{"vulnerability": "cve-2022-2693", "sightings": [{"uuid": "643dd5bd-c0dc-47ab-96fd-fd84969f14f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2693", "type": "seen", "source": "https://t.me/cibsecurity/47703", "content": "\u203c CVE-2022-2693 \u203c\n\nA vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-06T22:21:55.000000Z"}, {"uuid": "d08bf059-423f-4a05-b6be-d53f8f8ec823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26937", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6171", "content": "#exploit\nCVE-2022-26937:\nMicrosoft Windows Network File System NLM Portmap Stack Buffer Overflow\nhttps://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow", "creation_timestamp": "2022-06-10T11:04:52.000000Z"}, {"uuid": "ecc75ed2-31e9-4281-be49-545d06423b87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-26931", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=801", "content": "", "creation_timestamp": "2022-05-11T04:00:00.000000Z"}, {"uuid": "5858b893-8ffb-434a-8c42-e1e1acab5913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-26937", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=801", "content": "", "creation_timestamp": "2022-05-11T04:00:00.000000Z"}, {"uuid": "479669c6-4e86-4816-bf1f-a88fa1e1b9bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26937", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9720", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2022-26937: Microsoft Windows Network File System Nlm Portmap Stack Buffer Overflow.\n\nhttps://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow", "creation_timestamp": "2022-06-10T06:03:17.000000Z"}, {"uuid": "bbc69b04-097a-427f-a37a-445a06b3e1a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26935", "type": "seen", "source": "https://t.me/cibsecurity/42325", "content": "\u203c CVE-2022-26935 \u203c\n\nWindows WLAN AutoConfig Service Information Disclosure Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T00:49:03.000000Z"}, {"uuid": "8735b377-201a-465e-95bc-fee5e1a0d09d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26937", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6326", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (June 1-30)\n\nCVE-2022-30190 - Follina exploit\nCVE-2022-26134 - OGNL injection in Atlassian Confluence Server/Data Center\nCVE-2022-26809 - Weakness in a core Windows 7/10/Srv19/22 component (RPC)\nCVE-2022-30075 - TP-Link AX50 Auth RCE\nCVE-2022-23222 - Linux Kernel eBPF LPE\nCVE-2022-32275 - Grafana 8.4.3 allows reading files\nCVE-2022-26937 - Windows NFS NLM Portmap Stack Buffer Overflow\nCVE-2022-23088 - Heap Overflow in FreeBSD Wi-Fi Stack\nCVE-2022-31626 - RCE in PHP &lt;=7.4.29\nCVE-2022-30333 - Dir Traversal in rar", "creation_timestamp": "2024-10-12T06:49:41.000000Z"}, {"uuid": "e01469d2-5708-4ce0-8523-d5529d3398d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26937", "type": "seen", "source": "https://t.me/true_secator/3190", "content": "Trend Micro Research \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Windows NFS CVE-2022-30136, \u043a\u043e\u0442\u043e\u0440\u0443\u044e Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0432 \u0438\u044e\u043d\u0435 2022 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u043e\u0442\u043e\u043a\u043e\u043b \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b NFS \u0431\u044b\u043b \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d Sun Microsystems \u0432 1984 \u0433\u043e\u0434\u0443. \u041e\u043d \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u0442\u0430\u043a\u0438\u043c \u0436\u0435 \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u043a\u0430\u043a \u0438 \u043a \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u041f\u0440\u043e\u0442\u043e\u043a\u043e\u043b NFS \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0432\u044b\u0437\u043e\u0432 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 (RPC) Open Network Computing (ONC) \u0434\u043b\u044f \u043e\u0431\u043c\u0435\u043d\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u043c\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438.\u00a0\u041a\u043e\u0433\u0434\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f ONC RPC \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043f\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0443 TCP, \u043a \u043d\u0438\u043c \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430 Fragment \u0434\u043b\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0439 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u043e \u043e\u0434\u043d\u043e\u043c\u0443 \u0441\u0435\u0430\u043d\u0441\u0443 TCP.