{"vulnerability": "cve-2022-4514", "sightings": [{"uuid": "86bcdf4d-dd5e-4e7b-9abc-e14f66201dde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45141", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6762", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45141\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).\n\ud83d\udccf Published: 2023-03-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-06T20:38:07.059Z\n\ud83d\udd17 References:\n1. https://www.samba.org/samba/security/CVE-2022-45141.html\n2. https://security.gentoo.org/glsa/202309-06", "creation_timestamp": "2025-03-06T21:34:31.000000Z"}, {"uuid": "d578ee3e-9d64-476b-adea-cfab42df5547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45142", "type": "seen", "source": "Telegram/Sl-WKyZGV1MDcswPkINfQXSzv6-Mv5VFXzE0rZ_taj1YcWT-", "content": "", "creation_timestamp": "2025-03-08T04:34:55.000000Z"}, {"uuid": "a5084bd6-4e46-493e-8667-518c0edf216d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45141", "type": "seen", "source": "Telegram/s95eVfHt72fAxS52MUWznJwr7o0bIdOGgiStyuxZUmKTJOKl", "content": "", "creation_timestamp": "2025-03-08T04:34:55.000000Z"}, {"uuid": "085e8ef8-0bc0-4642-a969-89574c016815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45142", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6743", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45142\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.\n\ud83d\udccf Published: 2023-03-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-06T20:20:48.532Z\n\ud83d\udd17 References:\n1. https://www.openwall.com/lists/oss-security/2023/02/08/1\n2. https://security.gentoo.org/glsa/202310-06", "creation_timestamp": "2025-03-06T20:34:04.000000Z"}, {"uuid": "f31e59d5-a893-48ca-bbc4-c73f66f1dfa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45145", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13030", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45145\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.\n\ud83d\udccf Published: 2022-12-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T13:54:51.643Z\n\ud83d\udd17 References:\n1. https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html\n2. https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=egg-compile.scm%3Bh=9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp=c1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb=a08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb=9c6fb001c25de4390f46ffd7c3c94237f4df92a9\n3. https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=NEWS%3Bh=54888afff09353093453673c407cabfe76a5ce77%3Bhp=a3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb=670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb=a08f8f548d772ef410c672ba33a27108d8d434f3", "creation_timestamp": "2025-04-23T14:05:04.000000Z"}, {"uuid": "b7d3eb33-e30a-456e-93af-32e0d2c0b464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45143", "type": "seen", "source": "https://t.me/arpsyndicate/27", "content": "#ExploitObserverAlert\n\nCVE-2022-45143\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-45143. The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.\n\nFIRST-EPSS: 0.002540000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-09T12:33:00.000000Z"}, {"uuid": "25f3e732-7399-4e4d-971b-3299dc5d8431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45141", "type": "seen", "source": "https://t.me/ics_cert/678", "content": "\u0633\u0627\u0645\u0628\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0631\u0641\u0639 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0635\u0648\u0631\u062a \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u0648\u0641\u0642\u06cc\u062a\u200c\u0622\u0645\u06cc\u0632\u060c \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u06a9\u0646\u062a\u0631\u0644 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u062f\u06cc\u062f\u0647 \u0631\u0627 \u062f\u0631 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u062f.\n\n\u0633\u0627\u0645\u0628\u0627 \u06cc\u06a9 \u0627\u062c\u0631\u0627\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u06cc \u0627\u0632 \u067e\u0631\u0648\u062a\u06a9\u0644 \u0634\u0628\u06a9\u0647 SMB \u0627\u0633\u062a \u06a9\u0647 \u062e\u062f\u0645\u0627\u062a \u0641\u0627\u06cc\u0644 \u0648 \u0686\u0627\u067e \u0631\u0627 \u0628\u0631\u0627\u06cc \u06a9\u0644\u0627\u06cc\u0646\u062a \u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0648\u06cc\u0646\u062f\u0648\u0632 \u067e\u06cc\u0627\u062f\u0647 \u0633\u0627\u0632\u06cc \u0645\u06cc \u06a9\u0646\u062f \u0648 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u062f\u0627\u0645\u0646\u0647 \u0633\u0631\u0648\u0631 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u0646\u062f\u0647 \u062f\u0627\u0645\u0646\u0647 (DC) \u0627\u062f\u063a\u0627\u0645 \u0634\u0648\u062f.