{"vulnerability": "CVE-2022-3786", "sightings": [{"uuid": "4d44e1c5-ee8e-4775-9706-3461abba0f57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://msrc.microsoft.com/blog/2022/11/microsoft-guidance-related-to-openssl-risk-cve-2022-3786-and-cve-2202-3602/", "content": "", "creation_timestamp": "2022-11-02T06:00:00.000000Z"}, {"uuid": "e1735326-e787-425d-85bd-f9cf57a92cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14905", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3786\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n\n\ud83d\udccf Published: 2022-11-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T16:12:38.194Z\n\ud83d\udd17 References:\n1. https://www.openssl.org/news/secadv/20221101.txt\n2. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a", "creation_timestamp": "2025-05-05T16:19:57.000000Z"}, {"uuid": "f34f02a6-5859-4d92-9744-efb0275c9640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://gist.github.com/mrmps/37e0bfc1524af08c45deece8c02b46de", "content": "", "creation_timestamp": "2025-08-27T18:26:43.000000Z"}, {"uuid": "3cea798a-75fa-4b72-b641-70dbb4f5316c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/GithubRedTeam/3165", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aOperational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3\nURL\uff1ahttps://github.com/NCSC-NL/OpenSSL-2022\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-02T15:02:30.000000Z"}, {"uuid": "79f86f48-37d8-4ddd-93e7-db5d6618f35e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lwbpuafm3s2z", "content": "", "creation_timestamp": "2025-08-13T11:28:25.010339Z"}, {"uuid": "e70b783c-d352-40f5-9189-31c7ef0732db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/cKure/10366", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2022-3786; DoS: Buffer overflow occurs in the ossl_a2ulabel vulnerable function. When this function meets a Punycode part followed by a dot character (\".\") it also appends \".\" to the output buffer even if it overflows its size.\n\nhttps://twitter.com/_CPResearch_/status/1587741086340075521", "creation_timestamp": "2022-11-03T05:49:12.000000Z"}, {"uuid": "dac63189-e868-4fc7-9950-4885ebdf14b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3455", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aOperational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3\nURL\uff1ahttps://github.com/NCSC-NL/OpenSSL-2022\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-18T15:57:59.000000Z"}, {"uuid": "a3ccb801-0a52-498d-9ec4-45a3289988a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/561", "content": "\u200b\u200bCVE\u22122022-3602\n\nThis document and repository is a write-up of CVE\u22122022-3602, a punycode buffer overflow issue in OpenSSL. It's an \"anti-POC\" (the issue does not appear to exploitable) intended for folks who maintain their own OpenSSL builds and for compiler maintainers.\n\nThere is a seperate CVE in the same release, CVE-2022-3786, which also leads to buffer overflows but an attacker can't control the content in that case. There is no reproduction for that issue here, but that issue can lead to a Denial of Service due to crash.\n\nCrashes and Buffer over\ufb02lows are never good and if you are using OpenSSL 3.0.x, it is prudent to update as soon as possible.\n\nhttps://github.com/colmmacc/CVE-2022-3602\n\n#cve #poc", "creation_timestamp": "2022-11-02T12:14:42.000000Z"}, {"uuid": "0a54c542-a339-4702-ab5a-ee46c2c1f4b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/ics_cert/671", "content": "\u063a\u0648\u0644\u200c\u0647\u0627\u06cc \u0635\u0646\u0639\u062a\u06cc \u0632\u06cc\u0645\u0646\u0633 \u0648 \u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9 \u0628\u06cc\u0634 \u0627\u0632 140 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0628\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u062f\u0631 \u062f\u0633\u0627\u0645\u0628\u0631 2022 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f.\n\u0632\u06cc\u0645\u0646\u0633 80 \u0646\u0642\u0635 OpenSSL \u0648 OpenSSH \u0631\u0627 \u062f\u0631 \u0633\u0648\u0626\u06cc\u0686 \u0647\u0627 \u0631\u0641\u0639 \u06a9\u0631\u062f\n\n\u0632\u06cc\u0645\u0646\u0633\n\n\u0637\u0628\u0642 \u0645\u0639\u0645\u0648\u0644\u060c \u0632\u06cc\u0645\u0646\u0633 \u062a\u0648\u0635\u06cc\u0647 \u0647\u0627\u06cc \u0628\u0633\u06cc\u0627\u0631 \u0628\u06cc\u0634\u062a\u0631\u06cc \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f \u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0628\u06cc\u0634\u062a\u0631\u06cc \u0631\u0627 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f. \u0628\u0647 \u0637\u0648\u0631 \u062e\u0627\u0635\u060c \u0627\u06cc\u0646 \u0634\u0631\u06a9\u062a 20 \u062a\u0648\u0635\u06cc\u0647 \u062c\u062f\u06cc\u062f \u0631\u0627 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f \u06a9\u0647 \u0628\u0647 \u062d\u062f\u0648\u062f 140 \u062d\u0641\u0631\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u067e\u0631\u062f\u0627\u062e\u062a\u0647 \u0627\u0633\u062a.