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u0435\u0442\u0435\u0432\u0443\u044e \u0444\u0430\u0439\u043b\u043e\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 Windows \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 NFSv4. \u0412 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 NFS \u0434\u043b\u044f Windows \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430.\u00a0\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u0440\u0430\u0441\u0447\u0435\u0442\u043e\u043c \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u043e\u0442\u0432\u0435\u0442\u043d\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439.\u00a0\n\n\u0423\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0432\u044b\u0437\u043e\u0432\u044b RPC \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 SYSTEM.\u00a0\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0443\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0441\u0431\u043e\u044e \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041e\u043d\u0430 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 \u043f\u043e CVSS 9.8 \u0438 \u0441\u0445\u043e\u0436\u0430 \u043d\u0430 CVE-2022-26937 - \u043e\u0448\u0438\u0431\u043a\u043e\u0439 NFS, \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435.\n\n\u041d\u0430 \u043f\u0435\u0440\u0432\u044b\u0439 \u0432\u0437\u0433\u043b\u044f\u0434, \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f \u0440\u0430\u0437\u043d\u0438\u0446\u0430 \u043c\u0435\u0436\u0434\u0443 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 NFSV4.1, \u0442\u043e\u0433\u0434\u0430 \u043a\u0430\u043a \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u0440\u0441\u0438\u0438 NSFV2.0 \u0438 NSFV3.0. \u041f\u0440\u0438\u0447\u0435\u043c \u0434\u043e \u043a\u043e\u043d\u0446\u0430 \u0435\u0449\u0435 \u043d\u0435\u044f\u0441\u043d\u043e, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043b\u0438 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430 \u0438\u043b\u0438 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u043e \u043d\u043e\u0432\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439.\n\n\u0412 \u0441\u0432\u043e\u0435\u043c \u043e\u0442\u0447\u0435\u0442\u0435 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u044e\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f NFSv4.1 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043c\u0435\u0442\u043e\u0434\u0430 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a.\u00a0\u041e\u0434\u043d\u0430\u043a\u043e \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0442\u0435\u0440\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438.\u00a0\n\nMicrosoft \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u043d\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c, \u0435\u0441\u043b\u0438 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f CVE-2022-26937: \u043b\u0438\u0448\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.", "creation_timestamp": "2022-07-19T11:23:18.000000Z"}, {"uuid": "7c7a78a4-90aa-4fc7-9038-073201a63b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26936", "type": "seen", "source": "https://t.me/cibsecurity/42298", "content": "\u203c CVE-2022-26936 \u203c\n\nWindows Server Service Information Disclosure Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T00:39:11.000000Z"}, {"uuid": "8a7d0ecd-cfbd-4d43-a015-1eb3979ea70d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26930", "type": "seen", "source": "https://t.me/cibsecurity/42276", "content": "\u203c CVE-2022-26930 \u203c\n\nWindows Remote Access Connection Manager Information Disclosure Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T00:33:04.000000Z"}, {"uuid": "985b9953-0fbe-4d36-86ba-411036d877ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26931", "type": "seen", "source": "https://bsky.app/profile/flakshack.bsky.social/post/3lhzaqbns4s2j", "content": "", "creation_timestamp": "2025-02-12T22:43:46.035343Z"}, {"uuid": "3f1fdd23-d105-4911-9d61-7254ddc1ef81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26931", "type": "seen", "source": "https://bsky.app/profile/flakshack.bsky.social/post/3lhzaqbnxyc2j", "content": "", "creation_timestamp": "2025-02-12T22:43:46.465785Z"}, {"uuid": "cbbc002c-75d7-4664-875b-7bab6950216b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26931", "type": "seen", "source": "https://bsky.app/profile/flakshack.bsky.social/post/3lhzaqbnyxk2j", "content": "", "creation_timestamp": "2025-02-12T22:43:46.901869Z"}]}