\n\n\u0627\u06cc\u0646 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0628\u0631 \u0631\u0648\u06cc \u0627\u06a9\u062b\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0647\u0627\u06cc \u0645\u0634\u0627\u0628\u0647 \u06cc\u0648\u0646\u06cc\u06a9\u0633 \u0645\u0627\u0646\u0646\u062f \u0644\u06cc\u0646\u0648\u06a9\u0633\u060c \u0633\u0648\u0644\u0627\u0631\u06cc\u0633\u060c AIX \u0648 BSD\u060c \u0627\u0632 \u062c\u0645\u0644\u0647 Apple macOS Server \u0648 macOS client (Mac OS X 10.2 \u0648 \u0628\u0627\u0644\u0627\u062a\u0631) \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u062f.\n\n\u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u062c\u062f\u06cc\u062f 4.17.4\u060c 4.16.8 \u0648 4.15.13 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u062c\u062f\u06cc \u0631\u062f\u06cc\u0627\u0628\u06cc \u0634\u062f\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 CVE-2022-38023\u060c CVE-2022-37966\u060c CVE-2022-37967 \u0648 CVE-2022-45141 \u0631\u0627 \u0628\u0631\u0637\u0631\u0641 \u0645\u06cc \u06a9\u0646\u0646\u062f.\n\n\u0645\u0634\u06a9\u0644\u0627\u062a \u0628\u0647 \u0634\u0631\u062d \u0632\u06cc\u0631 \u0627\u0633\u062a:\n- CVE-2022-38023 (\u0627\u0645\u062a\u06cc\u0627\u0632 CVSS: 8.1) - \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0646\u0648\u0639 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0636\u0639\u06cc\u0641 RC4-HMAC Kerberos \u062f\u0631 \u06a9\u0627\u0646\u0627\u0644 \u0627\u0645\u0646 NetLogon.\n- CVE-2022-37966 (\u0627\u0645\u062a\u06cc\u0627\u0632 CVSS: 8.1) - \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632 \u062f\u0631 Windows Kerberos RC4-HMAC.\n- CVE-2022-37967 (\u0627\u0645\u062a\u06cc\u0627\u0632 CVSS: 7.2) - \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632 \u062f\u0631 Windows Kerberos.\n- CVE-2022-45141 (\u0627\u0645\u062a\u06cc\u0627\u0632 CVSS: 8.1) - \u0627\u0632 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc RC4-HMAC \u0647\u0646\u06af\u0627\u0645 \u0635\u062f\u0648\u0631 \u0628\u0644\u06cc\u0637 Kerberos \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644\u0631 \u062f\u0627\u0645\u0646\u0647 \u0641\u0639\u0627\u0644 Samba \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 Heimdal \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f.\n\n\u062f\u0631 \u0647\u0645\u0627\u0646 \u0632\u0645\u0627\u0646\u060c CVE-2022-37966 \u0648 CVE-2022-37967\u060c \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u062d\u0642\u0648\u0642 \u0633\u0631\u067e\u0631\u0633\u062a \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f\u060c \u0628\u0631\u0627\u06cc \u0627\u0648\u0644\u06cc\u0646 \u0628\u0627\u0631 \u062a\u0648\u0633\u0637 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0628\u062e\u0634\u06cc \u0627\u0632 PatchTuesday \u0646\u0648\u0627\u0645\u0628\u0631 \u0627\u0641\u0634\u0627 \u0634\u062f.\n\n\u0628\u0647 \u0637\u0648\u0631 \u06a9\u0644\u06cc\u060c \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062d\u0645\u0644\u0647\u200c\u0627\u06cc \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u067e\u0631\u0648\u062a\u06a9\u0644 \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u062f\u0631 RFC 4757 (\u0646\u0648\u0639 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc Kerberos RC4-HMAC-MD5) \u0648 MS-PAC (\u0645\u0634\u062e\u0635\u0627\u062a \u0633\u0627\u062e\u062a\u0627\u0631 \u062f\u0627\u062f\u0647 \u06af\u0648\u0627\u0647\u06cc \u0648\u06cc\u0698\u06af\u06cc \u0648\u06cc\u0698\u06af\u06cc) \u0628\u0631\u0627\u06cc \u062f\u0648\u0631 \u0632\u062f\u0646 \u0648\u06cc\u0698\u06af\u06cc\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f.\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2022-12-23T11:03:27.000000Z"}, {"uuid": "c379256a-fb54-423b-b039-af51eb9684cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45140", "type": "seen", "source": "https://t.me/ics_cert/757", "content": "\u0647\u0634\u062f\u0627\u0631\n\u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a Wago\n\n \u0686\u0647\u0627\u0631 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644\u200c\u06a9\u0646\u0646\u062f\u0647\u200c\u0647\u0627\u06cc \u0645\u0646\u0637\u0642\u06cc \u0642\u0627\u0628\u0644 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0631\u06cc\u0632\u06cc (PLC) \u0627\u0631\u0627\u0626\u0647\u200c\u062f\u0647\u0646\u062f\u0647 \u0631\u0627\u0647\u200c\u062d\u0644\u200c\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0635\u0646\u0639\u062a\u06cc \u0622\u0644\u0645\u0627\u0646\u06cc Wago \u0631\u0641\u0639 \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0622\u0646\u0647\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0631\u0627\u06cc \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u0646\u062f.