👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-29988
Github: https://github.com/0x8848/CVE-2022-29988
Describe:
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31479
Github: https://github.com/realyme/CVE-2022-31479-test
Describe:
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-34718
Github: https://github.com/SecLabResearchBV/CVE-2022-34718-PoC
Describe:
Windows TCP/IP Remote Code Execution Vulnerability.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41352
Github: https://github.com/segfault-it/cve-2022-41352
Describe:
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.

👾KEYWORD SERVICE 🏷#cnvd
Name: CNVdTcZaLc
Github: https://github.com/uftd224/CNVdTcZaLc

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0002
Github: https://github.com/nikokosm/CVE-2022-0002--s-1
Describe:
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40471
Github: https://github.com/RashidKhanPathan/CVE-2022-40471
Describe:
**

👾KEYWORD SERVICE 🏷#cnvd
Name: cnvds
Github: https://github.com/sduyaishdas/cnvds

** xray ** 🔧Tool update
Tools name：xray
Tools url：https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log：
Update jellyfin-cve-2021-29490.yml (#1632)

** MDUT ** 🔧Tool update
Tools name：MDUT
Tools url：https://github.com/SafeGroceryStore/MDUT/commit/68b62f99153980d46a5cd2112b9e1daf8d413b81
commitUpdate log：
Merge pull request #53 from ren-jq101/main

fix(sec): upgrade fastjson to 1.2.83

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-23277
Github: https://github.com/7BitsTeam/CVE-2022-23277
Describe:
Microsoft Exchange Server Remote Code Execution Vulnerability.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37298
Github: https://github.com/dbyio/cve-2022-37298-shinken
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40648
Github: https://github.com/b3wT/CVE-2022-40648-MASS
Describe:
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41852
Github: https://github.com/Warxim/CVE-2022-41852
Describe:
Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.

** nps ** 🔧Tool update
Tools name：nps
Tools url：https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log：
Merge pull request #866 from freeoa/master

add build to apple silicon(M1)

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41358
Github: https://github.com/thecasual/CVE-2022-41358
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40664
Github: https://github.com/Jackey0/CVE-2022-40664
Describe:
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39802
Github: https://github.com/redrays-io/CVE-2022-39802
Describe:
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24990
Github: https://github.com/jsongmax/CVE-2022-24990
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36067
Github: https://github.com/backcr4t/CVE-2022-36067-MASS-RCE
Describe:
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.