{"vulnerability": "CVE-2022-4304", "sightings": [{"uuid": "e81eac4f-6e9f-4aa1-ba31-7b397d66fd0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4304", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14220", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4304\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.\n\ud83d\udccf Published: 2023-02-08T19:04:28.890Z\n\ud83d\udccf Modified: 2025-05-01T03:55:34.544Z\n\ud83d\udd17 References:\n1. https://www.openssl.org/news/secadv/20230207.txt\n2. https://security.gentoo.org/glsa/202402-08", "creation_timestamp": "2025-05-01T04:14:32.000000Z"}, {"uuid": "ff6d0866-ed53-4934-98e1-8519b285b189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43049", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14955", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43049\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T17:55:02.465Z\n\ud83d\udd17 References:\n1. https://github.com/sdpyly/bug_report_canteen/blob/master/SQLi.md", "creation_timestamp": "2025-05-05T18:19:40.000000Z"}, {"uuid": "d4fbd7b0-eee9-40c9-adbd-b5021bcdd148", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43045", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15734", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43045\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T13:46:38.458Z\n\ud83d\udd17 References:\n1. https://github.com/gpac/gpac/issues/2277", "creation_timestamp": "2025-05-09T14:26:19.000000Z"}, {"uuid": "71632d3f-7f58-4bb9-9cd2-5bab0cb43b56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43044", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15733", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43044\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T13:48:07.276Z\n\ud83d\udd17 References:\n1. https://github.com/gpac/gpac/issues/2282", "creation_timestamp": "2025-05-09T14:26:18.000000Z"}, {"uuid": "6a0bebcb-3b21-41bd-9413-53fe825230ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43043", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15732", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43043\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T13:50:22.106Z\n\ud83d\udd17 References:\n1. https://github.com/gpac/gpac/issues/2276", "creation_timestamp": "2025-05-09T14:26:17.000000Z"}, {"uuid": "b6b80174-32b0-4cf3-bdd4-40f4ce0cc598", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43040", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15729", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43040\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T13:53:32.075Z\n\ud83d\udd17 References:\n1. https://github.com/gpac/gpac/issues/2280", "creation_timestamp": "2025-05-09T14:26:13.000000Z"}, {"uuid": "aa934dcb-8448-4212-bfe4-d21501a1f610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43045", "type": "seen", "source": "https://t.me/cibsecurity/51789", "content": "\u203c CVE-2022-43045 \u203c\n\nGPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T18:15:29.000000Z"}, {"uuid": "ec3ae362-c9e4-4812-8d9e-d9cb5d0dfa37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43043", "type": "seen", "source": "https://t.me/cibsecurity/51788", "content": "\u203c CVE-2022-43043 \u203c\n\nGPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T18:15:27.000000Z"}, {"uuid": "05ee4eb2-3188-4974-858c-837a8dd98f2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43042", "type": "seen", "source": "https://t.me/cibsecurity/51784", "content": "\u203c CVE-2022-43042 \u203c\n\nGPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T18:15:20.000000Z"}, {"uuid": "7865a0fb-38c1-4b8c-ad7c-ff4a8cb0e172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43044", "type": "seen", "source": "https://t.me/cibsecurity/51782", "content": "\u203c CVE-2022-43044 \u203c\n\nGPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T18:15:18.000000Z"}, {"uuid": "e8c5cfd2-05cd-4c90-8848-fdc0d698fdcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43042", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15730", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43042\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T13:52:00.521Z\n\ud83d\udd17 References:\n1. https://github.com/gpac/gpac/issues/2278", "creation_timestamp": "2025-05-09T14:26:14.000000Z"}, {"uuid": "8bf7dd5a-0ca1-462d-ad4e-b3f37370826b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4304", "type": "seen", "source": "https://t.me/ctinow/182001", "content": "https://ift.tt/LQqW4hA\nCVE-2022-4304 | Oracle Business Intelligence Enterprise Edition 6.4.0.0.0/7.0.0.0.0/12.2.1.4.0 Analytics Server information disclosure", "creation_timestamp": "2024-02-09T13:22:01.000000Z"}, {"uuid": "369b2d3c-56b8-4994-838d-9c4f5a188f00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4304", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"}, {"uuid": "ad628b45-d124-4cc0-827d-0c9fdd876c11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4304", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-065-01", "content": "", "creation_timestamp": "2025-03-06T11:00:00.000000Z"}, {"uuid": "e136d64d-3faa-42cc-b6fb-fb160da7410a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4304", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-02", "content": "", "creation_timestamp": "2025-06-10T10:00:00.000000Z"}, {"uuid": "1ac04ebb-94df-45fd-9a52-076b5b93fdab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43046", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14957", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43046\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T17:53:17.726Z\n\ud83d\udd17 