👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20186
Github: https://github.com/s1204-inspect/CVE-2022-20186_CTXZ
Describe:
In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24706
Github: https://github.com/trhacknon/CVE-2022-24706-CouchDB-Exploit
Describe:
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-35405
Github: https://github.com/viniciuspereiras/CVE-2022-35405
Describe:
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36539
Github: https://github.com/Fopje/CVE-2022-36539
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20126
Github: https://github.com/Trinadh465/packages_apps_Bluetooth_AOSP10_r33_CVE-2022-20126
Describe:
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20360
Github: https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20360
Describe:
In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31188
Github: https://github.com/emirpolatt/CVE-2022-31188
Describe:
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3168
Github: https://github.com/irsl/CVE-2022-3168-adb-unexpected-reverse-forwards
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20128
Github: https://github.com/irsl/CVE-2022-20128
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40317
Github: https://github.com/izdiwho/CVE-2022-40317
Describe:
OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-22629
Github: https://github.com/parsdefense/CVE-2022-22629
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-30206
Github: https://github.com/Pwnrin/CVE-2022-30206
Describe:
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30226.

Done
The server has been updated

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37706
Github: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-32548
Github: https://github.com/alexmention/CVE-2022-32548-RCE-POC
Describe:
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31474
Github: https://github.com/Administrative2022/CVE-2022-31474-wordpress
Describe:
**

👾KEYWORD SERVICE 🏷#cnvd
Name: -17.0CNVD-2022-60632
Github: https://github.com/LittleBear4/-17.0CNVD-2022-60632

** mimikatz ** 🔧Tool update
Tools name：mimikatz
Tools url：https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20220919
Update log：

** fscan ** 🔧Tool update
Tools name：fscan
Tools url：https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log：
Merge pull request #225 from evilAdan0s/main

去除弱特征：过时UA头

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20347
Github: https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20347
Describe:
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20841
Github: https://github.com/Expl0desploit/CVE-2022-20841
Describe:
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.