{"vulnerability": "CVE-2022-3633", "sightings": [{"uuid": "dfc22906-df21-4773-8a12-d59cc38660dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36337", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnyhw33m5r2p", "content": "", "creation_timestamp": "2025-04-29T23:50:48.658574Z"}, {"uuid": "6362e721-fd79-4937-a577-514b65adf41b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36337", "type": "seen", "source": "https://t.me/cibsecurity/53398", "content": "\u203c CVE-2022-36337 \u203c\n\nAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T07:13:49.000000Z"}, {"uuid": "b0d00a7e-5cb6-4a43-9e9d-893c68aa462c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36330", "type": "seen", "source": "https://t.me/cibsecurity/63719", "content": "\u203c CVE-2022-36330 \u203c\n\nA buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution\u00c2\u00a0in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: through 9.4.0-191; ibi: through 9.4.0-191.\u00c2\u00a0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T07:14:03.000000Z"}, {"uuid": "3dcae6df-e7e0-4540-8f57-3ae86ed046f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36338", "type": "seen", "source": "https://t.me/cibsecurity/50376", "content": "\u203c CVE-2022-36338 \u203c\n\nAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:13:50.000000Z"}, {"uuid": "18a24c59-b5c5-40c0-a30a-d5c2549eddf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3633", "type": "seen", "source": "https://t.me/cibsecurity/51916", "content": "\u203c CVE-2022-3633 \u203c\n\nA vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-21T14:22:49.000000Z"}, {"uuid": "2c384564-714d-4aee-9f4b-6107e87f6070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36336", "type": "seen", "source": "https://t.me/cibsecurity/47301", "content": "\u203c CVE-2022-36336 \u203c\n\nA link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-30T07:14:10.000000Z"}]}