MONTHLY REPORT

誤りがあった場合はTwitterに報告をお願いします。-> Twitter《Har-sia》

CVE-2022-22047

Description from NVD

Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22049.

Information Acquisition Date:2022/08/01

CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

Highest Score:107 （2022/07/13）

脆弱性情報：Har-sia CVE-2022-22047

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-2274

Description from NVD

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

Information Acquisition Date:2022/08/01

CVSS 2.0: 10.0 HIGH CVSS 3.x: 9.8 CRITICAL

Highest Score:52 （2022/07/06）

脆弱性情報：Har-sia CVE-2022-2274

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-2294

Description from NVD

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Information Acquisition Date:2022/08/01

CVSS 2.0: 0.0 None CVSS 3.x: 0.0 None

Description from Forti

Security Update 2022-07-04 from Google Chrome

Information Acquisition Date:2022/07/07

Affected Products

Impact

Recommended Actions

References

Highest Score:74 （2022/07/05）

脆弱性情報：Har-sia CVE-2022-2294

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-26138

Description from NVD

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

Information Acquisition Date:2022/08/01

CVSS 2.0: 0.0 None CVSS 3.x: 0.0 None

Highest Score:67 （2022/07/21）

脆弱性情報：Har-sia CVE-2022-26138

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-26706

Description from NVD

An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.

Information Acquisition Date:2022/08/01

CVSS 2.0: 4.3 MEDIUM CVSS 3.x: 5.5 MEDIUM

Highest Score:79 （2022/07/14）

脆弱性情報：Har-sia CVE-2022-26706

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-30136

Description from NVD

Windows Network File System Remote Code Execution Vulnerability.

Information Acquisition Date:2022/08/01

CVSS 2.0: 10.0 HIGH CVSS 3.x: 9.8 CRITICAL

Highest Score:40 （2022/07/15）

脆弱性情報：Har-sia CVE-2022-30136

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-30181

Description from NVD

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677.

Information Acquisition Date:2022/08/01

CVSS 2.0: 5.5 MEDIUM CVSS 3.x: 6.5 MEDIUM

Highest Score:132 （2022/07/13）

脆弱性情報：Har-sia CVE-2022-30181

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-30190

Description from NVD

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

Information Acquisition Date:2022/08/01

CVSS 2.0: 9.3 HIGH CVSS 3.x: 7.8 HIGH

This vulnerability may involve a PoC.

Highest Score:460 （2022/06/01）

脆弱性情報：Har-sia CVE-2022-30190

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-33641

Description from NVD

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677.

Information Acquisition Date:2022/08/01

CVSS 2.0: 5.5 MEDIUM CVSS 3.x: 6.5 MEDIUM

Highest Score:128 （2022/07/13）

脆弱性情報：Har-sia CVE-2022-33641

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-33642

Description from NVD

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677.

Information Acquisition Date:2022/08/01

CVSS 2.0: 6.5 MEDIUM CVSS 3.x: 7.2 HIGH

Highest Score:129 （2022/07/13）

脆弱性情報：Har-sia CVE-2022-33642

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-33643

Description from NVD

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677.

Information Acquisition Date:2022/08/01

CVSS 2.0: 5.5 MEDIUM CVSS 3.x: 6.5 MEDIUM

Highest Score:127 （2022/07/13）

脆弱性情報：Har-sia CVE-2022-33643

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-33650

Description from NVD

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677.

Information Acquisition Date:2022/08/01

CVSS 2.0: 4.0 MEDIUM CVSS 3.x: 4.9 MEDIUM

Highest Score:127 （2022/07/13）

脆弱性情報：Har-sia CVE-2022-33650

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-33651

Description from NVD

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677.

Information Acquisition Date:2022/08/01

CVSS 2.0: 4.0 MEDIUM CVSS 3.x: 4.9 MEDIUM

Highest Score:127 （2022/07/13）

脆弱性情報：Har-sia CVE-2022-33651

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-33652

Description from NVD

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677.

Information Acquisition Date:2022/08/01

CVSS 2.0: 4.0 MEDIUM CVSS 3.x: 4.9 MEDIUM

Highest Score:84 （2022/07/13）

脆弱性情報：Har-sia CVE-2022-33652

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-33653

Description from NVD

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677.

Information Acquisition Date:2022/08/01

CVSS 2.0: 4.0 MEDIUM CVSS 3.x: 4.9 MEDIUM

Highest Score:78 （2022/07/13）

脆弱性情報：Har-sia CVE-2022-33653

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-33654

Description from NVD

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677.

Information Acquisition Date:2022/08/01

CVSS 2.0: 4.0 MEDIUM CVSS 3.x: 4.9 MEDIUM

Highest Score:56 （2022/07/13）

脆弱性情報：Har-sia CVE-2022-33654

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

CVE-2022-34918

Description from NVD

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Information Acquisition Date:2022/08/01

CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

This vulnerability may involve a PoC.

Highest Score:40 （2022/07/21）

脆弱性情報：Har-sia CVE-2022-34918

管理者コメント

（自動翻訳）脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。（自動翻訳ここまで）

###---###

参考URL：

上に戻る

2022年07月の脆弱性

CVE-2022-22047

Description from NVD

CVE-2022-2274

Description from NVD

CVE-2022-2294

Description from NVD

Description from Forti

Security Update 2022-07-04 from Google Chrome

Affected Products

Impact

Recommended Actions

References

CVE-2022-26138

Description from NVD

CVE-2022-26706

Description from NVD

CVE-2022-30136

Description from NVD

CVE-2022-30181

Description from NVD

CVE-2022-30190

Description from NVD

CVE-2022-33641

Description from NVD

CVE-2022-33642

Description from NVD

CVE-2022-33643

Description from NVD

CVE-2022-33650

Description from NVD

CVE-2022-33651

Description from NVD

CVE-2022-33652

Description from NVD

CVE-2022-33653

Description from NVD

CVE-2022-33654

Description from NVD

CVE-2022-34918

Description from NVD