{"vulnerability": "CVE-2022-3077", "sightings": [{"uuid": "e24374e0-d9b7-4692-a032-b97172c6868f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30777", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mdo7a2kmut2q", "content": "", "creation_timestamp": "2026-01-30T21:02:56.351796Z"}, {"uuid": "b79276f3-5947-4925-9af7-cb4d53d75047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30778", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2265", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCase for CVE-2022-30778\nURL\uff1ahttps://github.com/kang8/CVE-2022-30778\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-23T07:09:27.000000Z"}, {"uuid": "a24e2f6a-989d-4bf1-9174-c829b6aa7694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30772", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14071", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-30772\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:07:25.349Z\n\ud83d\udd17 References:\n1. https://www.insyde.com/security-pledge\n2. https://www.insyde.com/security-pledge/SA-2022065", "creation_timestamp": "2025-04-30T16:13:58.000000Z"}, {"uuid": "c72f0c33-2eea-42e9-ada1-b91839a8c57b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30771", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14070", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-30771\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:08:23.683Z\n\ud83d\udd17 References:\n1. https://www.insyde.com/security-pledge\n2. https://www.insyde.com/security-pledge/SA-2022064", "creation_timestamp": "2025-04-30T16:13:57.000000Z"}, {"uuid": "3a251cbf-c6d2-45cd-b477-4964f9c27417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30778", "type": "published-proof-of-concept", "source": "Telegram/75xPQErj_o1BxNCA0_YwJS-cOOLVtcfr457jOo5lMd5EYw", "content": "", "creation_timestamp": "2022-05-23T14:07:05.000000Z"}, {"uuid": "d0296582-9881-4984-9209-05d7e3520e22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30778", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/168", "content": "CVE-2022-30778 : Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain  \n__destruct in Illuminate\\Broadcasting\\PendingBroadcast.php and dispatch($command) in Illuminate\\Bus\\QueueingDispatcher.php\n\nhttps://github.com/kang8/CVE-2022-30778", "creation_timestamp": "2022-05-23T18:44:38.000000Z"}, {"uuid": "cc1058c3-1dd0-4846-a5eb-a21141ba3219", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30778", "type": "seen", "source": "https://t.me/cibsecurity/42712", "content": "\u203c CVE-2022-30778 \u203c\n\nLaravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\\Broadcasting\\PendingBroadcast.php and dispatch($command) in Illuminate\\Bus\\QueueingDispatcher.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T07:25:57.000000Z"}, {"uuid": "7ed451e7-3d51-4a8c-8dbd-f3299dbaa900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30779", "type": "seen", "source": "https://t.me/cibsecurity/42711", "content": "\u203c CVE-2022-30779 \u203c\n\nLaravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\\Cookie\\FileCookieJar.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T07:25:56.000000Z"}, {"uuid": "f321d6b4-a64b-40a5-94a8-893825f00543", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30770", "type": "seen", "source": "https://t.me/cibsecurity/42715", "content": "\u203c CVE-2022-30770 \u203c\n\nTerminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T07:27:01.000000Z"}, {"uuid": "6a713331-a54e-4c35-9359-c23156c705dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30775", "type": "seen", "source": "https://t.me/cibsecurity/42714", "content": "\u203c CVE-2022-30775 \u203c\n\nxpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T07:25:58.000000Z"}, {"uuid": "7ea25cba-6642-460c-93a5-baf354a9b74a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30776", "type": "seen", "source": "https://t.me/cibsecurity/42750", "content": "\u203c CVE-2022-30776 \u203c\n\natmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T18:26:48.000000Z"}, {"uuid": "77596253-d3c9-42ba-b4b3-ddb3558e4a86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30777", "type": "seen", "source": "https://t.me/cibsecurity/42748", "content": "\u203c CVE-2022-30777 \u203c\n\nParallels H-Sphere 3.6.2 allows XSS via the index_en.php from parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T02:19:11.000000Z"}, {"uuid": "1d1c83ae-f412-4f39-bc80-b0ce7817d857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30778", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2096", "content": "#CVE-2022\n\nCase for CVE-2022-30778\n\nhttps://github.com/kang8/CVE-2022-30778\n\n@BlueRedTeam", "creation_timestamp": "2022-05-23T18:58:29.000000Z"}, {"uuid": "94c0490e-2778-4dff-8294-5669d470e2e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30778", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6069", "content": "#exploit\n1. CVE-2022-1292:\nOpenSSL - OS Command Injection\nhttps://github.com/li8u99/CVE-2022-1292\n\n2. CVE-2022-30778:\nLaravel 9.1.8 - RCE\nhttps://github.com/kang8/CVE-2022-30778", "creation_timestamp": "2022-05-25T11:03:01.000000Z"}]}