{"vulnerability": "CVE-2022-3606", "sightings": [{"uuid": "74a66b65-363c-49d4-b890-b676f0f98477", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3635", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aThis repo contains payload for the CVE-2022-36067\nURL\uff1ahttps://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-26T14:37:37.000000Z"}, {"uuid": "dc8673e2-a8d8-4f66-a395-e4efc615c2f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "seen", "source": "https://t.me/kasraone_com/318", "content": "\ud83d\udd34CVE-2022-36067 ?\n\n\nCVE-2022-36067 \u06cc\u06a9 \u0628\u0627\u06af \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0628\u0631\u062e\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0634\u0631\u06a9\u062a Microsoft \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f. \u0627\u06cc\u0646 \u0628\u0627\u06af \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0633\u0631\u0648\u06cc\u0633 Active Directory Federation Services (ADFS) \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0647\u06a9\u0631\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062d\u0633\u0627\u0628\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0631\u0627 \u0628\u062f\u0647\u062f.\n\n\u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0628\u0627\u06af\u060c \u0647\u06a9\u0631\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u062a\u0644\u0627\u0634 \u06a9\u0646\u0646\u062f \u062a\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u06a9\u0627\u0631\u0628\u0631\u060c \u0628\u0647 \u062d\u0633\u0627\u0628 \u0622\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f. \u0647\u0645\u0686\u0646\u06cc\u0646\u060c \u0622\u0646\u200c\u0647\u0627 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0647 \u0635\u0648\u0631\u062a \u0646\u0627\u0645\u062d\u0633\u0648\u0633 \u062f\u0631 \u0634\u0628\u06a9\u0647 \u0634\u0645\u0627 \u062d\u0636\u0648\u0631 \u06cc\u0627\u0628\u0646\u062f \u0648 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0645\u0646\u0627\u0628\u0639 \u062d\u0633\u0627\u0633 \u0631\u0627 \u0628\u062f\u0633\u062a \u0622\u0648\u0631\u0646\u062f.\n\nMicrosoft \u0642\u0628\u0644\u0627\u064b \u0686\u0646\u062f\u06cc\u0646 \u062a\u062d\u0630\u06cc\u0631 \u0631\u0627 \u062f\u0631 \u062e\u0635\u0648\u0635 CVE-2022-36067 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u0648 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u062a\u0645\u0627\u0645 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc ADFS \u0631\u0627 \u0628\u0647 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u06a9\u0646\u06cc\u062f. \u0647\u0645\u0686\u0646\u06cc\u0646\u060c \u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u0641\u0639\u0627\u0644 \u0633\u0627\u0632\u06cc \u067e\u0631\u0648\u062a\u06a9\u0644 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0686\u0646\u062f \u0639\u0627\u0645\u0644\u06cc (MFA)\u060c \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0627\u062a \u0645\u062d\u0627\u0641\u0638\u062a \u06a9\u0646\u06cc\u062f", "creation_timestamp": "2023-06-27T08:52:09.000000Z"}, {"uuid": "869591ee-c8f8-4c20-868e-2e08b4e4a575", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "published-proof-of-concept", "source": "Telegram/suSVZ8gjh9CeURgOUMEZq2Z7fyo2iknJlY7RsYX9Hr2cvtw", "content": "", "creation_timestamp": "2023-01-20T07:08:40.000000Z"}, {"uuid": "1c632f93-20b5-400f-a76f-e5ce8dc30975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "published-proof-of-concept", "source": "https://t.me/ZeroDay_TM/716", "content": "\u2022 This repo contains payload for the CVE-2022-36067\n\nhttps://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067\n\n- - - - - - - - - - - - - - - - - - - -\n-=[ @ZeroDay_TM ]=-", "creation_timestamp": "2023-02-05T15:55:44.000000Z"}, {"uuid": "2b77e24c-63a6-403c-b9e9-712e001d4e87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "published-proof-of-concept", "source": "https://t.me/ZeroDay_TM/713", "content": "\u2022 This repo contains payload for the CVE-2022-36067\n\nLink: https://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067\n\n- - - - - - - - - - - - - - - - - - - -\n-=[ @ZeroDay_TM ]=-", "creation_timestamp": "2023-01-31T01:48:03.000000Z"}, {"uuid": "bb9c1029-b8a0-4f0b-9fa0-037c8567ea15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "seen", "source": "https://t.me/true_secator/3713", "content": "\u0412 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043e\u0440\u0442\u0430\u043b\u0435 \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Backstage \u043e\u0442 Spotify \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n\u041f\u0440\u043e\u0434\u0443\u043a\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043c\u043d\u043e\u0433\u0438\u043c\u0438 \u043a\u0440\u0443\u043f\u043d\u044b\u043c\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c\u0438, \u0442\u0430\u043a\u0438\u043c\u0438 \u043a\u0430\u043a American Airlines, Splunk, Fidelity Investments, Epic Games, Netflix, DoorDash, Roku, Expedia \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438.\n\n\u041e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Oxeye \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b Spotify bug bounty.