auth semi-blind server-side request forgery (SSRF)\n\nhttps://github.com/yuriisanin/CVE-2022-25260\n\n#cve #poc\n\n\u200b\u200bInvoke-DLLClone\n\nInvoke-DllClone combines two projects called Koppeling and Invoke-MetaTwin. Invoke-DllClone can copy metadata and the AuthenticodeSignature from a source binary and into a target binary It also uses koppeling to clone the export table from a refference dll onto a malicious DLL post-build using NetClone Finally, it also supports random fake signatures using LazySign logic.\n\nhttps://github.com/jfmaes/Invoke-DLLClone\n\n\u200b\u200bRedeye\n\nRedeye is a great platform that any #redteam should have - It covers all aspects of red team engagement - Whether it is to organize all sort of data, create a timeline of the engagement and much more!\n\nhttps://github.com/redeye-framework/Redeye\n\n\u200b\u200bCVE-2022-37706\n\nA reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04).\n\nhttps://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit\n\n#cve #exploit\n\n\u200b\u200bEyeBinder\n\nA free silent (hidden) open-source native file binder.\n\nFeatures:\n\u25ab\ufe0f Native or Managed - Builds the final executable as a native (C) or a managed (.NET C#) 32-bit file depending on choice\n\u25ab\ufe0f Silent - Drops and executes (if enabled) files without any visible output unless the bound program has one\n\u25ab\ufe0f Multiple files - Supports binding any amount of files\n\u25ab\ufe0f Compatible - Supports all tested Windows version (Windows 7 to Windows 11) and all file types\n\u25ab\ufe0f Windows Defender exclusions - Can add exclusions into Windows Defender to ignore any detections from the bound files\n\u25ab\ufe0f Icon/Assembly - Supports adding an Icon and/or Assembly Data to the built file\n\u25ab\ufe0f Fake Error - Supports displaying a fake error message when file is originally started\n\nhttps://github.com/TeamDarkAnon/EyEyeBinde\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org\n\n#InsoSec #cybersec \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-03-28T08:55:29.000000Z"} {"uuid": "5eb4e39e-66e2-4790-9b4b-6b77180a6ae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2751", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bCVE-2022-20360\n\nAndroid setChecked LPE\n\nhttps://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20360\n\n#cve\n\n\u200b\u200bCVE-2022-20128\n\nAndroid Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.\n\nhttps://github.com/irsl/CVE-2022-20128\n\n#cve\n\n\u200b\u200bSandbox Scryer\n\nThe Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in the assembly of IOCs, understanding attack movement and in threat hunting By allowing researchers to send thousands of samples to a sandbox for building a profile that can be used with the ATT&CK technique, the Sandbox Scryer delivers an unprecedented ability to solve use cases at scale.\n\nThe tool is intended for cybersecurity professionals who are interested in threat hunting and attack analysis leveraging sandbox output data. The Sandbox Scryer tool currently consumes output from the free and public Hybrid Analysis malware analysis service helping analysts expedite and scale threat hunting.\n\nhttps://github.com/PayloadSecurity/Sandbox_Scryer\n\nCrowdStrike Introduces Sandbox Scryer: A Free Threat-Hunting Tool for Generating MITRE ATT&CK and Navigator Data: https://www.crowdstrike.com/blog/sandbox-scryer\n\n\u200b\u200bleaky-paths\n\nA collection of special paths linked to major web CVEs, known juicy APIs, misconfigurations.. etc. These could be used for web-content discovery as a way to find quick wins.\n\nUpdate: I have removed all the other sub-list files and kept everything consolidated on \"all-files\". This would be much better to remove confusion and keep it all-in-one.\n\nhttps://github.com/ayoubfathi/leaky-paths\n\n\u200b\u200bCVE-2022-25260\n\nJetBrains Hub pre-auth semi-blind server-side request forgery (SSRF)\n\nhttps://github.com/yuriisanin/CVE-2022-25260\n\n#cve #poc\n\n\u200b\u200bInvoke-DLLClone\n\nInvoke-DllClone combines two projects called Koppeling and Invoke-MetaTwin. Invoke-DllClone can copy metadata and the AuthenticodeSignature from a source binary and into a target binary It also uses koppeling to clone the export table from a refference dll onto a malicious DLL post-build using NetClone Finally, it also supports random fake signatures using LazySign logic.