\n\n\u0631\u0627\u06cc\u0627\u0646 \u067e\u06cc\u06a9\u0631\u0646\u060c \u0645\u062a\u062e\u0635\u0635 \u0645\u0648\u0633\u0633\u0647 \u0641\u0646\u0627\u0648\u0631\u06cc \u062c\u0648\u0631\u062c\u06cc\u0627\u060c \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0628\u062e\u0634\u06cc \u0627\u0632 \u067e\u0627\u06cc\u0627\u0646 \u0646\u0627\u0645\u0647 \u062f\u06a9\u062a\u0631\u0627\u06cc \u062e\u0648\u062f \u062f\u0631 \u0645\u0648\u0631\u062f \u0627\u0645\u0646\u06cc\u062a \u0633\u06cc\u0633\u062a\u0645 \u0647\u0627\u06cc \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc ICS\u060c \u0646\u0642\u0627\u0637 \u0636\u0639\u0641 PLC \u0631\u0627 \u06a9\u0634\u0641 \u06a9\u0631\u062f.\n\n\u062f\u0631 \u0637\u0648\u0644 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 Wago PLC\u060c \u0645\u062d\u0642\u0642 \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u062f\u0631 \u0631\u0627\u0628\u0637 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0648\u0628 \u0628\u0631\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a\u060c \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0648 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627 \u067e\u06cc\u062f\u0627 \u06a9\u0631\u062f. CERT@VDE \u0628\u0648\u0644\u062a\u0646\u06cc \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0648 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u062f\u06cc\u062f\u0647 \u0631\u0627 \u0634\u0631\u062d \u0645\u06cc\u200c\u062f\u0647\u062f.\n\n\u062f\u0648 \u0646\u0642\u0635 \u062f\u0627\u0631\u0627\u06cc \u062f\u0631\u062c\u0647\u200c\u0628\u0646\u062f\u06cc \u0634\u062f\u062a \u0628\u062d\u0631\u0627\u0646\u06cc \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u06a9\u0647 \u0627\u0648\u0644\u06cc\u0646 \u0645\u0648\u0631\u062f \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0645\u0634\u06a9\u0644 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 CVE-2022-45138 \u0631\u062f\u06cc\u0627\u0628\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f \u0648 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0646\u0634\u062f\u0647 \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646 \u0648 \u062a\u0646\u0638\u06cc\u0645 \u0628\u0631\u062e\u06cc \u0627\u0632 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u0647\u0627\u06cc \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f\u060c \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0633\u0627\u0632\u0634 \u06a9\u0627\u0645\u0644 \u06a9\u0646\u062a\u0631\u0644\u0631\n\n\u062f\u0648\u0645\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc\u060c CVE-2022-45140\u060c \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u062a\u0623\u06cc\u06cc\u062f \u0646\u0634\u062f\u0647 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0631\u06cc\u0634\u0647 \u0628\u0646\u0648\u06cc\u0633\u062f\u060c \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0648 \u0628\u0647 \u062e\u0637\u0631 \u0627\u0641\u062a\u0627\u062f\u0646 \u06a9\u0627\u0645\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0634\u0648\u062f.\n\n\u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u062f\u062a \u0645\u062a\u0648\u0633\u0637 \u200b\u200b\u062f\u06cc\u06af\u0631 \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0627\u062a XSS \u0648 \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u0627 \u062a\u0623\u062b\u06cc\u0631 \u0645\u062d\u062f\u0648\u062f \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f.\n\n\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c \u0627\u06cc\u0646 \u062e\u0637\u0627\u0647\u0627 \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u0632\u0646\u062c\u06cc\u0631\u0647 \u0627\u06cc \u06a9\u0631\u062f \u0648 \u0628\u0647 \u062f\u0648 \u0631\u0648\u0634 \u0645\u062e\u062a\u0644\u0641 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f:\n- \u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u0633\u062a\u0642\u06cc\u0645 \u0628\u0647 \u0634\u0628\u06a9\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f (\u06cc\u0639\u0646\u06cc \u0645\u0647\u0627\u062c\u0645 \u062f\u0631 \u062f\u0627\u062e\u0644 ICS \u0627\u0633\u062a \u06cc\u0627 \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u062a\u0635\u0644 \u0628\u0647 \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u062d\u0645\u0644\u0647 \u0645\u06cc \u06a9\u0646\u062f).\n- \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc \u0648\u0628 \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0645\u062e\u062a\u0644\u0641 (\u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c \u0645\u0647\u0627\u062c\u0645 \u0641\u0631\u062f\u06cc \u0631\u0627 \u062f\u0631 ICS \u0641\u0631\u06cc\u0628 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0648\u0628 \u0633\u0627\u06cc\u062a \u0645\u062e\u0631\u0628 \u062e\u0648\u062f \u0631\u0627 \u0645\u0634\u0627\u0647\u062f\u0647 \u06a9\u0646\u062f).