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,8 \u0438 \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0432 \u0440\u0430\u043d\u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 vm2, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u043a\u0430\u043a Sandbreak \u0438\u043b\u0438 CVE-2022-36067, \u0447\u0442\u043e \u0432 \u0438\u0442\u043e\u0433\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b vm2 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u0411\u0430\u0433\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0448\u0430\u0431\u043b\u043e\u043d\u043e\u0432 \u041f\u041e, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c\u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u0432 Backstage.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u043b\u0438 \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 \u0445\u0435\u0448\u0430 \u0444\u0430\u0432\u0438\u043a\u043e\u043d\u043a\u0438 Backstage \u0432 Shodan \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 500 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Backstage, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u043b\u0438, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0430 \u043c\u043d\u043e\u0433\u0438\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430\u0445, \u0442\u0430\u043a \u043a\u0430\u043a Backstage \u0431\u044b\u043b \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0431\u0435\u0437 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u0442 \u0433\u043e\u0441\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u0423\u0433\u0440\u043e\u0437\u0443 \u043b\u043e\u043a\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043b\u0438, \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 Backstage \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u0432\u0435\u0440\u0441\u0438\u044e 1.5.1. \u0435\u0449\u0435 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.", "creation_timestamp": "2022-11-16T15:26:04.000000Z"}, {"uuid": "3bcbb113-ba91-4c2d-8cb5-2efa42efd565", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36068", "type": "seen", "source": "https://t.me/cibsecurity/50747", "content": "\u203c CVE-2022-36068 \u203c\n\nDiscourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-30T00:35:25.000000Z"}, {"uuid": "d3900ba0-723d-4af9-be63-4868bfc23176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36066", "type": "seen", "source": "https://t.me/cibsecurity/50742", "content": "\u203c CVE-2022-36066 \u203c\n\nDiscourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-30T00:35:20.000000Z"}, {"uuid": "f158c432-c420-4374-8612-809bbe6a3f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36061", "type": "seen", "source": "https://t.me/cibsecurity/49377", "content": "\u203c CVE-2022-36061 \u203c\n\nElrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-07T00:13:25.000000Z"}, {"uuid": "ee82a2fd-d06e-46ea-bc41-eb0bec65f110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36065", "type": "seen", "source": "https://t.me/cibsecurity/49392", "content": "\u203c CVE-2022-36065 \u203c\n\nGrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the right location, they can execute arbitrary code within the container. To be affected, ALL of the following must be true: Self-hosted deployment (GrowthBook Cloud is unaffected); using local file uploads (as opposed to S3 or Google Cloud Storage); NODE_ENV set to a non-production value and JWT_SECRET set to an easily guessable string like `dev`. This issue is patched in commit 1a5edff8786d141161bf880c2fd9ccbe2850a264 (2022-08-29). As a workaround, set `JWT_SECRET` environment variable to a long random string. This will stop arbitrary file uploads, but the only way to stop attackers from registering accounts is by updating to the latest build.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-07T00:13:43.000000Z"}, {"uuid": "bce00345-3d56-418b-b77c-38fa843f3b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "seen", "source": "https://t.me/thehackernews/2658", "content": "Researchers warn of a recently reported critical RCE vulnerability (CVE-2022-36067 / CVSS 10) in the popular vm2 JavaScript sandbox module that could be exploited by hackers to overcome security barriers and perform arbitrary operations.\n\nRead: https://thehackernews.com/2022/10/researchers-detail-critical-rce-flaw.html", "creation_timestamp": "2022-10-11T13:49:45.000000Z"}, {"uuid": "aa4a1cb7-2292-4d82-8b47-8b9e013cf1a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2567", "content": "#CVE-2022\nProof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.\nhttps://github.com/zhuowei/WDBFontOverwrite\n\nThis repo contains payload for the CVE-2022-36067\nhttps://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067\n\nProof of concept for CVE-2022-30190 (Follina).\n\nhttps://github.com/winstxnhdw/CVE-2022-30190\n\n@BlueRedTeam", "creation_timestamp": "2023-01-21T16:19:17.000000Z"}, {"uuid": "5c50496c-e9f0-4f48-b3a9-bbce231b8265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36063", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/51069", "content": "\u203c CVE-2022-36063 \u203c\n\nAzure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX\u00e2\u20ac\u201csupported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a `0` or `1` allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the `cdc_ecm -&gt; ux_host_class_cdc_ecm_node_id` array. This may allow one to redirect the code execution flow or introduce a denial of service. