{"vulnerability": "cve-2022-4174", "sightings": [{"uuid": "80b3d450-b193-4336-a54d-09cd06a8ed5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://gist.github.com/AbhisHub-12/9387916f0a47fa7264bdec24a4cebb7e", "content": "", "creation_timestamp": "2025-11-04T07:35:47.000000Z"}, {"uuid": "ec2cc15c-2c94-40ff-afa1-0d3bc7f49edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://gist.github.com/AbhisHub-12/231d7ecd35af8331fb68e8e809de9f94", "content": "", "creation_timestamp": "2025-11-04T07:45:21.000000Z"}, {"uuid": "bdfdfa44-805e-41ca-8386-b1154cc53790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4174", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ljitwrurii26", "content": "", "creation_timestamp": "2025-03-03T21:02:32.141447Z"}, {"uuid": "facb2a10-977e-4478-b127-d2ceb763def9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://gist.github.com/AbhisHub-12/40bcac2336a99ffc427d675d4e942dcd", "content": "", "creation_timestamp": "2025-11-04T07:33:41.000000Z"}, {"uuid": "ac78fb57-33e3-43dd-9403-5e8ed4245a5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/6638", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T06:00:18.000000Z"}, {"uuid": "3005a064-efc1-4cf0-8575-ab4793704336", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://gist.github.com/AbhisHub-12/401b2f18ea0acec23d957659a133ce3c", "content": "", "creation_timestamp": "2025-11-04T08:42:42.000000Z"}, {"uuid": "2288d5cd-d2d4-4a5d-aeac-c32382786e43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41743", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15570", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41743\n\ud83d\udd25 CVSS Score: 7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module.\n\ud83d\udccf Published: 2022-10-19T21:21:29.045Z\n\ud83d\udccf Modified: 2025-05-08T18:09:41.879Z\n\ud83d\udd17 References:\n1. https://support.f5.com/csp/article/K01112063", "creation_timestamp": "2025-05-08T18:24:11.000000Z"}, {"uuid": "4fbbe5f0-a8bd-4321-87e1-78324c0dcad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://gist.github.com/AbhisHub-12/63bdf1d0634f39824f92015919b49a52", "content": "", "creation_timestamp": "2025-11-04T08:37:00.000000Z"}, {"uuid": "1762e417-8385-4568-bed5-a0593f114939", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://gist.github.com/AbhisHub-12/abea2bfd542234a9b8f38afb1314081d", "content": "", "creation_timestamp": "2025-11-04T08:50:06.000000Z"}, {"uuid": "050a3fa2-b964-4bee-97ef-758f3232f7f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://gist.github.com/AbhisHub-12/804375f9cb93f457a5df8fa4055ba9fa", "content": "", "creation_timestamp": "2025-11-04T08:53:46.000000Z"}, {"uuid": "3c2dd9c4-1aa5-4d28-b15e-0f8c9854dc73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://gist.github.com/AbhisHub-12/cd34c9af59cd3e39691edbb4583edd15", "content": "", "creation_timestamp": "2025-11-04T08:56:56.000000Z"}, {"uuid": "4919c1ca-640d-49f8-8fb5-3c216ccf5f67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://gist.github.com/AbhisHub-12/541ce13a3308577f83871945d91c5706", "content": "", "creation_timestamp": "2025-11-04T09:02:02.000000Z"}, {"uuid": "66efa3b0-1c6c-4bda-a81e-28faf6308672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://gist.github.com/AbhisHub-12/473e9ba173e1bc5c173bb11b9896e41b", "content": "", "creation_timestamp": "2025-11-04T09:06:43.000000Z"}, {"uuid": "1ed92ee0-4bb3-4106-aaeb-eb74867ae188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15568", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41742\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)\n\ud83d\udd39 Description: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.\n\ud83d\udccf Published: 2022-10-19T21:20:50.106Z\n\ud83d\udccf Modified: 2025-05-08T18:11:30.671Z\n\ud83d\udd17 References:\n1. https://support.f5.com/csp/article/K28112382\n2. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/\n5. https://www.debian.org/security/2022/dsa-5281\n6. https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html\n7. https://security.netapp.com/advisory/ntap-20230120-0005/", "creation_timestamp": "2025-05-08T18:24:09.000000Z"}, {"uuid": "f5c2058b-f379-4b7a-b959-7e701ba2dd0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41741", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15567", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41741\n\ud83d\udd25 CVSS Score: 7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.