References:\n1. https://github.com/Oudaorui/bug_report/blob/main/vendors/oretnom23/Food%20Ordering%20Management%20System/XSS-1.md", "creation_timestamp": "2025-05-05T18:19:42.000000Z"}, {"uuid": "ec4aa9f4-8d4b-4256-ab74-556b9a767378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4304", "type": "seen", "source": "https://t.me/true_secator/4053", "content": "OpenSSL \u043e\u0431\u0437\u0430\u0432\u0435\u043b\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u043d\u0430\u0431\u043e\u0440\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\n\n\u041e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2023-0286 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0442\u0438\u043f\u043e\u0432, \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u0430\u0434\u0440\u0435\u0441\u0430 X.400 \u0432\u043d\u0443\u0442\u0440\u0438 X.509 GeneralName.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0438\u043c\u0435\u0442\u044c\u00a0\u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0440\u0438\u043d\u0443\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u043a \u043d\u0435\u043f\u0440\u0435\u0434\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044e, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0441\u0431\u043e\u044e \u0438\u043b\u0438 RCE.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 OpenSSL 3.0.8, 1.1.1t \u0438 1.0.2zg.\n\n\u0412 \u0447\u0438\u0441\u043b\u0435 \u0434\u0440\u0443\u0433\u0438\u0445 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u00a0\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438:\n\n- CVE-2022-4203\u00a0(\u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430),\n- CVE-2022-4304\u00a0(\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u044f Oracle \u0432 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0435 RSA),\n- CVE-2022-4450 (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u0437\u043e\u0432\u0430 PEM_read_bio_ex),\n- CVE-2023-0215\u00a0 (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 BIO_new_NDEF),\n- CVE-2023-0216 (\u043d\u0435\u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0435 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u0445 d2i_PKCS7),\n- CVE-2023-0217\u00a0\u0438 CVE-2023-0401 (\u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 NULL \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 DSA \u0438\u043b\u0438  \u0434\u0430\u043d\u043d\u044b\u0445 PKCS7).\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0441\u0431\u043e\u044e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u0434\u0430\u0436\u0435 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044e \u043d\u0435\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u043e \u0441\u0435\u0442\u0438, \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c\u00a0\u043f\u043e\u0431\u043e\u0447\u043d\u043e\u0433\u043e \u043a\u0430\u043d\u0430\u043b\u0430\u00a0\u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0432 \u0430\u0442\u0430\u043a\u0435 \u0432\u00a0\u0441\u0442\u0438\u043b\u0435 \u0411\u043b\u0435\u0439\u0445\u0435\u043d\u0431\u0430\u0445\u0435\u0440\u0430.", "creation_timestamp": "2023-02-10T14:55:06.000000Z"}, {"uuid": "07e1a1fe-55d8-4b3e-bfd9-c3ea43a64cc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4304", "type": "seen", "source": "https://t.me/ctinow/158128", "content": "https://ift.tt/pWoVdUT\nInternet Bug Bounty: OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)", "creation_timestamp": "2023-12-22T01:27:07.000000Z"}, {"uuid": "51d815e1-d886-4296-b5a5-11fc016fc661", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4304", "type": "seen", "source": "https://t.me/cibsecurity/57790", "content": "\u203c CVE-2022-4304 \u203c\n\nA timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T22:25:19.000000Z"}, {"uuid": "19a964d9-13eb-405c-b8e5-6012e69ebf56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43049", "type": "seen", "source": "https://t.me/cibsecurity/52616", "content": "\u203c CVE-2022-43049 \u203c\n\nCanteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T00:34:32.000000Z"}, {"uuid": "31e225f3-9a82-465d-b47c-30d216a56088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43046", "type": "seen", "source": "https://t.me/cibsecurity/52615", "content": "\u203c CVE-2022-43046 \u203c\n\nFood Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-18T07:47:48.000000Z"}, {"uuid": "d5081c32-f10b-4569-ad93-313f4957cff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-43040", "type": "seen", "source": "https://t.me/cibsecurity/51776", "content": "\u203c CVE-2022-43040 \u203c\n\nGPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T18:15:12.000000Z"}]}