{"vulnerability": "cve-2022-4289", "sightings": [{"uuid": "b4bb1952-6c20-429e-988c-fa8dcbf437c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42898", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "78a7b7c7-e9bc-4fae-be2a-1c6e79b22e54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42898", "type": "seen", "source": "https://t.me/true_secator/3726", "content": "Samba \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE.\n\n\u0421\u00a01992\u00a0\u0433\u043e\u0434\u0430 Samba \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0435 \u0438 \u0431\u044b\u0441\u0442\u0440\u044b\u0435 \u0441\u043b\u0443\u0436\u0431\u044b \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u0435\u0447\u0430\u0442\u0438 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b SMB/CIFS.\n\nSamba \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0430\u0436\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c \u0434\u043b\u044f \u0431\u0435\u0441\u043f\u0440\u0435\u043f\u044f\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0438 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u043e\u043b\u043e\u0432 Linux/Unix \u0432 \u0441\u0440\u0435\u0434\u044b Active Directory.\n\nCVE-2022-42898\u00a0\u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u0432 Samba \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a Service for User to Proxy (S4U2proxy).\n\n\u0424\u0443\u043d\u043a\u0446\u0438\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u0435\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u0430 \u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0438 \u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u043e\u0442 \u0441\u043b\u0443\u0436\u0431\u044b Kerberos (TGS).\n\n\u0411\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Heimdal \u0438 MIT Kerberos \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443 Kerberos \u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0442 \u0426\u0435\u043d\u0442\u0440 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u043b\u044e\u0447\u0435\u0439 (KDC).\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438\u00a0\u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0431\u0438\u043b\u0435\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442\u044c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 PAC.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u043e\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 KDC.\n\n\u0418\u0437-\u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 32-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0431\u0443\u0444\u0435\u0440 16-\u0431\u0430\u0439\u0442\u043e\u0432\u044b\u043c\u0438 \u0431\u043b\u043e\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0438\u043c \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS \u0438\u043b\u0438 RCE.\u00a064-\u0431\u0438\u0442\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043d\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b.\n\n\u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u044b Samba, KDC \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u0442\u0430\u043a \u043a\u0430\u043a \u043e\u043d \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c PAC \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 S4U2Proxy.\n\n\u0412\u0442\u043e\u0440\u0438\u0447\u043d\u044b\u0439 \u0440\u0438\u0441\u043a \u0441\u0432\u044f\u0437\u0430\u043d \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430\u043c\u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 Kerberos \u0432 \u0441\u0444\u0435\u0440\u0435, \u043e\u0442\u043b\u0438\u0447\u043d\u043e\u0439 \u043e\u0442 AD.\n\nHeimdal KDC, \u043d\u0435 \u043e\u0442\u043d\u043e\u0441\u044f\u0449\u0438\u0439\u0441\u044f \u043a AD, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u044e\u0449\u0438\u0439 \u0442\u0430\u043a\u0443\u044e \u043e\u0431\u043b\u0430\u0441\u0442\u044c, \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u0434\u0430\u0442\u044c PAC, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u0432 \u0441\u0435\u0440\u0432\u0438\u0441\u043d\u043e\u043c \u0431\u0438\u043b\u0435\u0442\u0435.\n\nSamba 4.15.12, 4.16.7 \u0438 4.17.3 \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\u00a0Heimdal 7.7.1\u00a0\u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u044d\u0442\u0443 \u043e\u0448\u0438\u0431\u043a\u0443.\n\n\u041d\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u0435\u043d\u0435\u0431\u0440\u0435\u0433\u0430\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c\u0438 Samba \u0438 \u043f\u0440\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u043c\u0435\u0440\u044b, \u0432\u0435\u0434\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u043b\u043d\u043e\u043c\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.", "creation_timestamp": "2022-11-18T16:40:07.000000Z"}, {"uuid": "4b73d10c-5547-49f0-8cb5-1538d6aea879", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42894", "type": "seen", "source": "https://t.me/cibsecurity/53082", "content": "\u203c CVE-2022-42894 \u203c\n\nA vulnerability has been identified in syngo Dynamics (All versions &lt; VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T20:18:07.000000Z"}, {"uuid": "adad2439-7420-49cc-a8fb-2e5e2ebf393d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42891", "type": "seen", "source": "https://t.me/cibsecurity/53081", "content": "\u203c CVE-2022-42891 \u203c\n\nA vulnerability has been identified in syngo Dynamics (All versions &lt; VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website\u00e2\u20ac\u2122s application pool.