\n\n\u06cc\u06a9\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647\u200c\u0647\u0627 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0631\u0627 \u062f\u0631 \u0645\u0648\u0631\u062f \u0648\u0635\u0644\u0647\u200c\u0647\u0627\u06cc \u0628\u06cc\u0634 \u0627\u0632 80 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc OpenSSL \u0648 OpenSSH \u06a9\u0647 \u0628\u0631 \u0633\u0648\u0626\u06cc\u0686\u200c\u0647\u0627\u06cc Scalance X-200RNA \u0622\u0646 \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc\u200c\u06af\u0630\u0627\u0631\u062f\u060c \u0622\u06af\u0627\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f . CVE \u0647\u0627\u06cc \u0630\u06a9\u0631 \u0634\u062f\u0647 \u062f\u0631 \u0645\u062d\u062f\u0648\u062f\u0647 \u0645\u0634\u0627\u0648\u0631\u0647 \u0628\u06cc\u0646 \u0633\u0627\u0644 \u0647\u0627\u06cc 2003 \u0648 2019. \u0627\u06cc\u0646 \u062a\u0646\u0647\u0627 \u062a\u0648\u0635\u06cc\u0647 \u0627\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631\u062c\u0647 \u0628\u0646\u062f\u06cc \u0634\u062f\u062a \u06a9\u0644\u06cc \u0622\u0646 \"\u0628\u062d\u0631\u0627\u0646\u06cc\" \u0627\u0633\u062a.\n\n\u0647\u0645\u06cc\u0646 \u0633\u0648\u0626\u06cc\u0686 \u0647\u0627 \u0647\u0645\u0686\u0646\u06cc\u0646 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0634\u0634 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u062f\u062a \u0645\u062a\u0648\u0633\u0637 \u200b\u200b\u0648 \u0628\u0627\u0644\u0627 \u0642\u0631\u0627\u0631 \u0645\u06cc \u06af\u06cc\u0631\u0646\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0627\u062a \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0628\u06cc\u0646 \u0633\u0627\u06cc\u062a\u06cc (XSS)\u060c \u062d\u0645\u0644\u0627\u062a \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 (DoS) \u0648 \u0631\u0628\u0648\u062f\u0646 \u062c\u0644\u0633\u0647 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u0646\u062f.\n\n\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c \u0632\u06cc\u0645\u0646\u0633 \u0628\u0647 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0627\u0637\u0644\u0627\u0639 \u062f\u0627\u062f \u06a9\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0645\u062d\u0635\u0648\u0644\u0627\u062a\u0634 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc OpenSSL \u0627\u062e\u06cc\u0631\u0627\u064b \u0627\u0635\u0644\u0627\u062d\u200c\u0634\u062f\u0647 \u0628\u0627 \u0646\u0627\u0645\u200c\u0647\u0627\u06cc CVE-2022-3602 \u0648 CVE-2022-3786 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u0646\u062f. CVE-2022-3602 \u062f\u0631 \u0627\u0628\u062a\u062f\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \"\u0628\u062d\u0631\u0627\u0646\u06cc\" \u0637\u0628\u0642\u0647 \u0628\u0646\u062f\u06cc \u0634\u062f\u060c \u0627\u0645\u0627 \u0628\u0639\u062f\u0627 \u0628\u0647 \"\u0628\u0627\u0644\u0627\" \u062a\u0646\u0632\u0644 \u06cc\u0627\u0641\u062a .\n\n\u0627\u06cc\u0646 \u0634\u0631\u06a9\u062a \u0647\u0645\u0686\u0646\u06cc\u0646 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u06a9\u0647 \u0627\u0632 \u0645\u062d\u0635\u0648\u0644\u0627\u062a\u0634 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u062f\u0631 \u0645\u0648\u0631\u062f \u0645\u0634\u06a9\u0644\u0627\u062a \u0634\u062f\u06cc\u062f \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a Sicam PAS\u060c Apogee/Talon\u060c Mendix\u060c Teamcenter Visualization\u060c JT2Go\u060c Scalance\u060c Simatic\u060c Parasolid\u060c Ruggedcom \u0648 Simcenter STAR-CCM+ \u0645\u0637\u0644\u0639 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a.\n\n\u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631\u060c \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a\u060c \u062d\u0645\u0644\u0627\u062a DoS\u060c \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0648\u062f.\n\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0628\u0627 \u0634\u062f\u062a \u0645\u062a\u0648\u0633\u0637 \u200b\u200b\u062f\u0631 \u0633\u0631\u0648\u0631 PLM \u0632\u06cc\u0645\u0646\u0633 (\u062f\u06cc\u06af\u0631 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0646\u0645\u06cc\u200c\u0634\u0648\u062f)\u060c \u067e\u0627\u0646\u0644\u200c\u0647\u0627\u06cc \u0645\u06cc\u062f\u0627\u0646 Apogee/Talon\u060c \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627\u06cc Simatic WinCC OA\u060c Siprotec 5 \u0648 \u0631\u0627\u0647\u200c\u062d\u0644 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0686\u0631\u062e\u0647 \u0639\u0645\u0631 \u0628\u0631\u0646\u0627\u0645\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f\u06cc Polarion \u06cc\u0627\u0641\u062a \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\u0627\u06cc\u0646 \u0646\u0642\u0635\u200c\u0647\u0627\u06cc \u0628\u0627 \u0634\u062f\u062a \u0645\u062a\u0648\u0633\u0637 \u200b\u200b\u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0627\u062a XSS\u060c \u062d\u0645\u0644\u0627\u062a DoS \u0648 \u062a\u0632\u0631\u06cc\u0642 \u0641\u0631\u0645\u0627\u0646 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f.