👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20138
Github: https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138
Describe:
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1162
Github: https://github.com/ipsBruno/CVE-2022-1162
Describe:
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3699
Github: https://github.com/alfarom256/CVE-2022-3699
Describe:
**

** xray ** 🔧Tool update
Tools name：xray
Tools url：https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log：
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)

Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>

Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39395
Github: https://github.com/harry1osborn/CVE-2022-39395
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1012
Github: https://github.com/nanopathi/Linux-4.19.72_CVE-2022-1012
Describe:
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43332
Github: https://github.com/maikroservice/CVE-2022-43332
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42055
Github: https://github.com/gigaryte/cve-2022-42055
Describe:
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31898
Github: https://github.com/gigaryte/cve-2022-31898
Describe:
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-27492
Github: https://github.com/F1uk368/CVE-2022-27492
Describe:
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3942
Github: https://github.com/maikroservice/CVE-2022-3942
Describe:
A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1015
Github: https://github.com/ysanatomic/CVE-2022-1015
Describe:
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3949
Github: https://github.com/maikroservice/CVE-2022-3949
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40140
Github: https://github.com/ipsBruno/CVE-2022-40140-SCANNER
Describe:
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

** nps ** 🔧Tool update
Tools name：nps
Tools url：https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log：
Merge pull request #866 from freeoa/master

add build to apple silicon(M1)

👾KEYWORD SERVICE 🏷#cnvd
Name: CNVD-2022-10270
Github: https://github.com/yilin1203/CNVD-2022-10270

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36537
Github: https://github.com/OneByt3/CVE-2022-36537
Describe:
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2601
Github: https://github.com/zhangboyang/cve-2022-2601
Describe:
**

👾KEYWORD SERVICE 🏷#cnvd
Name: CNVD
Github: https://github.com/AA3rch1ru/CNVD

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43096
Github: https://github.com/ProxyStaffy/Mediatrix-CVE-2022-43096
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-30525
Github: https://github.com/trhacknon/CVE-2022-30525-Reverse-Shell
Describe:
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.