\n\nhttps://github.com/jfmaes/Invoke-DLLClone\n\n\u200b\u200bRedeye\n\nRedeye is a great platform that any #redteam should have - It covers all aspects of red team engagement - Whether it is to organize all sort of data, create a timeline of the engagement and much more!\n\nhttps://github.com/redeye-framework/Redeye\n\n\u200b\u200bCVE-2022-37706\n\nA reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04).\n\nhttps://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit\n\n#cve #exploit\n\n\u200b\u200bEyeBinder\n\nA free silent (hidden) open-source native file binder.\n\nFeatures:\n\u25ab\ufe0f Native or Managed - Builds the final executable as a native (C) or a managed (.NET C#) 32-bit file depending on choice\n\u25ab\ufe0f Silent - Drops and executes (if enabled) files without any visible output unless the bound program has one\n\u25ab\ufe0f Multiple files - Supports binding any amount of files\n\u25ab\ufe0f Compatible - Supports all tested Windows version (Windows 7 to Windows 11) and all file types\n\u25ab\ufe0f Windows Defender exclusions - Can add exclusions into Windows Defender to ignore any detections from the bound files\n\u25ab\ufe0f Icon/Assembly - Supports adding an Icon and/or Assembly Data to the built file\n\u25ab\ufe0f Fake Error - Supports displaying a fake error message when file is originally started\n\nhttps://github.com/TeamDarkAnon/EyEyeBinde\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org\n\n#InsoSec #cybersec \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-03-28T08:55:29.000000Z"} https://db.gcve.eu/sighting/5eb4e39e-66e2-4790-9b4b-6b77180a6ae4/export Tue, 28 Mar 2023 08:55:29 +0000 https://db.gcve.eu/sighting/416d9a11-fbae-49a9-abcf-8fdee5fb71e8/export {"uuid": "416d9a11-fbae-49a9-abcf-8fdee5fb71e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37705", "type": "seen", "source": "https://t.me/cibsecurity/62246", "content": "\u203c CVE-2022-37705 \u203c\n\nA privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-16T07:27:15.000000Z"} {"uuid": "416d9a11-fbae-49a9-abcf-8fdee5fb71e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37705", "type": "seen", "source": "https://t.me/cibsecurity/62246", "content": "\u203c CVE-2022-37705 \u203c\n\nA privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-16T07:27:15.000000Z"} https://db.gcve.eu/sighting/416d9a11-fbae-49a9-abcf-8fdee5fb71e8/export Sun, 16 Apr 2023 07:27:15 +0000 https://db.gcve.eu/sighting/8869992f-e4d9-45d6-889d-1155a1664ab9/export {"uuid": "8869992f-e4d9-45d6-889d-1155a1664ab9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37704", "type": "seen", "source": "https://t.me/cibsecurity/62248", "content": "\u203c CVE-2022-37704 \u203c\n\nAmanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-16T07:27:17.000000Z"} {"uuid": "8869992f-e4d9-45d6-889d-1155a1664ab9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37704", "type": "seen", "source": "https://t.me/cibsecurity/62248", "content": "\u203c CVE-2022-37704 \u203c\n\nAmanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-16T07:27:17.000000Z"} https://db.gcve.eu/sighting/8869992f-e4d9-45d6-889d-1155a1664ab9/export Sun, 16 Apr 2023 07:27:17 +0000 https://db.gcve.eu/sighting/ebc31930-59e9-40ee-8190-ff5bb7782404/export {"uuid": "ebc31930-59e9-40ee-8190-ff5bb7782404", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37705", "type": "seen", "source": "https://t.me/cibsecurity/67307", "content": "\u203c CVE-2023-30577 \u203c\n\nAMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T20:27:47.000000Z"} {"uuid": "ebc31930-59e9-40ee-8190-ff5bb7782404", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37705", "type": "seen", "source": "https://t.me/cibsecurity/67307", "content": "\u203c CVE-2023-30577 \u203c\n\nAMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T20:27:47.000000Z"} https://db.gcve.eu/sighting/ebc31930-59e9-40ee-8190-ff5bb7782404/export Wed, 26 Jul 2023 20:27:47 +0000 https://db.gcve.eu/sighting/5ddf955f-e471-4bcb-ac1a-6efc2ef204af/export {"uuid": "5ddf955f-e471-4bcb-ac1a-6efc2ef204af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37703", "type": "seen", "source": "https://t.me/arpsyndicate/849", "content": "#ExploitObserverAlert\n\nCVE-2022-37703\n\nDESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-37703. In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.