{"vulnerability": "cve-2022-4076", "sightings": [{"uuid": "3d63dccf-ac98-476a-8e66-e578c16f98e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40765", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "c04a9921-da6a-46ce-b9e7-01db11880431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40765", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971768", "content": "", "creation_timestamp": "2024-12-24T20:33:49.961340Z"}, {"uuid": "7f8357cf-d197-43a8-a494-677061650eeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40765", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:38.000000Z"}, {"uuid": "ca39c8f8-7b92-48a4-9c85-b84d099c2b24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40769", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lswluwxsjp27", "content": "", "creation_timestamp": "2025-07-01T21:02:22.332873Z"}, {"uuid": "b3717315-f837-4562-b8b2-3c2691ec6f80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-40765", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3d5fdb6e-ccfe-41ce-b518-ee4b769c88e7", "content": "", "creation_timestamp": "2026-02-02T12:27:04.885054Z"}, {"uuid": "defb2b50-5a87-476f-8580-3ae7f3f81c54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40765", "type": "seen", "source": "Telegram/B_s7wUv7NqnF_QxZ0yvH_1oKFsyHKfe56lQgg2pc4E2COeUn", "content": "", "creation_timestamp": "2025-02-06T02:41:36.000000Z"}, {"uuid": "68d78043-8c36-49ac-a38d-f80348a62908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40765", "type": "seen", "source": "Telegram/Kilcqj-01hSB61ivOp72hCqX2Z4YcByxZD2e-KVOKoCfiL_p", "content": "", "creation_timestamp": "2025-02-06T02:40:48.000000Z"}, {"uuid": "cc317486-cec5-465f-b228-5916dd45202c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40765", "type": "seen", "source": "https://t.me/arpsyndicate/1355", "content": "#ExploitObserverAlert\n\nCVE-2022-40765\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-40765. A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.\n\nFIRST-EPSS: 0.002010000\nNVD-IS: 5.9\nNVD-ES: 0.9", "creation_timestamp": "2023-12-05T01:25:42.000000Z"}, {"uuid": "0afd8df5-23d1-45f2-91be-2fa562ec93f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40764", "type": "seen", "source": "https://t.me/cibsecurity/53717", "content": "\u203c CVE-2022-22984 \u203c\n\nThe package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:12.000000Z"}, {"uuid": "45302636-3708-4ea3-8862-0e6655350271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40764", "type": "seen", "source": "https://t.me/cibsecurity/53716", "content": "\u203c CVE-2022-24441 \u203c\n\nThe package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require some level of social engineering - to coerce an untrusted project to be downloaded and analyzed via the Snyk CLI or opened in an IDE where a Snyk IDE plugin is installed and enabled. Additionally, if the IDE has a Trust feature then the target folder must be marked as \u00e2\u20ac\u02dctrusted\u00e2\u20ac\u2122 in order to be vulnerable. **NOTE:** This issue is independent of the one reported in [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342), and upgrading to a fixed version for this addresses that issue as well. The affected IDE plugins and versions are: - VS Code - Affected: &lt;=1.8.0, Fixed: 1.9.0 - IntelliJ - Affected: &lt;=2.4.47, Fixed: 2.4.48 - Visual Studio - Affected: &lt;=1.1.30, Fixed: 1.1.31 - Eclipse - Affected: &lt;=v20221115.132308, Fixed: All subsequent versions - Language Server - Affected: &lt;=v20221109.114426, Fixed: All subsequent versions\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:11.000000Z"}, {"uuid": "c78eba23-388a-4827-918e-aff5dff1867e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40765", "type": "seen", "source": "https://t.me/cibsecurity/53298", "content": "\u203c CVE-2022-40765 \u203c\n\nA vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-22T07:12:40.000000Z"}, {"uuid": "79dfc881-78fb-4661-aab8-3b90250f1911", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4076", "type": "seen", "source": "https://t.me/cibsecurity/53220", "content": "\u203c CVE-2022-4076 \u203c\n\nA vulnerability was found in codeboxr CBX User Online &amp; Last Login Plugin and classified as problematic. This issue affects some unknown processing of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214043.