\n\n\u0632\u06cc\u0645\u0646\u0633 \u0648\u0635\u0644\u0647 \u0647\u0627\u06cc\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0628\u0631\u062e\u06cc \u0627\u0632 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0622\u0633\u06cc\u0628 \u062f\u06cc\u062f\u0647 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a\u060c \u0627\u0645\u0627 \u0628\u0631\u0627\u06cc \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0622\u0646\u0647\u0627 \u0627\u0635\u0644\u0627\u062d\u0627\u062a\u06cc \u062f\u0631 \u0622\u06cc\u0646\u062f\u0647 \u0645\u0646\u062a\u0634\u0631 \u062e\u0648\u0627\u0647\u062f \u0634\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u0645\u06cc\u0627\u0646\u060c \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u06a9\u0627\u0647\u0634\u06cc \u0648 \u0631\u0627\u0647\u200c\u062d\u0644\u200c\u0647\u0627\u06cc\u06cc \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647 \u0627\u0633\u062a.\n\n\u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9\n\n\u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9 \u062a\u0646\u0647\u0627 \u0633\u0647 \u062a\u0648\u0635\u06cc\u0647 \u062c\u062f\u06cc\u062f \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0634\u0634 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u067e\u0648\u0634\u0634 \u0645\u06cc \u062f\u0647\u062f.\n\n\u0628\u0631 \u0627\u0633\u0627\u0633 \u0646\u0645\u0631\u0627\u062a CVSS\u060c \u0645\u0647\u0645\u062a\u0631\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647 \u0686\u0647\u0627\u0631 \u0646\u0642\u0635 \u0645\u0647\u0645 \u0648 \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u0631\u0627 \u067e\u0648\u0634\u0634 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u0628\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0646\u0638\u0627\u0631\u062a \u0622\u0646\u0644\u0627\u06cc\u0646 APC Easy UPS \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f. \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631\u060c \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632 \u06cc\u0627 \u062f\u0648\u0631 \u0632\u062f\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u0648\u062f.\n\n\u062a\u0648\u0635\u06cc\u0647 \u062f\u0648\u0645 \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u062c\u0648\u0632 \u0646\u0627\u0645\u0646\u0627\u0633\u0628 \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u0631\u0627 \u062a\u0648\u0635\u06cc\u0641 \u0645\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0622\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0648 \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0648\u062f.\n\n\u0622\u062e\u0631\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647 \u06cc\u06a9 \u0645\u0634\u06a9\u0644 DoS \u0628\u0627 \u0634\u062f\u062a \u0645\u062a\u0648\u0633\u0637 \u200b\u200b\u0631\u0627 \u062a\u0648\u0635\u06cc\u0641 \u0645\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0631 \u0648\u0627\u062d\u062f \u067e\u0627\u06cc\u0627\u0646\u0647 \u0631\u0627\u0647 \u062f\u0648\u0631 Saitel DR (RTU) \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f.\n\n\u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0648 \u0633\u06cc\u0633\u062a\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u06cc \u0631\u0627 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0627\u06cc\u062f \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0631\u0627 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0646\u062f\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2022-12-15T09:26:43.000000Z"}, {"uuid": "572ab014-89f4-4559-892a-c2b149574172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/ctinow/72712", "content": "High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)\n\nhttps://ift.tt/iLC580f", "creation_timestamp": "2022-11-01T20:11:17.000000Z"}, {"uuid": "2a28436f-9479-4bd0-8f52-bd977da25962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/ctinow/72672", "content": "Critical OpenSSL 3.0 Update Released. Patches CVE-2022-3786, (Tue, Nov 1st)\n\nhttps://ift.tt/1tBJxob", "creation_timestamp": "2022-11-01T17:42:03.000000Z"}, {"uuid": "a4703978-64a0-4b11-8c50-a6416ee6ca01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/arpsyndicate/1991", "content": "#ExploitObserverAlert\n\nCVE-2022-3786\n\nDESCRIPTION: Exploit Observer has 37 entries related to CVE-2022-3786. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\nFIRST-EPSS: 0.000750000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-18T13:07:01.000000Z"}, {"uuid": "d0d5d644-f0cd-43e7-91c5-f471b0c00c65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/TopCyberTechNews/192", "content": "Top Security News for 04/11/2022\n\nStopping C2 communications in human-operated ransomware through network protection\nhttps://www.microsoft.com/en-us/security/blog/2022/11/03/stopping-c2-communications-in-human-operated-ransomware-through-network-protection/ \n\nResearchers Discover Link In Tooling Between FIN7 And Black Basta Ransomware Group\nhttps://packetstormsecurity.com/news/view/34003/Researchers-Discover-Link-In-Tooling-Between-FIN7-And-Black-Basta-Ransomware-Group.html \n\nCombining Powershell Scripts\nhttps://0x00sec.org/t/combining-powershell-scripts/31978 \n\nWhy Identity &amp; Access Management Governance is a Core Part of Your SaaS Security\nhttps://thehackernews.com/2022/11/why-identity-access-management.html \n\nCVE-2022-3602 &amp; CVE-2022-3786 - OSS tools to detect susceptibility to the recent OpenSSL