👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41445
Github: https://github.com/RashidKhanPathan/CVE-2022-41445
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41446
Github: https://github.com/RashidKhanPathan/CVE-2022-41446
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-33679
Github: https://github.com/Blyth0He/CVE-2022-33679
Describe:
Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647.

** MDUT ** 🔧Tool update
Tools name：MDUT
Tools url：https://github.com/SafeGroceryStore/MDUT/commit/68b62f99153980d46a5cd2112b9e1daf8d413b81
commitUpdate log：
Merge pull request #53 from ren-jq101/main

fix(sec): upgrade fastjson to 1.2.83

👾KEYWORD SERVICE 🏷#cnvd
Name: CNVD-2022-42853-Poc
Github: https://github.com/CCJ-For-Safety/CNVD-2022-42853-Poc

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43144
Github: https://github.com/mudassiruddin/CVE-2022-43144-Stored-XSS
Describe:
**

👾KEYWORD SERVICE 🏷#cnvd
Name: Crawler_CNVD
Github: https://github.com/tootocode/Crawler_CNVD

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20138
Github: https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138
Describe:
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1162
Github: https://github.com/ipsBruno/CVE-2022-1162
Describe:
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3699
Github: https://github.com/alfarom256/CVE-2022-3699
Describe:
**

** xray ** 🔧Tool update
Tools name：xray
Tools url：https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log：
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)

Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>

Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39395
Github: https://github.com/harry1osborn/CVE-2022-39395
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1012
Github: https://github.com/nanopathi/Linux-4.19.72_CVE-2022-1012
Describe:
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43332
Github: https://github.com/maikroservice/CVE-2022-43332
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42055
Github: https://github.com/gigaryte/cve-2022-42055
Describe:
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31898
Github: https://github.com/gigaryte/cve-2022-31898
Describe:
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-27492
Github: https://github.com/F1uk368/CVE-2022-27492
Describe:
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3942
Github: https://github.com/maikroservice/CVE-2022-3942
Describe:
A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1015
Github: https://github.com/ysanatomic/CVE-2022-1015
Describe:
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3949
Github: https://github.com/maikroservice/CVE-2022-3949
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40140
Github: https://github.com/ipsBruno/CVE-2022-40140-SCANNER
Describe:
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.