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T20:18:03.000000Z"}, {"uuid": "a083ebfb-b341-4478-9480-a87ad5573fd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42896", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/53416", "content": "\u203c CVE-2022-42896 \u203c\n\nThere are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T18:13:49.000000Z"}, {"uuid": "98e597b1-14de-42ae-be18-a4c4108dedba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42895", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7367", "content": "#exploit\n1. CVE-2022-42895:\nLinux Kernel: Infoleak in Bluetooth L2CAP Handling\nhttps://seclists.org/oss-sec/2022/q4/190\n\n2. CVE-2021-43444 - 43449:\nExploiting ONLYOFFICE Web Sockets for Unauth RCE\nhttps://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution\n]-&gt; https://xz.aliyun.com/t/12008\n\n3. Exploiting SUID Binaries\nhttps://medium.com/@tinopreter/linux-privesc-3-exploiting-suid-binaries-72ec5460c6a", "creation_timestamp": "2023-01-06T08:58:07.000000Z"}, {"uuid": "91f70f90-5063-4284-9d19-27cb6410ee71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42898", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11686", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42898\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"\n\ud83d\udccf Published: 2022-12-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T18:33:09.110Z\n\ud83d\udd17 References:\n1. https://web.mit.edu/kerberos/advisories/\n2. https://www.samba.org/samba/security/CVE-2022-42898.html\n3. https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583\n4. https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c\n5. https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt\n6. https://web.mit.edu/kerberos/krb5-1.19/\n7. https://bugzilla.samba.org/show_bug.cgi?id=15203\n8. https://security.netapp.com/advisory/ntap-20230216-0008/\n9. https://security.netapp.com/advisory/ntap-20230223-0001/\n10. https://security.gentoo.org/glsa/202309-06\n11. https://security.gentoo.org/glsa/202310-06", "creation_timestamp": "2025-04-14T18:54:20.000000Z"}, {"uuid": "3f56e745-80a8-40e2-bb11-cb9dc10f8d64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4289", "type": "seen", "source": "https://t.me/cibsecurity/59773", "content": "\u203c CVE-2022-4289 \u203c\n\nAn issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-10T00:20:58.000000Z"}, {"uuid": "8be2a2f6-a9cf-4a44-9a2d-844514beff26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42895", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/53419", "content": "\u203c CVE-2022-42895 \u203c\n\nThere is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T18:13:52.000000Z"}, {"uuid": "af3acf57-a1dc-4b5f-bf05-90cb5bc3675d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42893", "type": "seen", "source": "https://t.me/cibsecurity/53076", "content": "\u203c CVE-2022-42893 \u203c\n\nA vulnerability has been identified in syngo Dynamics (All versions &lt; VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website\u00e2\u20ac\u2122s application pool.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T20:17:56.000000Z"}, {"uuid": "a69ef49d-e7eb-469c-b1a4-95f73bae23b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42892", "type": "seen", "source": "https://t.me/cibsecurity/53068", "content": "\u203c CVE-2022-42892 \u203c\n\nA vulnerability has been identified in syngo Dynamics (All versions &lt; VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website\u00e2\u20ac\u2122s application pool.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T20:17:45.000000Z"}, {"uuid": "53225271-9170-480f-8c0f-487d6f0436bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42899", "type": "seen", "source": "https://t.me/cibsecurity/51306", "content": "\u203c CVE-2022-42899 \u203c\n\nBentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T07:27:27.000000Z"}, {"uuid": "b9ca69ba-0acb-44ba-9069-624e33129bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42890", "type": "seen", "source": "https://t.me/cibsecurity/52060", "content": "\u203c CVE-2022-42890 \u203c\n\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:41:02.000000Z"}, {"uuid": "32a48acc-dfd7-44eb-885f-afc080e6f165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42897", "type": "seen", "source": "https://t.me/cibsecurity/51310", "content": "\u203c CVE-2022-42897 \u203c\n\nArray Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T07:27:34.000000Z"}, {"uuid": "b5996d9e-7452-42e4-8095-440d6f95f60c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42899", "type": "seen", "source": "https://t.me/cibsecurity/51814", "content": "\ud83d\udd74 Apache Commons Vulnerability: Patch but Don't Panic \ud83d\udd74\n\nExperts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen.\n\n\ud83d\udcd6 Read\n\nvia \"Dark Reading\".", "creation_timestamp": "2022-10-19T20:15:40.000000Z"}, {"uuid": "6a4271b0-fbaa-43f3-828d-38df136e7d48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42890", "type": "seen", "source": "https://bsky.app/profile/brasilnewsia.bsky.social/post/3lidf27l2tn2i", "content": "", "creation_timestamp": "2025-02-16T23:27:30.506947Z"}, {"uuid": "24b4b58e-6527-424a-88cb-1c8de8e48e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42891", "type": "seen", "source": "https://bsky.app/profile/brasilnewsia.bsky.social/post/3lidf27l2tn2i", "content": "", "creation_timestamp": "2025-02-16T23:27:30.566869Z"}, {"uuid": "66ee6c63-9bec-4cc9-9f54-bb11ea33c44e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42898", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lstlonusck26", "content": "", "creation_timestamp": "2025-06-30T16:20:55.263209Z"}, {"uuid": "737ff5be-7214-474a-be6c-f0274096d90b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42895", "type": "seen", "source": "https://t.me/crackcodes/1802", "content": "#exploit\n1. CVE-2022-42895:\nLinux Kernel: Infoleak in Bluetooth L2CAP Handling\nhttps://seclists.org/oss-sec/2022/q4/190\n\n2. CVE-2021-43444 - 43449:\nExploiting ONLYOFFICE Web Sockets for Unauth RCE\nhttps://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution\n\n3. Exploiting SUID Binaries\nhttps://medium.com/@tinopreter/linux-privesc-3-exploiting-suid-binaries-72ec5460c6a", "creation_timestamp": "2022-12-16T14:10:01.000000Z"}]}