issues\nhttps://www.reddit.com/r/netsec/comments/ykzip5/cve20223602_cve20223786_oss_tools_to_detect/ \n\nNuke Experts Are Horrified by Biden\u2019s New \u2018Nuclear Posture Review\u2019\nhttps://www.vice.com/en_us/article/n7zk9w/nuke-experts-are-horrified-by-bidens-new-nuclear-posture-review \n\nWhy Did the OpenSSL Punycode Vulnerability Happen\nhttps://www.reddit.com/r/netsec/comments/ylgnxb/why_did_the_openssl_punycode_vulnerability_happen/ \n\nReverse Branch Target Buffer Poisoning - new ASLR bypass technique using CPU vulnerabilities [PDF]\nhttps://www.reddit.com/r/netsec/comments/yls06p/reverse_branch_target_buffer_poisoning_new_aslr/ \n\nThreat Model Examples\nhttps://www.reddit.com/r/netsec/comments/yl7xx0/threat_model_examples/ \n\nCyberspace \u2018a battleground\u2019 as reports of cybercrime in Australia jump 13%\nhttps://www.theguardian.com/australia-news/2022/nov/04/cyberspace-a-battleground-as-reports-of-cybercrime-in-australia-jump-13 \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-11-04T08:00:05.000000Z"}, {"uuid": "5a28d827-a7cb-42e9-a73a-45a5ca6a7ee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/ctinow/73364", "content": "CVE-2022-3602 and CVE-2022-3786 OpenSSL Vulnerabilities: Scanning Container Images\n\nhttps://ift.tt/nDLZdmp", "creation_timestamp": "2022-11-03T23:06:27.000000Z"}, {"uuid": "54ef010c-3357-43ac-9565-86d8f5010e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/ctinow/73035", "content": "CVE ALERT! OpenSSL CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows\n\nhttps://ift.tt/4kYjHWb", "creation_timestamp": "2022-11-02T22:16:40.000000Z"}, {"uuid": "1ef985ed-ddad-4c2c-84ab-483c7d9d4d92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/ctinow/72926", "content": "High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)\n\nhttps://ift.tt/HB871tA", "creation_timestamp": "2022-11-02T16:12:00.000000Z"}, {"uuid": "66478a5c-b85d-480b-bdd6-665cc296d344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/ctinow/72828", "content": "Security Advisory for OpenSSL Vulnerabilities CVE-2022-3602 &amp; CVE-2022-3786\n\nhttps://ift.tt/upNe8F5", "creation_timestamp": "2022-11-02T09:51:28.000000Z"}, {"uuid": "4728e7d7-9cb3-4f72-ad11-db6fe3cb98aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/ctinow/72717", "content": "What the OpenSSL Vulnerabilities Are\u2026and Aren\u2019t (CVE-2022-3786 &amp; CVE-2022-3602)\n\nhttps://ift.tt/Ys34Elk", "creation_timestamp": "2022-11-01T20:46:42.000000Z"}, {"uuid": "a1f6f226-26cf-4a94-8b97-cb57b2b8ebaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1136", "content": "cve-2022-3602 \ncve-2022-3786 - openssl-poc\nDownload POC\n\n#openssl #poc", "creation_timestamp": "2022-11-03T04:56:43.000000Z"}, {"uuid": "94c97b28-4879-4c47-9462-1182bc40b97f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/572", "content": "\u200b\u200bcve-2022-3602-and-cve-2022-3786-openssl-poc\n\nPosted our technical analyses of the two OpenSSL vulns published yesterday, along with a simple PoC repo.\n\n\u25ab\ufe0f CVE-2022-3602: https://attackerkb.com/topics/GMp2yGvZCw/cve-2022-3602/rapid7-analysis\n\u25ab\ufe0f CVE-2022-3786: https://attackerkb.com/topics/CKTqMzGksY/cve-2022-3786/rapid7-analysis\n\nhttps://github.com/rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc\n\n#cve #poc", "creation_timestamp": "2022-11-28T19:10:49.000000Z"}, {"uuid": "b9f88f5e-f7b4-467d-bd98-d0c718f2142a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/567", "content": "\u200b\u200bCVE\u22122022-3602\n\nThis document and repository is a write-up of CVE\u22122022-3602, a punycode buffer overflow issue in OpenSSL. It's an \"anti-POC\" (the issue does not appear to exploitable) intended for folks who maintain their own OpenSSL builds and for compiler maintainers.\n\nThere is a seperate CVE in the same release, CVE-2022-3786, which also leads to buffer overflows but an attacker can't control the content in that case. There is no reproduction for that issue here, but that issue can lead to a Denial of Service due to crash.\n\nCrashes and Buffer over\ufb02lows are never good and if you are using OpenSSL 3.0.x, it is prudent to update as soon as possible.\n\nhttps://github.com/colmmacc/CVE-2022-3602", "creation_timestamp": "2022-11-02T18:08:04.000000Z"}, {"uuid": "9795b5d6-e892-4f0c-9ef3-1c5f6b4f2413", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/CyberSecurityIL/16060", "content": "\u05d6\u05d4 \u05dc\u05d0 \u05d4-log4j \u05d4\u05d1\u05d0, \u05d0\u05d1\u05dc \u05e9\u05ea\u05d9 \u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d1\u05e1\u05e4\u05e8\u05d9\u05d9\u05ea \u05d4\u05e7\u05d5\u05d3 \u05d4\u05e4\u05ea\u05d5\u05d7 \u05d4\u05e4\u05d5\u05e4\u05d5\u05dc\u05e8\u05d9\u05ea OpenSSL \u05e4\u05d5\u05e8\u05e1\u05de\u05d5 \u05d4\u05d9\u05d5\u05dd, \u05de\u05d5\u05de\u05dc\u05e5 \u05dc\u05e2\u05d3\u05db\u05df.