\n\n\u0645\u062d\u0642\u0642 \u062a\u0648\u0636\u06cc\u062d \u062f\u0627\u062f \u06a9\u0647 \u0647\u06cc\u0686 \u06cc\u06a9 \u0627\u0632 \u0633\u0646\u0627\u0631\u06cc\u0648\u0647\u0627 \u0646\u06cc\u0627\u0632\u06cc \u0628\u0647 \u062a\u0639\u0627\u0645\u0644 \u06a9\u0627\u0631\u0628\u0631 (\u0628\u0647 \u062c\u0632 \u0628\u0627\u0632\u062f\u06cc\u062f \u0627\u0632 \u0633\u0627\u06cc\u062a) \u06cc\u0627 \u0645\u062c\u0648\u0632 \u0646\u062f\u0627\u0631\u0646\u062f.\n\n\u0627\u06cc\u0646 \u0632\u0646\u062c\u06cc\u0631\u0647 \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0646\u0634\u062f\u0647 \u0627\u0633\u062a \u0648 \u062f\u0631 \u06cc\u06a9 \u062d\u0645\u0644\u0647 \u0648\u0627\u0642\u0639\u06cc\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u0645\u062e\u0631\u0628 \u0645\u06a9\u0627\u0646\u06cc\u0633\u0645\u200c\u0647\u0627\u060c \u062c\u0639\u0644 \u062e\u0648\u0627\u0646\u062f\u0646 \u0633\u0646\u0633\u0648\u0631\u0647\u0627 \u0648 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 \u062a\u0645\u0627\u0645 \u06a9\u0646\u062a\u0631\u0644\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f.\n\n\u0644\u0637\u0641\u0627 \u0646\u0638\u0631\u0627\u062a \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0628\u06af\u0630\u0627\u0631\u06cc\u062f. \u0627\u0632 \u0628\u0627\u0632\u062e\u0648\u0631\u062f \u0634\u0645\u0627 \u0627\u0633\u062a\u0642\u0628\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645.\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2023-06-16T12:20:19.000000Z"}, {"uuid": "67595d6e-6e9e-47c8-97d2-f7eaa0046b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45141", "type": "seen", "source": "https://t.me/OpenHackChile/1676", "content": "Multiple high-severity vulnerabilities [CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, CVE-2022-45141] have been discovered in Samba software that could potentially allow hackers to gain control of the affected systems.\n\nRead: https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html", "creation_timestamp": "2022-12-17T16:43:00.000000Z"}, {"uuid": "178ec2b1-53fd-4507-a3b3-00ab5dae186a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45140", "type": "seen", "source": "https://t.me/true_secator/4136", "content": "\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430\u0445 (\u041f\u041b\u041a) \u043d\u0435\u043c\u0435\u0446\u043a\u043e\u0433\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 Wago, \u043f\u0440\u0438\u0447\u0435\u043c \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0445 \u043d\u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0446\u0435\u043b\u0435\u0432\u044b\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c.\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0432 \u041f\u041b\u041a \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 \u0422\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0438\u0442\u0443\u0442\u0430 \u0414\u0436\u043e\u0440\u0434\u0436\u0438\u0438 \u0420\u0430\u0439\u0430\u043d \u041f\u0438\u043a\u0440\u0435\u043d \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0440\u0430\u0431\u043e\u0442\u044b \u043d\u0430\u0434 \u0441\u0432\u043e\u0435\u0439 \u0434\u043e\u043a\u0442\u043e\u0440\u0441\u043a\u043e\u0439 \u0434\u0438\u0441\u0441\u0435\u0440\u0442\u0430\u0446\u0438\u0435\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f ICS.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0445\u043e\u0440\u043e\u0448 \u0438 \u0440\u0430\u043d\u0435\u0435 \u0443\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u043b \u043f\u0440\u0438\u043b\u0438\u0447\u043d\u044b\u0439 \u043f\u0440\u043e\u0444\u0438\u0442 \u043e\u0442 Apple \u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043a\u0430\u043c\u0435\u0440\u0435 \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u043e\u043d\u043b\u0430\u0439\u043d-\u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u0432 \u0438 \u0432\u0435\u0431-\u043a\u0430\u043c\u0435\u0440 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \n\n\u0412 \u0445\u043e\u0434\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u041f\u041b\u041a Wago \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0432\u0432\u043e\u0434\u0430 \u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432. CERT@VDE \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u0441 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u0445.