\n\nFIRST-EPSS: 0.000460000\nNVD-IS: 1.4\nNVD-ES: 1.8", "creation_timestamp": "2023-12-01T09:02:55.000000Z"} {"uuid": "5ddf955f-e471-4bcb-ac1a-6efc2ef204af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37703", "type": "seen", "source": "https://t.me/arpsyndicate/849", "content": "#ExploitObserverAlert\n\nCVE-2022-37703\n\nDESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-37703. In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.\n\nFIRST-EPSS: 0.000460000\nNVD-IS: 1.4\nNVD-ES: 1.8", "creation_timestamp": "2023-12-01T09:02:55.000000Z"} https://db.gcve.eu/sighting/5ddf955f-e471-4bcb-ac1a-6efc2ef204af/export Fri, 01 Dec 2023 09:02:55 +0000 https://db.gcve.eu/sighting/6befefec-9d2d-484e-a0ac-b28fff7feb47/export {"uuid": "6befefec-9d2d-484e-a0ac-b28fff7feb47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} {"uuid": "6befefec-9d2d-484e-a0ac-b28fff7feb47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} https://db.gcve.eu/sighting/6befefec-9d2d-484e-a0ac-b28fff7feb47/export Thu, 06 Feb 2025 03:13:45 +0000 https://db.gcve.eu/sighting/83670dae-9cf4-4b67-afbd-a68bae25f3c0/export {"uuid": "83670dae-9cf4-4b67-afbd-a68bae25f3c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:48.000000Z"} {"uuid": "83670dae-9cf4-4b67-afbd-a68bae25f3c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:48.000000Z"} https://db.gcve.eu/sighting/83670dae-9cf4-4b67-afbd-a68bae25f3c0/export Sun, 23 Feb 2025 04:10:48 +0000 https://db.gcve.eu/sighting/b6f7e1af-530f-4a7f-80ba-6c4882ace222/export {"uuid": "b6f7e1af-530f-4a7f-80ba-6c4882ace222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "seen", "source": "https://gist.github.com/spynika/0e2a745d7fd53551372108b2f744f67f", "content": "", "creation_timestamp": "2025-02-24T06:42:22.000000Z"} {"uuid": "b6f7e1af-530f-4a7f-80ba-6c4882ace222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "seen", "source": "https://gist.github.com/spynika/0e2a745d7fd53551372108b2f744f67f", "content": "", "creation_timestamp": "2025-02-24T06:42:22.000000Z"} https://db.gcve.eu/sighting/b6f7e1af-530f-4a7f-80ba-6c4882ace222/export Mon, 24 Feb 2025 06:42:22 +0000 https://db.gcve.eu/sighting/2e28c776-f470-4f4c-8809-5b9d9cf2de8b/export {"uuid": "2e28c776-f470-4f4c-8809-5b9d9cf2de8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11681", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37706\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.\n\ud83d\udccf Published: 2022-12-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T18:35:47.079Z\n\ud83d\udd17 References:\n1. https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit\n2. https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141\n3. https://git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef123e4abaf63a1f5064", "creation_timestamp": "2025-04-14T18:54:12.000000Z"} {"uuid": "2e28c776-f470-4f4c-8809-5b9d9cf2de8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11681", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37706\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.\n\ud83d\udccf Published: 2022-12-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T18:35:47.079Z\n\ud83d\udd17 References:\n1. https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit\n2. https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141\n3. https://git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef123e4abaf63a1f5064", "creation_timestamp": "2025-04-14T18:54:12.000000Z"} https://db.gcve.eu/sighting/2e28c776-f470-4f4c-8809-5b9d9cf2de8b/export Mon, 14 Apr 2025 18:54:12 +0000 https://db.gcve.eu/sighting/e74c43a9-db3b-4b5c-aaec-7d2884ceeda5/export {"uuid": "e74c43a9-db3b-4b5c-aaec-7d2884ceeda5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:48.000000Z"} {"uuid": "e74c43a9-db3b-4b5c-aaec-7d2884ceeda5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:48.000000Z"} https://db.gcve.eu/sighting/e74c43a9-db3b-4b5c-aaec-7d2884ceeda5/export Sun, 31 Aug 2025 03:00:48 +0000