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-20T16:36:23.000000Z"}, {"uuid": "465ea2af-8f7d-4878-a6e5-36ba40a8810f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40761", "type": "seen", "source": "https://t.me/cibsecurity/50006", "content": "\u203c CVE-2022-40761 \u203c\n\nThe function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-17T02:35:22.000000Z"}, {"uuid": "abd0339e-39ef-466a-8fe5-fa5caad8e273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40769", "type": "exploited", "source": "https://t.me/cibsecurity/50022", "content": "\u203c CVE-2022-40769 \u203c\n\nprofanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-18T20:36:20.000000Z"}, {"uuid": "f395c42a-7f51-42aa-b74c-14bf884661a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40766", "type": "seen", "source": "https://t.me/cibsecurity/50021", "content": "\u203c CVE-2022-40766 \u203c\n\nModern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '\" OR 1 = 1 -- - , ", "creation_timestamp": "2022-09-18T12:35:57.000000Z"}, {"uuid": "a9431549-3d02-4c58-99a3-a2748b2d53e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40768", "type": "seen", "source": "https://t.me/cibsecurity/50020", "content": "\u203c CVE-2022-40768 \u203c\n\ndrivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T05:05:51.000000Z"}, {"uuid": "b68167da-e3a5-442c-bc3b-e3fb6262285b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40765", "type": "exploited", "source": "https://t.me/thehackernews/3079", "content": "CISA has updated its Known Exploited Vulnerabilities catalog with three new vulnerabilities that are currently being exploited \u2014 IBM Aspera Faspex (CVE-2022-47986) and Mitel MiVoice Connect (CVE-2022-41223 and CVE-2022-40765).\n\nRead more: https://thehackernews.com/2023/02/us-cybersecurity-agency-cisa-adds-three.html", "creation_timestamp": "2023-02-22T06:49:53.000000Z"}, {"uuid": "beea236d-77a3-4ec6-a582-2dac7900bf9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40764", "type": "seen", "source": "https://t.me/VulnerabilityNews/31287", "content": "The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require some level of social engineering - to coerce an untrusted project to be downloaded and analyzed via the Snyk CLI or opened in an IDE where a Snyk IDE plugin is installed and enabled. Additionally, if the IDE has a Trust feature then the target folder must be marked as \u00e2\u20ac\u02dctrusted\u00e2\u20ac\u2122 in order to be vulnerable. **NOTE:** This issue is independent of the one reported in [CVE-2022-40764](https://ift.tt/lS1KaVJ), and upgrading to a fixed version for this addresses that issue as well. The affected IDE plugins and versions are: - VS Code - Affected: &lt;=1.8.0, Fixed: 1.9.0 - IntelliJ - Affected: &lt;=2.4.47, Fixed: 2.4.48 - Visual Studio - Affected: &lt;=1.1.30, Fixed: 1.1.31 - Eclipse - Affected: &lt;=v20221115.132308, Fixed: All subsequent versions - Language Server - Affected: &lt;=v20221109.114426, Fixed: All subsequent versions\nPublished at: November 30, 2022 at 02:15PM\nView on website", "creation_timestamp": "2022-11-30T16:57:57.000000Z"}, {"uuid": "b165bbd7-62f6-4835-8024-21fbf1b44a86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40764", "type": "seen", "source": "https://t.me/VulnerabilityNews/31288", "content": "The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://ift.tt/lS1KaVJ). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://ift.tt/ksWSvXu as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605.\nPublished at: November 30, 2022 at 02:15PM\nView on website", "creation_timestamp": "2022-11-30T16:57:58.000000Z"}, {"uuid": "12561243-97ad-42e5-9910-314be7e9482a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40764", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7012", "content": "#Threat_Research\n1. A New Attack Surface on MS Exchange - ProxyRelay!\nhttps://blog.orange.tw/2022/10/proxyrelay-a-new-attack-surface-on-ms-exchange-part-4.html\n2. How Scanning Your Projects for Security Issues Can Lead to RCE (CVE-2022-40764)\nhttps://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution", "creation_timestamp": "2022-10-20T11:05:16.000000Z"}, {"uuid": "70600e9c-99eb-4284-bfb6-3701d4cba534", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40769", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/eca84cac-d6f9-4a01-8f21-2668e56c1b52", "content": "", "creation_timestamp": "2026-06-19T12:47:03.503458Z"}, {"uuid": "17ea1e37-bc3d-4a4f-a918-7c4122123179", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40765", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/0fb02a8a-8213-4bf1-b456-da9fe852968c", "content": "", "creation_timestamp": "2026-06-19T12:46:59.115726Z"}, {"uuid": "f6edd272-7136-4072-a2fb-88a14478ddc7", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40765", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a6100c10-469c-425a-9b92-69a895a0cd0a", "content": "", "creation_timestamp": "2026-06-23T14:05:37.307253Z"}]}