{"vulnerability": "cve-2022-3440", "sightings": [{"uuid": "42099d78-7122-4221-8df6-ea1c0ba503b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34407", "type": "seen", "source": "https://t.me/cibsecurity/60138", "content": "\u203c CVE-2022-34407 \u203c\n\nDell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-16T15:31:05.000000Z"}, {"uuid": "5dce25b7-2bbd-42b0-8b26-1207f7b9a8fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34406", "type": "seen", "source": "https://t.me/cibsecurity/60125", "content": "\u203c CVE-2022-34406 \u203c\n\nDell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-16T15:30:48.000000Z"}, {"uuid": "1162ac55-0eb2-4b81-8921-f25df3f6ff5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34401", "type": "seen", "source": "https://t.me/cibsecurity/56661", "content": "\u203c CVE-2022-34401 \u203c\n\nDell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T12:20:53.000000Z"}, {"uuid": "bea2688f-b789-49e8-955f-950684fa3283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34400", "type": "seen", "source": "https://t.me/cibsecurity/57239", "content": "\u203c CVE-2022-34400 \u203c\n\nDell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T07:13:51.000000Z"}, {"uuid": "9b2212ef-1a7f-4d26-aaa0-985c8d53dd91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34408", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5532", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34408\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: \nDell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.\n\n\n\ud83d\udccf Published: 2023-03-16T11:07:12.263Z\n\ud83d\udccf Modified: 2025-02-26T15:58:08.894Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability", "creation_timestamp": "2025-02-26T16:24:28.000000Z"}, {"uuid": "29ea776c-af09-4e80-bec8-df314c08e704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34403", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8953", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34403\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: \nDell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-01T05:19:46.289Z\n\ud83d\udccf Modified: 2025-03-26T18:54:43.424Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/000205716", "creation_timestamp": "2025-03-26T19:26:32.000000Z"}, {"uuid": "c210e6b4-313f-44b9-bd8e-619c2a484b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34404", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8860", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34404\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: \nDell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-10T20:30:31.494Z\n\ud83d\udccf Modified: 2025-03-26T15:19:19.579Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/000203733", "creation_timestamp": "2025-03-26T15:26:02.000000Z"}, {"uuid": "dbac68e8-8b43-442c-a503-b07d24992464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34403", "type": "seen", "source": "https://t.me/cibsecurity/57263", "content": "\u203c CVE-2022-34403 \u203c\n\nDell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T12:14:03.000000Z"}, {"uuid": "2d8e2ea4-db6f-4b9d-aab1-02b757dcbefd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3440", "type": "seen", "source": "https://t.me/cibsecurity/52293", "content": "\u203c CVE-2022-3440 \u203c\n\nThe Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-31T19:38:00.000000Z"}, {"uuid": "40439325-fcfa-46ea-a860-ce13e832ee05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3440", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15206", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3440\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting\n\ud83d\udccf Published: 2022-10-31T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-06T20:09:09.143Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/e39fcf30-1e69-4399-854c-4c5b6ccc22a2", "creation_timestamp": "2025-05-06T20:21:09.000000Z"}]}