https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 01 Jun 2026 07:23:00 +0000 https://vulnerability.circl.lu/sighting/649d6d29-40a6-4545-bb6f-30b18fc6b746/export {"uuid": "649d6d29-40a6-4545-bb6f-30b18fc6b746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43990", "type": "seen", "source": "https://t.me/cibsecurity/52415", "content": "\u203c CVE-2022-43990 \u203c\n\nPassword recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version < 2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible. (available in SICK Support Portal)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T23:23:31.000000Z"} {"uuid": "649d6d29-40a6-4545-bb6f-30b18fc6b746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43990", "type": "seen", "source": "https://t.me/cibsecurity/52415", "content": "\u203c CVE-2022-43990 \u203c\n\nPassword recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version < 2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible. (available in SICK Support Portal)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T23:23:31.000000Z"} https://vulnerability.circl.lu/sighting/649d6d29-40a6-4545-bb6f-30b18fc6b746/export Tue, 01 Nov 2022 23:23:31 +0000 https://vulnerability.circl.lu/sighting/3f5ea445-740d-4d10-821c-b32cad8c26cb/export {"uuid": "3f5ea445-740d-4d10-821c-b32cad8c26cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43995", "type": "seen", "source": "https://t.me/cibsecurity/52462", "content": "\u203c CVE-2022-43995 \u203c\n\nSudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the compiler and processor architecture.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T17:19:50.000000Z"} {"uuid": "3f5ea445-740d-4d10-821c-b32cad8c26cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43995", "type": "seen", "source": "https://t.me/cibsecurity/52462", "content": "\u203c CVE-2022-43995 \u203c\n\nSudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the compiler and processor architecture.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T17:19:50.000000Z"} https://vulnerability.circl.lu/sighting/3f5ea445-740d-4d10-821c-b32cad8c26cb/export Wed, 02 Nov 2022 17:19:50 +0000 https://vulnerability.circl.lu/sighting/d9664177-11df-4d76-bcba-26fdf41911d5/export {"uuid": "d9664177-11df-4d76-bcba-26fdf41911d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43996", "type": "seen", "source": "https://t.me/cibsecurity/54475", "content": "\u203c CVE-2022-43996 \u203c\n\nThe csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T01:00:57.000000Z"} {"uuid": "d9664177-11df-4d76-bcba-26fdf41911d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43996", "type": "seen", "source": "https://t.me/cibsecurity/54475", "content": "\u203c CVE-2022-43996 \u203c\n\nThe csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T01:00:57.000000Z"} https://vulnerability.circl.lu/sighting/d9664177-11df-4d76-bcba-26fdf41911d5/export Wed, 14 Dec 2022 01:00:57 +0000 https://vulnerability.circl.lu/sighting/bf34c50d-ba88-4e03-82ec-552876e3f98a/export {"uuid": "bf34c50d-ba88-4e03-82ec-552876e3f98a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43997", "type": "seen", "source": "https://t.me/cibsecurity/57003", "content": "\u203c CVE-2022-43997 \u203c\n\nIncorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:46:56.000000Z"} {"uuid": "bf34c50d-ba88-4e03-82ec-552876e3f98a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43997", "type": "seen", "source": "https://t.me/cibsecurity/57003", "content": "\u203c CVE-2022-43997 \u203c\n\nIncorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:46:56.000000Z"} https://vulnerability.circl.lu/sighting/bf34c50d-ba88-4e03-82ec-552876e3f98a/export Fri, 27 Jan 2023 00:46:56 +0000 https://vulnerability.circl.lu/sighting/47ead725-8139-4281-85f6-237628c8cef2/export {"uuid": "47ead725-8139-4281-85f6-237628c8cef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43997", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9928", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43997\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.\n\ud83d\udccf Published: 2023-01-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-01T15:24:32.999Z\n\ud83d\udd17 References:\n1. https://winternl.com/cve-2022-43997/\n2. https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741", "creation_timestamp": "2025-04-01T15:32:47.000000Z"} {"uuid": "47ead725-8139-4281-85f6-237628c8cef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43997", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9928", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43997\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.\n\ud83d\udccf Published: 2023-01-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-01T15:24:32.999Z\n\ud83d\udd17 References:\n1. https://winternl.com/cve-2022-43997/\n2. https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741", "creation_timestamp": "2025-04-01T15:32:47.000000Z"} https://vulnerability.circl.lu/sighting/47ead725-8139-4281-85f6-237628c8cef2/export Tue, 01 Apr 2025 15:32:47 +0000 https://vulnerability.circl.lu/sighting/a22a1cfe-cb9e-42f5-b43f-cb2a43e2342e/export {"uuid": "a22a1cfe-cb9e-42f5-b43f-cb2a43e2342e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43995", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14871", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43995\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.\n\ud83d\udccf Published: 2022-11-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T13:45:19.142Z\n\ud83d\udd17 References:\n1. https://www.sudo.ws/security/advisories/\n2. https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050\n3. https://news.ycombinator.com/item?id=33465707\n4. https://bugzilla.redhat.com/show_bug.cgi?id=2139911\n5. https://security.gentoo.org/glsa/202211-08", "creation_timestamp": "2025-05-05T14:20:45.000000Z"} {"uuid": "a22a1cfe-cb9e-42f5-b43f-cb2a43e2342e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43995", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14871", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43995\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.\n\ud83d\udccf Published: 2022-11-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T13:45:19.142Z\n\ud83d\udd17 References:\n1. https://www.sudo.ws/security/advisories/\n2. https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050\n3. https://news.ycombinator.com/item?id=33465707\n4. https://bugzilla.redhat.com/show_bug.cgi?id=2139911\n5. https://security.gentoo.org/glsa/202211-08", "creation_timestamp": "2025-05-05T14:20:45.000000Z"} https://vulnerability.circl.lu/sighting/a22a1cfe-cb9e-42f5-b43f-cb2a43e2342e/export Mon, 05 May 2025 14:20:45 +0000