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T00:25:11.000000Z"}, {"uuid": "1623b564-e53b-467d-8677-2ff6d2fcb4a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6594", "content": "Enter \"Sandbreak\" - Vulnerability In vm2 Sandbox Module Enables Remote Code Execution (CVE-2022-36067)\n\nhttps://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067", "creation_timestamp": "2022-10-17T10:27:30.000000Z"}, {"uuid": "a1777e88-a0c1-45b0-912b-5830b89f76ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "seen", "source": "https://t.me/itsec_news/1775", "content": "\u200b\u26a1\ufe0f \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043e\u043f\u0430\u0441\u043d\u0430\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Backstage \u043e\u0442 Spotify.\n\n\ud83d\udcac \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c\u0443 \u043e\u0442\u0447\u0435\u0442\u0443 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Oxeye, RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (\u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 9.8 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u201c\u0441\u0431\u0435\u0436\u0430\u0442\u044c \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b vm2\u201d \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 \u044f\u0434\u0440\u0430 Scaffolder \u2013 \u044d\u0442\u043e CVE-2022-36067 \u0438\u043b\u0438 Sandbreak, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u044b \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u043b\u0438 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435.\n\n\u041a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u044f\u0442 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0431\u0440\u0435\u0448\u044c \u0432 \u0437\u0430\u0449\u0438\u0442\u0435 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c \u201csoftware templates\u201d, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u0432 Backstage. \u041f\u043e\u044d\u0442\u043e\u043c\u0443, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0448\u0430\u0431\u043b\u043e\u043d\u0438\u0437\u0430\u0442\u043e\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 vm2 \u0434\u043b\u044f \u0441\u043d\u0438\u0436\u0435\u043d\u0438\u044f \u0440\u0438\u0441\u043a\u043e\u0432, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0437\u0430\u043f\u0443\u0441\u043a\u043e\u043c \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, Sandbreak \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0448\u0435\u043b\u043b-\u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0436\u0435\u0440\u0442\u0432\u044b.\n\nOxeye \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0435\u0439 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u0432 \u0421\u0435\u0442\u0438 \u0431\u043e\u043b\u0435\u0435 500 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Backstage, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0431\u0435\u0437 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0418\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0441\u043e\u043f\u0440\u043e\u0432\u043e\u0436\u0434\u0430\u044e\u0449\u0438\u043c\u0438 Backstage \u0443\u0436\u0435 \u0434\u0430\u0432\u043d\u043e \u2013 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.5.1, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 29 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2022 \u0433\u043e\u0434\u0430.\n\n#Spotify #RCE\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-11-18T15:34:34.000000Z"}, {"uuid": "bff5fe60-d1f3-4480-a2cd-e41c895e142c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "seen", "source": "https://t.me/ctinow/68112", "content": "Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)\n\nhttps://ift.tt/fZ3w0DS", "creation_timestamp": "2022-10-10T12:21:17.000000Z"}, {"uuid": "d5da3d16-07dd-4489-8717-4810dcf2d402", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36060", "type": "seen", "source": "https://t.me/cibsecurity/60938", "content": "\u203c CVE-2022-36060 \u203c\n\nmatrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. This issue has been fixed in matrix-react-sdk 3.53.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T00:39:59.000000Z"}, {"uuid": "42cc5c57-96d8-4bf2-8490-d84f8a2efc92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3606", "type": "seen", "source": "https://t.me/cibsecurity/51745", "content": "\u203c CVE-2022-3606 \u203c\n\nA vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T12:14:59.000000Z"}, {"uuid": "a8476ace-5fe8-4014-9593-4fe015b887b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36067", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6979", "content": "#Threat_Research\n1. VM2 Sandbox Vulnerability (CVE-2022-36067)\nhttps://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067\n2. Timing Attack to Detect Private Packages on npm\nhttps://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm", "creation_timestamp": "2022-10-15T13:07:01.000000Z"}]}