{"vulnerability": "CVE-2022-3937", "sightings": [{"uuid": "f31b79c8-1aa5-402d-9fa8-12f1b288c114", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39374", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1788", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39374\n\ud83d\udd39 Description: Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0\n\n\n\ud83d\udccf Published: 2023-05-26T13:44:44.113Z\n\ud83d\udccf Modified: 2025-01-15T15:34:02.534Z\n\ud83d\udd17 References:\n1. https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7\n2. https://github.com/matrix-org/synapse/pull/13723\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/", "creation_timestamp": "2025-01-15T15:55:18.000000Z"}, {"uuid": "652489c7-62e3-4cae-a79e-f6766f78b6b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39377", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2541", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33204\n\ud83d\udd39 Description: sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.\n\ud83d\udccf Published: 2023-05-18T00:00:00\n\ud83d\udccf Modified: 2025-01-22T14:49:28.299Z\n\ud83d\udd17 References:\n1. https://github.com/sysstat/sysstat/pull/360\n2. https://lists.debian.org/debian-lts-announce/2023/05/msg00026.html\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV/\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX/", "creation_timestamp": "2025-01-22T15:03:00.000000Z"}, {"uuid": "9f724d68-f07c-49d3-b51b-abd08f2f9515", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39377", "type": "seen", "source": "https://t.me/cibsecurity/52667", "content": "\u203c CVE-2022-39377 \u203c\n\nsysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T22:35:29.000000Z"}, {"uuid": "c5db9fb2-803d-4663-8cc8-2ca99b965bfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39378", "type": "seen", "source": "https://t.me/cibsecurity/52487", "content": "\u203c CVE-2022-39378 \u203c\n\nDiscourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T19:19:55.000000Z"}]}