\n\ud83d\udccf Published: 2022-10-19T21:20:24.882Z\n\ud83d\udccf Modified: 2025-05-08T18:12:10.565Z\n\ud83d\udd17 References:\n1. https://support.f5.com/csp/article/K81926432\n2. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/\n5. https://www.debian.org/security/2022/dsa-5281\n6. https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html\n7. https://security.netapp.com/advisory/ntap-20230120-0005/", "creation_timestamp": "2025-05-08T18:24:07.000000Z"}, {"uuid": "c67659ec-9c08-4c85-b057-bd8251465cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/2421", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T06:00:18.000000Z"}, {"uuid": "575de0c5-fab8-425b-a7c3-3944996730ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4174", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/6638", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T06:00:18.000000Z"}, {"uuid": "6580fc5d-dbe1-4fd7-b67f-dad68a2700c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4174", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/2421", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T06:00:18.000000Z"}, {"uuid": "b1bd9543-5d37-46db-9f4a-ef01261a663d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4174", "type": "published-proof-of-concept", "source": "Telegram/VDuXxbJBbFcH5TC0TJgn8Pm2tnWrnFWJssJCqPb0YjXQKGk", "content": "", "creation_timestamp": "2025-02-11T04:00:07.000000Z"}, {"uuid": "3f2d8c06-36c7-4829-882f-a6d16e1e4bf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41741", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/6638", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T06:00:18.000000Z"}, {"uuid": "4e383289-3efe-4c87-b96d-a136653f1009", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "published-proof-of-concept", "source": "Telegram/VDuXxbJBbFcH5TC0TJgn8Pm2tnWrnFWJssJCqPb0YjXQKGk", "content": "", "creation_timestamp": "2025-02-11T04:00:07.000000Z"}, {"uuid": "27fb46e8-9f20-428e-b9a8-c34034f7360f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41741", "type": "published-proof-of-concept", "source": "Telegram/ee4Sk2iX4NQCrC-p271ZgtDUcNEyDO7VCRtDqN26FeKrwI4", "content": "", "creation_timestamp": "2025-05-08T05:00:07.000000Z"}, {"uuid": "d1e3b7ac-009d-42a2-a8f8-24cc6f239389", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41747", "type": "seen", "source": "https://t.me/cibsecurity/51087", "content": "\u203c CVE-2022-41747 \u203c\n\nAn improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T00:25:31.000000Z"}, {"uuid": "71af16eb-170c-4a48-a5a2-c210142400fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4174", "type": "seen", "source": "https://t.me/true_secator/3769", "content": "Google \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 Chrome 108 \u0432 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u043c \u043a\u0430\u043d\u0430\u043b\u0435 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 28 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 22, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438.\n\n\u0418\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432\u043e\u0441\u0435\u043c\u044c \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0430 14 \u2014 \u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u0421\u0430\u043c\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0438\u0437 \u044d\u0442\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u2014 \u044d\u0442\u043e CVE-2022-4174, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u044b \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript V8 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0427\u0436\u044d\u043d\u0445\u0430\u043d \u0421\u044f\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0439 \u0437\u0430 \u043d\u0435\u0435 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0435 \u0432 \u0440\u0430\u0437\u043c\u0435\u0440\u0435 15 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432.\n\n\u0412\u0441\u0435\u0433\u043e \u0436\u0435 Google \u0432\u044b\u043f\u043b\u0430\u0442\u0438\u043b \u0431\u043e\u043b\u0435\u0435 70 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u0441\u043e\u043e\u0431\u0449\u0438\u0432\u0448\u0438\u043c \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0430\u0445.