{"vulnerability": "CVE-2022-3942", "sightings": [{"uuid": "714f9cb7-f1a2-44d4-8bab-c90f4362974b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39425", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1538", "content": "#exploit\n1. CVE-2022-39425:\nVulnerability in Oracle VM VirtualBox <6.1.40 (Core)\nhttps://github.com/bob11vrdp/CVE-2022-39425\n\n2. Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers\nhttps://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md\n\n3. CVE-2022-22971:\nSpring Framework DoS with STOMP over WebSocket\nhttps://github.com/tchize/CVE-2022-22971", "creation_timestamp": "2022-11-28T14:39:34.000000Z"}, {"uuid": "e26d0b8b-e78c-4a3f-a996-987882cb638f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3942", "type": "published-proof-of-concept", "source": "https://t.me/cultofwire/1099", "content": "Your printer is not your printer! \u0420\u0430\u0439\u0442\u0430\u043f\u044b \u043e\u0442 Devcore \u0441 Pwn2Own \u0432 \u0434\u0432\u0443\u0445 \u0447\u0430\u0441\u0442\u044f\u0445. \n\n\u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043b\u0435\u0442 \u043f\u0440\u0438\u043d\u0442\u0435\u0440 \u0441\u0442\u0430\u043b \u043e\u0434\u043d\u0438\u043c \u0438\u0437 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0438\u043d\u0442\u0440\u0430\u0441\u0435\u0442\u0438, \u0438 \u0435\u0433\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0442\u0430\u043a\u0436\u0435 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0438\u0441\u044c. \u0414\u043b\u044f \u0443\u0434\u043e\u0431\u0441\u0442\u0432\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0435\u0447\u0430\u0442\u044c \u0438\u043b\u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0430 \u0444\u0430\u043a\u0441\u043e\u0432, \u043d\u043e \u0438 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b \u043f\u0435\u0447\u0430\u0442\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 AirPrint. \u041f\u0440\u044f\u043c\u0430\u044f \u043f\u0435\u0447\u0430\u0442\u044c \u0441 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0441\u0442\u0430\u043b\u0430 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432 \u044d\u043f\u043e\u0445\u0443 IoT. \u0418\u0445 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0435\u0433\u043e \u0434\u043b\u044f \u043f\u0435\u0447\u0430\u0442\u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0434\u0435\u043b\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 \u0435\u0449\u0435 \u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u044b\u043c \u0437\u0430\u043d\u044f\u0442\u0438\u0435\u043c.\n\n\u041d\u043e \u0447\u0435\u043c \u0441\u043b\u043e\u0436\u043d\u0435\u0439 \u0438 \u0443\u043c\u043d\u0435\u0439 \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u044b \u0438 \u041c\u0424\u0423, \u0442\u0435\u043c \u0431\u043e\u043b\u044c\u0448\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438 \u0441\u043e\u0437\u0434\u0430\u0442\u044c.\n\n\u0412 \u043f\u0440\u0438\u0446\u0435\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e\u043f\u0430\u043b\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u044b:\n- HP Color LaserJet Pro M479fdw\n- Lexmark MC3224i\n- Canon imageCLASS MF743Cdw\n\n\u0412 2021 \u0433\u043e\u0434\u0443 \u0440\u0435\u0431\u044f\u0442\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 RCE (CVE-2022-24673 \u0438 CVE-2022-3942) \u0432 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430\u0445 Canon \u0438 HP, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2021-44734) \u0432 Lexmark. \u041e\u043d\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Canon ImageCLASS MF644Cdw, HP Color LaserJet Pro MFP M283fdw \u0438 Lexmark MC3224i \u043d\u0430 Pwn2Own Austin 2021. \n\n\u0421\u0442\u0430\u0442\u044c\u0438 \u0432 \u0438\u0445 \u0431\u043b\u043e\u0433\u0435:\n- Your printer is not your printer! - Hacking Printers at Pwn2Own Part I \n- Your printer is not your printer! - Hacking Printers at Pwn2Own Part II", "creation_timestamp": "2023-11-09T13:12:24.000000Z"}, {"uuid": "1217cb24-cf6d-4d6d-8ab0-b1348e222130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3942", "type": "seen", "source": "https://t.me/cKure/9130", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Zero-Day: Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with the use of Link-Local Multicast Name Resolution or LLMNR.\n\nCVE-2022-3942.\n\nhttps://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780\n\nhttps://www.bleepingcomputer.com/news/security/hundreds-of-hp-printer-models-vulnerable-to-remote-code-execution/", "creation_timestamp": "2022-03-23T16:19:58.000000Z"}, {"uuid": "9aefad8e-f45f-4a90-95a6-9fd193b134f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3942", "type": "seen", "source": "https://t.me/true_secator/2766", "content": "\u0412 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f HP \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0441\u043e\u0442\u043d\u0438 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format \u0438 DeskJet.\n\n\u041e \u043f\u0435\u0440\u0432\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0438\u0437 Trend Micro Zero Day Initiative. \u0423\u0433\u0440\u043e\u0437\u0430, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a CVE-2022-3942 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e  \u0431\u0430\u0433\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 8,4 (\u0432\u044b\u0441\u043e\u043a\u0430\u044f \u043f\u043e CVSS) \u0432 HP \u0435\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u043b\u0438 \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e. \u0412\u0438\u0434\u0438\u043c\u043e \u043f\u043e\u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0432 Okta \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e 2,5% \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u0432\u0448\u0438\u0445 \u043e\u0442 \u0432\u0437\u043b\u043e\u043c\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0443\u0433\u0440\u043e\u0437\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0438 \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438. \u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0430\u0445 CVE-2022-24291 (\u043e\u0446\u0435\u043d\u043a\u0430 7,5 \u043f\u043e CVSS), CVE-2022-24292 (9,8) \u0438 CVE-2022-24293 (9,8) \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0432\u0435\u0434\u0430\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Zero Day Initiative.