{"vulnerability": "CVE-2022-4191", "sightings": [{"uuid": "12e0b1e9-262b-48ae-ba43-93a9613d3421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41910", "type": "seen", "source": "https://t.me/cibsecurity/54104", "content": "\u203c CVE-2022-41910 \u203c\n\nTensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-07T00:41:03.000000Z"}, {"uuid": "0c1bdbeb-21dd-404f-a334-b65880ee97f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41912", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2063", "content": "#exploit\n1. CVE-2022-4178:\nChrome - Design flaw in Synchronous Mojo message handling introduces unexpected reentrancy and allows for multiple UAFs\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2372\n\n2. WebKit + Kernel exploit chain for all PS Vita firmwares\nhttps://github.com/TheOfficialFloW/HENlo\n\n3. CVE-2022-41912:\nSignature bypass via multiple Assertion elements\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2368", "creation_timestamp": "2023-01-02T19:24:08.000000Z"}, {"uuid": "95370b3b-bdc3-4233-a441-9c3ac29573fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41915", "type": "seen", "source": "https://t.me/cibsecurity/54384", "content": "\u203c CVE-2022-41915 \u203c\n\nNetty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T12:35:29.000000Z"}, {"uuid": "734ff689-edc4-499e-bd54-9dbf0df720b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41912", "type": "seen", "source": "https://t.me/cibsecurity/53581", "content": "\u203c CVE-2022-41912 \u203c\n\nThe crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-28T18:28:01.000000Z"}, {"uuid": "8202518a-d9b0-4276-8cef-5b4cc985d0ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41917", "type": "seen", "source": "https://t.me/cibsecurity/52975", "content": "\u203c CVE-2022-41917 \u203c\n\nOpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of potentially impacted files is limited to text files with read permissions allowed in the Java Security Manager policy configuration. OpenSearch version 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-16T07:51:45.000000Z"}, {"uuid": "966d6401-c21c-40c6-8d2f-6e9739e95182", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41914", "type": "seen", "source": "https://t.me/cibsecurity/53059", "content": "\u203c CVE-2022-41914 \u203c\n\nZulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T16:01:56.000000Z"}, {"uuid": "27b784a4-5538-4f7f-b638-bc327469a034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41919", "type": "seen", "source": "https://t.me/cibsecurity/53369", "content": "\u203c CVE-2022-41919 \u203c\n\nFastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2s essence as \"application/x-www-form-urlencoded\", \"multipart/form-data\", or \"text/plain\", could potentially be used to invoke routes that only accepts `application/json` content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack. This issue has been patched in version 4.10.2 and 3.29.4. As a workaround, implement Cross-Site Request Forgery protection using `@fastify/csrf'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T13:16:47.000000Z"}, {"uuid": "84afff13-0ba5-4b5c-a50a-880e6da1219e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41911", "type": "seen", "source": "https://t.me/cibsecurity/53182", "content": "\u203c CVE-2022-41911 \u203c\n\nTensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T00:29:41.000000Z"}, {"uuid": "935a9167-2dd9-4bea-945d-d137ef8ce157", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41913", "type": "seen", "source": "https://t.me/cibsecurity/52974", "content": "\u203c CVE-2022-41913 \u203c\n\nDiscourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability only affects sites which have discourse post events enabled. This issue has been patched in commit `ca5ae3e7e` which will be included in future releases. Users unable to upgrade should disable the `discourse_post_event_enabled` setting to fully mitigate the issue. Also, it's possible to prevent regular users from using this vulnerability by removing all groups from the `discourse_post_event_allowed_on_groups` but note that moderators will still be able to use it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-16T07:51:44.000000Z"}, {"uuid": "89f0b23c-ff63-46f8-86c4-aedcbe77565e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41912", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7459", "content": "#exploit\n1. CVE-2022-4178:\nChrome - Design flaw in Synchronous Mojo message handling introduces unexpected reentrancy and allows for multiple UAFs\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2372\n\n2. WebKit + Kernel exploit chain for all PS Vita firmwares\nhttps://github.com/TheOfficialFloW/HENlo\n\n3. CVE-2022-41912:\nSignature bypass via multiple Assertion elements\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2368", "creation_timestamp": "2022-12-31T23:33:58.000000Z"}]}