\n\n\u0414\u0432\u0443\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c \u0431\u044b\u043b \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043f\u0435\u0440\u0432\u044b\u0439 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0432\u044f\u0437\u0430\u043d \u0441 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2022-45138 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2022-45140, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f XSS-\u0430\u0442\u0430\u043a \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435\u043c.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u044d\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u044b \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u0432\u0443\u043c\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u0430\u043c\u0438:\n- \u043a\u043e\u0433\u0434\u0430 \u0435\u0441\u0442\u044c \u043f\u0440\u044f\u043c\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438 (\u0442. \u0435. \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432\u043d\u0443\u0442\u0440\u0438 ICS \u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0435 \u043a \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443);\n- \u0447\u0435\u0440\u0435\u0437 \u0432\u0435\u0431-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438\u0437 \u0440\u0430\u0437\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432 (\u0442. \u0435. \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u0440\u0438\u043c\u0430\u043d\u0438\u0432\u0430\u0435\u0442 \u043a\u0442\u043e-\u0442\u043e \u0432 ICS \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0441\u0432\u043e\u0435\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430). \n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043e\u0431\u044a\u044f\u0441\u043d\u0438\u043b, \u0447\u0442\u043e \u043d\u0438 \u043e\u0434\u0438\u043d \u0438\u0437 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c (\u043f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0441\u0442\u043e\u0433\u043e \u043f\u043e\u0441\u0435\u0449\u0435\u043d\u0438\u044f \u0441\u0430\u0439\u0442\u0430) \u0438\u043b\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439.\n\n\u0426\u0435\u043f\u043e\u0447\u043a\u0430 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0437\u043b\u043e\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430\u043c\u0438, \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u0438\u0439 \u0434\u0430\u0442\u0447\u0438\u043a\u043e\u0432 \u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0432\u0441\u0435\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.", "creation_timestamp": "2023-03-06T17:00:09.000000Z"}, {"uuid": "9348d85e-2e8a-4124-a8bb-5417cf50209f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45143", "type": "seen", "source": "https://t.me/arpsyndicate/96", "content": "#ExploitObserverAlert\n\nCVE-2022-45143\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-45143. The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.\n\nFIRST-EPSS: 0.002540000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-11T19:02:08.000000Z"}, {"uuid": "524f0e6c-46c5-4641-b419-bc6b53d641b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45141", "type": "seen", "source": "https://t.me/true_secator/3843", "content": "Samba \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u041f\u041e \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438.\n\nSamba - \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 SMB, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0441\u043b\u0443\u0436\u0431\u044b \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u0435\u0447\u0430\u0442\u0438 \u0434\u043b\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 Microsoft Windows, \u043c\u043e\u0436\u0435\u0442 \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0441 \u0434\u043e\u043c\u0435\u043d\u043e\u043c Microsoft Windows Server \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0434\u043e\u043c\u0435\u043d\u0430 (DC).\n\n\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 Unix-\u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Linux, Solaris, AIX \u0438 BSD, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Apple macOS Server \u0438 \u043a\u043b\u0438\u0435\u043d\u0442 macOS (Mac OS X 10.2 \u0438 \u0432\u044b\u0448\u0435).\n\n\u0412 \u043d\u043e\u0432\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 4.17.4, 4.16.8 \u0438 4.15.13 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u043a\u0430\u043a\u00a0CVE-2022-38023, CVE-2022-37966, CVE-2022-37967 \u0438 CVE-2022-45141.