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea CVE-2022-3602 \u05d5-\u00a0CVE-2022-3786 \u05de\u05d0\u05e4\u05e9\u05e8\u05d5\u05ea \u05dc\u05ea\u05d5\u05e7\u05e3 \u05dc\u05e0\u05e6\u05dc \u05d7\u05d5\u05dc\u05e9\u05d4 \u05d1\u05d2\u05e8\u05e1\u05d4 3.0 \u05d5\u05de\u05e2\u05dc\u05d4 \u05d5\u05dc\u05d2\u05e8\u05d5\u05dd \u05dc\u05d4\u05e8\u05e6\u05ea \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7 \u05d0\u05d5 \u05d1\u05d9\u05e6\u05d5\u05e2 DDoS, \u05d1\u05ea\u05d7\u05d9\u05dc\u05d4 \u05d3\u05d5\u05e8\u05d2\u05d5 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05db\u05e7\u05e8\u05d9\u05d8\u05d9\u05d5\u05ea \u05d0\u05da \u05dc\u05d1\u05e1\u05d5\u05e3 \u05e8\u05de\u05ea \u05d4\u05d7\u05d5\u05de\u05e8\u05d4 \u05e9\u05d5\u05e0\u05ea\u05d4 \u05dc\u05e8\u05de\u05d4 \u05e0\u05de\u05d5\u05db\u05d4 \u05d9\u05d5\u05ea\u05e8.\n\n\u05d1\u05e9\u05dc\u05d1 \u05d6\u05d4 \u05e6\u05d5\u05d5\u05ea \u05d4\u05e4\u05e8\u05d5\u05d9\u05d9\u05e7\u05d8 \u05de\u05d5\u05e1\u05e8 \u05db\u05d9 \u05d4\u05d5\u05d0 \u05dc\u05d0 \u05de\u05db\u05d9\u05e8 \u05e0\u05d9\u05e6\u05d5\u05dc \u05e7\u05d9\u05d9\u05dd \u05dc\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d0\u05dc\u05d5 \u05d0\u05da \u05de\u05e4\u05e6\u05d9\u05e8 \u05dc\u05e2\u05d3\u05db\u05df \u05dc\u05d2\u05e8\u05e1\u05d4 3.0.7 \u05d1\u05d4 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05e0\u05e1\u05d2\u05e8\u05d5.\n\nhttps://t.me/CyberSecurityIL/2338\n\nhttps://www.bleepingcomputer.com/news/security/openssl-fixes-two-high-severity-vulnerabilities-what-you-need-to-know/\n\n#\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea", "creation_timestamp": "2022-11-01T19:15:11.000000Z"}, {"uuid": "1bd883d5-cdf5-4540-bc76-2b0ca3b9bcd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "published-proof-of-concept", "source": "https://t.me/breachdetector/135818", "content": "{\n  \"Source\": \"https://t.me/documentors\",\n  \"Content\": \"cve-2022-3602 &amp; cve-2022-3786PoC.zip 4.9 MB \ud83d\udca5Yet another PoC for OpenSSL vulnerabilities(CVE-2022-3602 &amp; CVE-2022-3786) \ud83d\udcc4For Questions and Purchase and place Orders Contact us: \ud83d\udece @darkamo https://t.me/documentors\", \n  \"author\": \"\u2693\ufe0f\ud835\udd07\ud835\udd2c\ud835\udd20\ud835\udd32\ud835\udd2a\ud835\udd22\ud835\udd2b\ud835\udd31\ud835\udd2c\ud835\udd2f\",\n  \"Detection Date\": \"04 Nov 2022\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 Data Leak monitoring system\ud83d\udd39", "creation_timestamp": "2022-11-04T15:01:29.000000Z"}, {"uuid": "123baac5-32d9-4b22-ad8f-1c6db93a2114", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "published-proof-of-concept", "source": "Telegram/pDlVR56iY6rypUkhFLaqLdVNy7SeZGDsal8kYSFgYj64xD0", "content": "", "creation_timestamp": "2022-11-12T11:35:26.000000Z"}, {"uuid": "c297048a-cfbc-4148-8fb1-c30a530924cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/578", "content": "\u062a\u06a9\u0645\u06cc\u0644\u06cc:\n\n\u062f\u0631 \u0622\u062e\u0631\u06cc\u0646 \u0628\u0647 \u0631\u0648\u0632\u0633\u0627\u0646\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u062c\u062f\u06cc\u062f\u062a\u0631\u06cc\u0646 \u0636\u0639\u0641 \u0627\u0645\u0646\u06cc\u062a\u06cc OpenSSL \u06a9\u0647 \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 CVE-2022-3786 \u0648 CVE-2022-3602 \u0645\u06cc \u0628\u0627\u0634\u062f\u060c \u062f\u0631\u062c\u0647 \u0627\u0647\u0645\u06cc\u062a \u0622\u0646 \u0627\u0632 Critical \u0628\u0647 High \u06a9\u0627\u0647\u0634 \u067e\u06cc\u062f\u0627 \u06a9\u0631\u062f.\n\u0647\u0645\u0686\u0646\u06cc\u0646 \u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u062a\u06a9\u0645\u06cc\u0644\u06cc \u0648 \u0641\u0646\u06cc \u062f\u0631 \u062e\u0635\u0648\u0635 \u0627\u06cc\u0646 \u062f\u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u06a9\u0647 \u0627\u0632 \u062c\u0646\u0633 Buffer Overflow \u0627\u0633\u062a \u0646\u06cc\u0632 \u0628\u0631\u0627\u06cc \u0639\u0644\u0627\u0642\u0647 \u0645\u0646\u062f\u0627\u0646 \u0627\u0631\u0627\u0626\u0647 \u0634\u062f.\n\u062f\u0631 \u0627\u062f\u0627\u0645\u0647 \u0628\u0647 \u0633\u0648\u0627\u0644\u0627\u062a \u0627\u062d\u062a\u0645\u0627\u0644\u06cc \u0648 \u0631\u0627\u0647\u0646\u0645\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0647\u0634 \u062e\u0637\u0631 \u06cc\u0627 \u0631\u06cc\u0633\u06a9 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u067e\u0631\u062f\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a.\n\u062c\u0632\u0626\u06cc\u0627\u062a \u06a9\u0627\u0645\u0644: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/", "creation_timestamp": "2022-11-10T21:29:01.000000Z"}, {"uuid": "2390030b-240b-45fa-8aa4-d7418ebed0a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "Telegram/BvLKt3rLrvV1MavTWtzUjCGDDZdoZfIDa5boheIt5lY5uHc", "content": "", "creation_timestamp": "2022-11-01T18:14:16.000000Z"}, {"uuid": "5efa9e6a-ebdb-4210-8dc3-7b3decec1b29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/true_secator/3668", "content": "\u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 Cisco \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0440\u044f\u0434 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0438 \u0432\u0435\u0431-\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0421\u0430\u043c\u0443\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0432 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Cisco Identity Services Engine (ISE).