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f HP \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432, \u043d\u043e \u0443\u0432\u044b \u043d\u0435 \u0434\u043b\u044f \u0432\u0441\u0435\u0445. \u0414\u043b\u044f \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0431\u0435\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c LLMNR (\u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d Link-Local Multicast) \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445 \u0441\u0435\u0442\u0438. \u0422\u0430\u043a\u0436\u0435 \u043d\u0435\u0442 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 LaserJet Pro, \u043d\u043e \u043e\u043d\u0430 \u043f\u043e\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0430\u043a \u043e\u0436\u0438\u0434\u0430\u044e\u0449\u0430\u044f \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u0438\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043d\u0435\u0435 \u0434\u043e\u043b\u0436\u043d\u044b \u0441\u0442\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c\u0438 \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0430 \u0434\u0435\u0432\u0430\u0439\u0441\u043e\u0432 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u044c \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u0440\u0442\u0430\u043b \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 HP, \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u0432\u044b\u0431\u043e\u0440\u0443 \u0441\u0432\u043e\u0435\u0439 \u043c\u043e\u0434\u0435\u043b\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e. \u0411\u043b\u0430\u0433\u043e \u043f\u043e\u043a\u0430 \u0434\u043b\u044f \u043d\u0430\u0448\u0438\u0445 \u0441\u043e\u043e\u0442\u0435\u0447\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u0438\u043a\u043e\u0432  \u044d\u0442\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0438\u043c\u0435\u0435\u0442\u0441\u044f.", "creation_timestamp": "2022-03-24T09:37:40.000000Z"}, {"uuid": "7a5c2a7c-f47f-4582-8dd7-18f52af1fc89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39423", "type": "seen", "source": "https://t.me/cibsecurity/51719", "content": "\u203c CVE-2022-39423 \u203c\n\nVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T00:20:32.000000Z"}, {"uuid": "b89b20bb-ddf1-478a-a868-40943d86953b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39428", "type": "seen", "source": "https://t.me/cibsecurity/51737", "content": "\u203c CVE-2022-39428 \u203c\n\nVulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T00:28:09.000000Z"}, {"uuid": "00d50fa4-eba6-421d-97fb-0c9aef6a01a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39421", "type": "seen", "source": "https://t.me/cibsecurity/51734", "content": "\u203c CVE-2022-39421 \u203c\n\nVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T00:20:49.000000Z"}, {"uuid": "02deb259-926b-4060-9c6a-4a82653c8256", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39427", "type": "seen", "source": "https://t.me/cibsecurity/51730", "content": "\u203c CVE-2022-39427 \u203c\n\nVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T00:20:44.000000Z"}, {"uuid": "f93f99cc-f0f7-4265-a2e3-8201e52d8729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39420", "type": "seen", "source": "https://t.me/cibsecurity/51728", "content": "\u203c CVE-2022-39420 \u203c\n\nVulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Functional Security). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T00:20:42.000000Z"}, {"uuid": "06da2641-5c45-409c-986a-c52e379ca679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39426", "type": "seen", "source": "https://t.me/cibsecurity/51724", "content": "\u203c CVE-2022-39426 \u203c\n\nVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T00:20:38.000000Z"}, {"uuid": "0f7652fb-cd86-4e70-980c-ac267b5fbedc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39424", "type": "seen", "source": "https://t.me/cibsecurity/51720", "content": "\u203c CVE-2022-39424 \u203c\n\nVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T00:20:33.000000Z"}, {"uuid": "d619057d-1357-45e4-86ee-988e0b6ffaa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3942", "type": "seen", "source": "https://t.me/cibsecurity/52894", "content": "\u203c CVE-2022-3942 \u203c\n\nA vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:45:24.000000Z"}, {"uuid": "3d7ed183-d28c-4587-bbc8-f9060bb59d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39425", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2507", "content": "#CVE-2022\nCVE-2022-39425 PoC\nhttps://github.com/bob11vrdp/CVE-2022-39425\n\nDetects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6 \n\nhttps://github.com/corelight/CVE-2022-3602\n\n@BlueRedTeam", "creation_timestamp": "2022-12-06T11:13:04.000000Z"}, {"uuid": "c2c3a2b7-48e3-40c3-885b-540bc362b045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39425", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3483", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39425 PoC\nURL\uff1ahttps://github.com/bob11vrdp/CVE-2022-39425\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-24T01:52:02.000000Z"}, {"uuid": "93220eb4-b4e3-4b5f-832a-9d8034ab469d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39425", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7259", "content": "#exploit\n1. CVE-2022-39425:\nVulnerability in Oracle VM VirtualBox <6.1.40 (Core)\nhttps://github.com/bob11vrdp/CVE-2022-39425\n\n2. Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers\nhttps://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md\n\n3. CVE-2022-22971:\nSpring Framework DoS with STOMP over WebSocket\nhttps://github.com/tchize/CVE-2022-22971", "creation_timestamp": "2022-11-28T11:00:21.000000Z"}]}