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a:\n- CVE-2022-38023\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 8,1) \u2014 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u043b\u0430\u0431\u043e\u0433\u043e \u0442\u0438\u043f\u0430 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f RC4-HMAC Kerberos \u0432\u00a0\u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u043c \u043a\u0430\u043d\u0430\u043b\u0435 NetLogon;\n- CVE-2022-37966\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 8,1) \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows Kerberos RC4-HMAC;\n- CVE-2022-37967\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7,2) \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows Kerberos;\n- CVE-2022-45141\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 8,1) \u2014 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f RC4-HMAC \u043f\u0440\u0438 \u0432\u044b\u0434\u0430\u0447\u0435 \u0431\u0438\u043b\u0435\u0442\u043e\u0432 Kerberos \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0435 \u0434\u043e\u043c\u0435\u043d\u0430 Samba Active Directory \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c Heimdal.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c CVE-2022-37966 \u0438 CVE-2022-37967, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430, \u0431\u044b\u043b\u0438 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b Microsoft \u0432 \u0440\u0430\u043c\u043a\u0430\u0445\u00a0\u043d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u043e\u0433\u043e PatchTuesday.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u0436\u0435, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0432 RFC 4757 (\u0442\u0438\u043f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f Kerberos RC4-HMAC-MD5) \u0438 MS-PAC (\u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439) \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0441\u0440\u0435\u0434\u0435 Windows AD.", "creation_timestamp": "2022-12-19T09:18:25.000000Z"}, {"uuid": "39ec5f84-35b0-48c2-b177-affa77907ef7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45144", "type": "seen", "source": "https://t.me/cibsecurity/64288", "content": "\u203c CVE-2022-45144 \u203c\n\nAlgoo Tracim before 4.4.2 allows XSS via HTML file upload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-17T07:30:59.000000Z"}, {"uuid": "fccb4c1c-b617-4372-a020-c2b521984f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45142", "type": "seen", "source": "https://t.me/cibsecurity/59539", "content": "\u203c CVE-2022-45142 \u203c\n\nThe fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T02:13:31.000000Z"}, {"uuid": "45f4944e-fcc4-4c0f-8313-b1c6e7fa27d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45141", "type": "seen", "source": "https://t.me/cibsecurity/59531", "content": "\u203c CVE-2022-45141 \u203c\n\nSince the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T02:13:17.000000Z"}, {"uuid": "e7f16fb0-5510-4e93-b8d0-438cb24f324a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45145", "type": "seen", "source": "https://t.me/cibsecurity/54256", "content": "\u203c CVE-2022-45145 \u203c\n\negg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-10T18:14:20.000000Z"}, {"uuid": "fc788659-8b8c-4ed1-8162-aa63a1bc57db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45149", "type": "seen", "source": "https://t.me/cibsecurity/53423", "content": "\u203c CVE-2022-45149 \u203c\n\nA vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T18:13:59.000000Z"}, {"uuid": "40a3b49d-1bf7-4ecd-8b99-c5b13f42fcc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45146", "type": "seen", "source": "https://t.me/cibsecurity/53234", "content": "\u203c CVE-2022-45146 \u203c\n\nAn issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-15T01:09:04.000000Z"}, {"uuid": "553430d0-90b4-4b9d-be09-ed6ab9553107", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4514", "type": "seen", "source": "https://t.me/cibsecurity/54642", "content": "\u203c CVE-2022-4514 \u203c\n\nA vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs/lang/de/ocstyle/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f. It is recommended to apply a patch to fix this issue. VDB-215886 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:30:05.000000Z"}, {"uuid": "e4a81731-b73b-4259-80d3-1aac971163c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45143", "type": "seen", "source": "https://t.me/cibsecurity/55823", "content": "\u203c CVE-2022-45143 \u203c\n\nThe JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T22:17:24.000000Z"}, {"uuid": "12ee1258-3f76-4da1-a722-943f76864875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45141", "type": "seen", "source": "https://t.me/thehackernews/2882", "content": "Multiple high-severity vulnerabilities [CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, CVE-2022-45141] have been discovered in Samba software that could potentially allow hackers to gain control of the affected systems.\n\nRead: https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html", "creation_timestamp": "2022-12-17T07:59:17.000000Z"}]}