\n\nISE \u2014 \u044d\u0442\u043e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2022-20961, \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 8,8 \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CSRF) \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\n\n\u041a\u0430\u043a \u043f\u0438\u0448\u0443\u0442 \u0432 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445, \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 CSRF \u0434\u043b\u044f \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0431\u0430\u0433\u043e\u0439, \u0443\u0431\u0435\u0434\u0438\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043f\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0441\u0441\u044b\u043b\u043a\u0435.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0442\u0430\u043a\u043e\u0433\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f \u0434\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u0414\u0440\u0443\u0433\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-20956 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7,1) \u0432 \u0442\u043e\u043c \u0436\u0435 ISE \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0433\u0434\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0443, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0438 \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u043a \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0443 \u043d\u0435\u0433\u043e \u043d\u0435 \u0434\u043e\u043b\u0436\u043d\u043e \u0431\u044b\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u0421\u043e \u0441\u043b\u043e\u0432 Cisco PSIRT, \u0432 \u0441\u0435\u0442\u0438 \u0443\u0436\u0435 \u0438\u043c\u0435\u0435\u0442\u0441\u044f \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0422\u0430\u043a\u0436\u0435 \u0418\u0422-\u0433\u0438\u0433\u0430\u043d\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL Injection CVE-2022-20867 \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 CVE-2022-20868 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Cisco ESA, Cisco Secure Email \u0438 Web Manager Next Generation Management.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e Cisco \u043f\u0440\u0438\u0441\u0442\u0430\u043b\u044c\u043d\u043e \u0438\u0437\u0443\u0447\u0430\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043f\u0440\u0435\u0441\u043b\u043e\u0432\u0443\u0442\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 OpenSSL CVE-2022-3602 \u0438 CVE-2022-3786, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u0440\u0430\u043d\u0435\u0435.", "creation_timestamp": "2022-11-07T13:16:19.000000Z"}, {"uuid": "a5aee9ae-1268-42fe-a4b9-3d45781e2932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/true_secator/3651", "content": "\u0428\u0438\u0440\u043e\u043a\u043e \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u0432 \u0438\u043d\u0444\u043e\u0441\u0435\u043a\u0435 \u043d\u043e\u0432\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f OpenSSL \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\nCVE-2022-3602 \u0438 CVE-2022-3786 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 OpenSSL \u0432\u0435\u0440\u0441\u0438\u0438 3.0.0 \u0438 \u0432\u044b\u0448\u0435 \u0438 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 OpenSSL 3.0.7.\n\n\u041f\u0435\u0440\u0432\u0430\u044f CVE-2022-3602 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 4-\u0431\u0430\u0439\u0442\u043e\u0432\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0441\u0442\u0435\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0441\u0431\u043e\u0438 \u0438\u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a2022-3602 \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0434\u0440\u0443\u0433\u0430\u044f  CVE-2022-3786 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0438 CVE-20\u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430.\n\n\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043d\u0438 \u043e \u043a\u0430\u043a\u043e\u043c \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0433 \u0431\u044b \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430, \u0438 \u0443 \u043d\u0438\u0445 \u043d\u0435\u0442 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0412 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u043e\u0439\u00a0Open SSL, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0418\u0422-\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b\u00a0\u0441 25 \u043e\u043a\u0442\u044f\u0431\u0440\u044f\u00a0\u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u044b\u00a0\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0438\u0441\u043a\u0430 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 OpenSSL 3.0.7.