\n\n\u0412\u0441\u0435 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u2014 \u044d\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0430\u043c\u044f\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u0448\u0435\u0441\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u0438 \u0442\u043e\u043c, \u0447\u0442\u043e Google \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430\u0434\u00a0\u0443\u043b\u0443\u0447\u0448\u0435\u043d\u0438\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 Chrome \u0443\u0436\u0435 \u0431\u043e\u043b\u044c\u0448\u0435 \u0433\u043e\u0434\u0430, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043f\u0443\u0442\u0435\u043c \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0430 \u0441 C++ \u043d\u0430 \u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0442\u043e\u0440 Rust.\n\n\u0412 Lacros Graphics \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432\u043b\u0438\u044f\u044e\u0442 \u043d\u0430 \u0442\u0430\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b, \u043a\u0430\u043a Camera Capture, Extensions Mojo, Audio \u0438 Forms.\n\n14 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u043b\u0438\u0442\u0438\u043a, \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432\u0432\u043e\u0434\u0430, \u043d\u0435\u0443\u043c\u0435\u0441\u0442\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f.\n\nGoogle \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f Chrome \u0442\u0435\u043f\u0435\u0440\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u043a\u0430\u043a \u0432\u0435\u0440\u0441\u0438\u044f 108.0.5359.71 \u0434\u043b\u044f Mac \u0438 Linux \u0438 \u043a\u0430\u043a \u0432\u0435\u0440\u0441\u0438\u044f 108.0.5359.71/72 \u0434\u043b\u044f Windows.", "creation_timestamp": "2022-12-01T11:53:53.000000Z"}, {"uuid": "1c02e9de-402c-440f-9ea7-c8afe3d4c462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41740", "type": "seen", "source": "https://t.me/cibsecurity/55994", "content": "\u203c CVE-2022-41740 \u203c\n\nIBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-05T20:19:18.000000Z"}, {"uuid": "fd958063-8836-48da-9095-5c2e56466797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41744", "type": "seen", "source": "https://t.me/cibsecurity/51080", "content": "\u203c CVE-2022-41744 \u203c\n\nA Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T00:25:22.000000Z"}, {"uuid": "8e588c84-1fc3-41de-9c03-5b4a35404dba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41748", "type": "seen", "source": "https://t.me/cibsecurity/51073", "content": "\u203c CVE-2022-41748 \u203c\n\nA registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T00:25:15.000000Z"}, {"uuid": "39a3b875-dda7-4203-bfb4-5e787fe87d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41749", "type": "seen", "source": "https://t.me/cibsecurity/51075", "content": "\u203c CVE-2022-41749 \u203c\n\nAn origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T00:25:17.000000Z"}, {"uuid": "00e2aa8e-4127-4363-8b49-14112d233116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41741", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11806", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T14:50:07.000000Z"}, {"uuid": "c6b812a7-af71-4fe2-86dc-52fe5f904e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41741", "type": "seen", "source": "https://t.me/cibsecurity/51843", "content": "\u203c CVE-2022-41741 \u203c\n\nNGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-20T02:20:41.000000Z"}, {"uuid": "d368abcb-8ad6-4be6-9fbd-7d99ad6433e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "seen", "source": "https://t.me/cibsecurity/51857", "content": "\u203c CVE-2022-41742 \u203c\n\nNGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-27T11:51:22.000000Z"}, {"uuid": "82c79e95-92dd-4232-9d45-942362cc2443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41743", "type": "seen", "source": "https://t.me/cibsecurity/51855", "content": "\u203c CVE-2022-41743 \u203c\n\nNGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-20T02:20:59.000000Z"}, {"uuid": "121c0247-5162-4d5f-8161-c0eb36904f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41742", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11806", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T14:50:07.000000Z"}, {"uuid": "ffa57937-c228-466c-96d2-2719002966ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4174", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11806", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T14:50:07.000000Z"}]}