{"vulnerability": "CVE-2022-3437", "sightings": [{"uuid": "777e567a-d2a7-4910-8489-db432b9987ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3437", "type": "seen", "source": "https://t.me/cibsecurity/59539", "content": "\u203c CVE-2022-45142 \u203c\n\nThe fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T02:13:31.000000Z"}, {"uuid": "ad73ceac-ba1c-410f-bfbe-b8242386eba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3437", "type": "seen", "source": "Telegram/Sl-WKyZGV1MDcswPkINfQXSzv6-Mv5VFXzE0rZ_taj1YcWT-", "content": "", "creation_timestamp": "2025-03-08T04:34:55.000000Z"}, {"uuid": "87a04968-a193-4037-9e8e-2d9ac057e316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34379", "type": "seen", "source": "https://t.me/cibsecurity/49191", "content": "\u203c CVE-2022-34379 \u203c\n\nDell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-01T22:38:36.000000Z"}, {"uuid": "4163c153-c285-4831-a6a1-85ed6f27b65b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3437", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lstlonusck26", "content": "", "creation_timestamp": "2025-06-30T16:20:55.142859Z"}, {"uuid": "c7438cf6-6b77-4924-aacd-52f8ae3a0f54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34378", "type": "seen", "source": "https://t.me/cibsecurity/49258", "content": "\u203c CVE-2022-34378 \u203c\n\nDell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-02T22:39:32.000000Z"}, {"uuid": "ae70f371-876f-4096-8d02-32d0a5d0b858", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34371", "type": "seen", "source": "https://t.me/cibsecurity/49256", "content": "\u203c CVE-2022-34371 \u203c\n\nDell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-02T22:39:30.000000Z"}, {"uuid": "d8ac9327-6643-4bf1-ad79-746c995bccae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34372", "type": "seen", "source": "https://t.me/cibsecurity/49180", "content": "\u203c CVE-2022-34372 \u203c\n\nDell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-01T22:38:20.000000Z"}, {"uuid": "c9481bb5-7870-480b-9946-6f34bb0a8ebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34375", "type": "seen", "source": "https://t.me/cibsecurity/49083", "content": "\u203c CVE-2022-34375 \u203c\n\nDell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T00:36:19.000000Z"}, {"uuid": "04c5ade9-6547-4ea8-9f02-fe5aceae6699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34374", "type": "seen", "source": "https://t.me/cibsecurity/49072", "content": "\u203c CVE-2022-34374 \u203c\n\nDell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T00:36:03.000000Z"}, {"uuid": "17103533-f311-4059-8ba7-b7ae561c826e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3437", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6743", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45142\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.\n\ud83d\udccf Published: 2023-03-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-06T20:20:48.532Z\n\ud83d\udd17 References:\n1. https://www.openwall.com/lists/oss-security/2023/02/08/1\n2. https://security.gentoo.org/glsa/202310-06", "creation_timestamp": "2025-03-06T20:34:04.000000Z"}]}