\n\nOpenSSL \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043c\u0435\u0440\u044b \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439, \u0442\u0440\u0435\u0431\u0443\u044f \u043e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 TLS, \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 TLS \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u043d\u0435 \u0431\u0443\u0434\u0443\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0425\u043e\u0442\u044f \u0438 \u043d\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u043e \u043e\u0446\u0435\u043d\u043a\u0443 CVE-2022-3602 \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439, \u0432\u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0438 \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u043f\u043e\u043d\u0438\u0436\u0435\u043d\u0430 \u0434\u043e \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438\u00a0\u0438 \u0432\u043b\u0438\u044f\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b OpenSSL 3.0 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0443\u0436\u0435 \u043f\u0440\u0438\u0440\u0430\u0432\u043d\u044f\u043b\u0438 \u0431\u0430\u0433\u0438 \u043a \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438, \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0439\u043e\u0441\u0442\u0438.\n\nCVE-2022-\u0438\u0437 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 1 793 000 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u043e\u043d\u043b\u0430\u0439\u043d-\u0445\u043e\u0441\u0442\u043e\u0432, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445\u0435\u0440\u0436\u0438\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 7000 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438.\n\nShodan\u00a0\u0434\u0430\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432 16 000 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 OpenSSL.\n\n\u041f\u043e\u0441\u043b\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0439 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, AWS, GCP, Azure, OCI \u0438 Alibaba Cloud) \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b Wiz.io \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043b\u0438\u0448\u044c 1,5% \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 OpenSSL.\n\n\u0412 \u0438\u0442\u043e\u0433\u0435: \u043c\u043d\u043e\u0433\u043e \u0448\u0443\u043c\u0430 \u0438\u0437 \u043d\u0438\u0447\u0435\u0433\u043e.", "creation_timestamp": "2022-11-02T13:35:04.000000Z"}, {"uuid": "c6e87e3a-9169-4fa2-ac7c-3a4f972b02ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/true_secator/3834", "content": "\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0435 \u0433\u0438\u0433\u0430\u043d\u0442\u044b Siemens \u0438 Schneider Electric \u0441\u043e\u0440\u0435\u0432\u043d\u0443\u044e\u0442\u0441\u044f \u0432 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438 \u0432 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u0440\u0430\u0437 Siemens \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0431\u043e\u043b\u044c\u0448\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u043d\u0430 \u043f\u043e\u0440\u044f\u0434\u043e\u043a \u0431\u043e\u043b\u044c\u0448\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 20 \u043d\u043e\u0432\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0445 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 140 \u0434\u044b\u0440 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0414\u043b\u044f \u043e\u0434\u043d\u0438\u0445 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 OpenSSL \u0438 OpenSSH, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b Scalance X-200RNA, \u0431\u044b\u043b\u043e \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 80 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0441 \u00ab\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439\u00bb \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u044d\u0442\u0438 \u0436\u0435 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0448\u0435\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 (XSS), \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS) \u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0430\u043d\u0441\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Siemens \u043f\u0440\u043e\u0438\u043d\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0435\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0434\u0432\u0443\u043c \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c OpenSSL, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u043c \u043a\u0430\u043a CVE-2022-3602 \u0438 CVE-2022-3786.\n\n\u0422\u0430\u043a\u0436\u0435 \u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Sicam PAS, Apogee/Talon, Mendix, Teamcenter Visualization, JT2Go, Scalance, Simatic, Parasolid, Ruggedcom \u0438 Simcenter STAR-CCM+ \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0438\u0445.\n\n\u0412 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0441\u043e\u0437\u0434\u0430\u044e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0443\u0433\u0440\u043e\u0437\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, DoS-\u0430\u0442\u0430\u043a, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439.\n\n\u041e\u0434\u043d\u0430\u043a\u043e Siemens \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0435 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0438 \u0434\u043b\u044f \u043c\u043d\u043e\u0433\u0438\u0445 \u0438\u0437 \u043d\u0438\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0443\u0434\u0443\u0442 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u043f\u043e\u0437\u0436\u0435, \u0442\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u044b \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u0434\u043b\u044f \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044f \u0438 \u043b\u043e\u043a\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0433\u0440\u043e\u0437.\n\n\u0412 Schneider Electric \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e 3 \u043d\u043e\u0432\u044b\u0445 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f, \u043f\u043e\u0441\u0432\u044f\u0449\u0435\u043d\u043d\u044b\u0445 6 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c.\n\n\u0421\u0430\u043c\u0430\u044f \u0432\u0430\u0436\u043d\u0430\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f \u043a\u043e\u0441\u043d\u0443\u043b\u0430\u0441\u044c \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u043e\u043d\u043b\u0430\u0439\u043d-\u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 APC Easy UPS, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430, \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438\u043b\u0438 \u043e\u0431\u0445\u043e\u0434\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412\u0442\u043e\u0440\u043e\u0439 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 DoS \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b (RTU) Saitel DR.\n\n\u0414\u043b\u044f \u0432\u0441\u0435\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u043e\u043b\u0436\u043d\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.", "creation_timestamp": "2022-12-15T18:01:05.000000Z"}, {"uuid": "1b0ac21e-116d-47f1-853a-f1152ed5c28a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/BlueRedTeam/2428", "content": "#CVE-2022\n\nOperational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3\n\nhttps://github.com/NCSC-NL/OpenSSL-2022\n\n@BlueRedTeam", "creation_timestamp": "2022-11-04T06:57:51.000000Z"}, {"uuid": "46e28e6e-45f4-4120-9a0b-ca7b81081695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "published-proof-of-concept", "source": "https://t.me/intelexch/38006", "content": "https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786", "creation_timestamp": "2022-12-07T18:25:02.000000Z"}, {"uuid": "b1e8fa4c-c7f4-4e77-98d6-755b3d55fee1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37864", "type": "seen", "source": "https://t.me/cibsecurity/51100", "content": "\u203c CVE-2022-37864 \u203c\n\nA vulnerability has been identified in Solid Edge (All Versions &lt; SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17627)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T14:25:49.000000Z"}, {"uuid": "c26f9bdf-7109-47f5-851a-6d4e45cdc110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37866", "type": "seen", "source": "https://t.me/cibsecurity/52590", "content": "\u203c CVE-2022-37866 \u203c\n\nWhen Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied \"pattern\" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain \"../\" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing \"..\" sequences and a \"normal\" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T18:24:00.000000Z"}, {"uuid": "a4896714-0327-48a5-88ed-3e70e7fe1050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/cibsecurity/52409", "content": "\u203c CVE-2022-3786 \u203c\n\nA buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T21:19:05.000000Z"}, {"uuid": "81b521d6-5611-415c-be11-01d7eba7c758", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37861", "type": "seen", "source": "https://t.me/cibsecurity/49845", "content": "\u203c CVE-2022-37861 \u203c\n\nThere is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T20:27:55.000000Z"}, {"uuid": "9a0cc1c3-4a99-4b8f-b4c9-e6c25b24a6a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37860", "type": "seen", "source": "https://t.me/cibsecurity/49600", "content": "\u203c CVE-2022-37860 \u203c\n\nThe web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-12T22:29:37.000000Z"}, {"uuid": "2646065e-7033-4af4-a392-d9d559d42977", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/thehackernews/2723", "content": "Nothing CRITICAL this time!\n\nOpenSSL has released patches for 2 new high-severity flaws (CVE-2022-3786 / CVE-2022-3602).\n\nhttps://thehackernews.com/2022/11/just-in-openssl-releases-patch-for-2.html\n\nCVE-2022-3602 has been downgraded from CRITICAL to HIGH as it cannot be exploited in most widely used architectures and platforms.", "creation_timestamp": "2022-11-01T17:28:35.000000Z"}, {"uuid": "87c127c9-97b3-431b-a937-ff3a2c1ab12a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/BlueRedTeam/2489", "content": "#CVE-2022\nOperational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3\n\nhttps://github.com/NCSC-NL/OpenSSL-2022\n\n@BlueRedTeam", "creation_timestamp": "2022-11-25T15:19:02.000000Z"}, {"uuid": "3a2203f6-77e5-4279-91b0-e1365694e551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/328", "content": "https://github.com/rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc  \n#github", "creation_timestamp": "2022-11-14T08:56:42.000000Z"}, {"uuid": "ea100f60-21f4-4e79-a03b-36b39ba1b1a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3786", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/4297", "content": "cve-2022-3602 \ncve-2022-3786 / openssl-poc\n\nGithub \n\n#Openssl #poc \n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2022-11-12T16:32:01.000000Z"}]}