Update Tue Dec 6 09:44:06 UTC 2022

2013/CVE-2013-3321.md

@@ -0,0 +1,17 @@
+### [CVE-2013-3321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3321)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.
+
+### POC
+
+#### Reference
+- https://www.securityfocus.com/archive/1/526552
+
+#### Github
+No PoCs found on GitHub currently.
+

2013/CVE-2013-3322.md

@@ -0,0 +1,17 @@
+### [CVE-2013-3322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3322)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
+
+### POC
+
+#### Reference
+- https://www.securityfocus.com/archive/1/526552
+
+#### Github
+No PoCs found on GitHub currently.
+

2019/CVE-2019-18932.md

@@ -0,0 +1,17 @@
+### [CVE-2019-18932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18932)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.
+
+### POC
+
+#### Reference
+- https://bugzilla.suse.com/show_bug.cgi?id=1150554
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-28857.md

@@ -0,0 +1,17 @@
+### [CVE-2021-28857](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28857)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.
+
+### POC
+
+#### Reference
+- https://yunus-shn.medium.com/tp-links-tl-wpa4220-v4-0-cleartext-credentials-in-cookie-7516a2649394
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-24439.md

@@ -0,0 +1,17 @@
+### [CVE-2022-24439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24439)
+![](https://img.shields.io/static/v1?label=Product&message=GitPython&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%200%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20(RCE)&color=brighgreen)
+
+### Description
+
+All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-25912.md

@@ -0,0 +1,18 @@
+### [CVE-2022-25912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25912)
+![](https://img.shields.io/static/v1?label=Product&message=simple-git&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%203.15.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20(RCE)&color=brighgreen)
+
+### Description
+
+The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532
+- https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-3486.md

@@ -0,0 +1,17 @@
+### [CVE-2022-3486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3486)
+![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Url%20redirection%20to%20untrusted%20site%20('open%20redirect')%20in%20GitLab&color=brighgreen)
+
+### Description
+
+An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.
+
+### POC
+
+#### Reference
+- https://gitlab.com/gitlab-org/gitlab/-/issues/377810
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-3491.md

@@ -0,0 +1,17 @@
+### [CVE-2022-3491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3491)
+![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0742%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.
+
+### POC
+
+#### Reference
+- https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-3520.md

@@ -0,0 +1,17 @@
+### [CVE-2022-3520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3520)
+![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0765%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
+
+### POC
+
+#### Reference
+- https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-3591.md

@@ -0,0 +1,17 @@
+### [CVE-2022-3591](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3591)
+![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0789%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen)
+
+### Description
+
+Use After Free in GitHub repository vim/vim prior to 9.0.0789.
+
+### POC
+
+#### Reference
+- https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-3751.md

@@ -0,0 +1,17 @@
+### [CVE-2022-3751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3751)
+![](https://img.shields.io/static/v1?label=Product&message=owncast%2Fowncast&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%200.0.13%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command&color=brighgreen)
+
+### Description
+
+SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.
+
+### POC
+
+#### Reference
+- https://huntr.dev/bounties/a04cff99-5d53-45e5-a882-771b0fad62c9
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4173.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4173)
+![](https://img.shields.io/static/v1?label=Product&message=Avast%20and%20AVG%20Antivirus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)
+
+### Description
+
+A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.
+
+### POC
+
+#### Reference
+- https://support.norton.com/sp/static/external/tools/security-advisories.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4271.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4271)
+![](https://img.shields.io/static/v1?label=Product&message=osticket%2Fosticket&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%201.16.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
+
+### POC
+
+#### Reference
+- https://huntr.dev/bounties/a11c922f-255a-412a-aa87-7f3bd7121599
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4292.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4292)
+![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0882%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen)
+
+### Description
+
+Use After Free in GitHub repository vim/vim prior to 9.0.0882.
+
+### POC
+
+#### Reference
+- https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4293.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4293)
+![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0804%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1077%20Floating%20Point%20Comparison%20with%20Incorrect%20Operator&color=brighgreen)
+
+### Description
+
+Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
+
+### POC
+
+#### Reference
+- https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -18023,6 +18023,8 @@ CVE-2013-3315 - http://www.tibco.com/mk/advisory.jsp
 CVE-2013-3316 - http://www.exploit-db.com/exploits/24916/
 CVE-2013-3317 - http://www.exploit-db.com/exploits/24916/
 CVE-2013-3319 - http://labs.integrity.pt/advisories/cve-2013-3319/
+CVE-2013-3321 - https://www.securityfocus.com/archive/1/526552
+CVE-2013-3322 - https://www.securityfocus.com/archive/1/526552
 CVE-2013-3366 - https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf
 CVE-2013-3367 - https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf
 CVE-2013-3402 - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm
@@ -48362,6 +48364,7 @@ CVE-2019-18922 - http://packetstormsecurity.com/files/155504/Allied-Telesis-AT-G
 CVE-2019-18929 - https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929
 CVE-2019-18930 - https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930
 CVE-2019-18931 - https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931
+CVE-2019-18932 - https://bugzilla.suse.com/show_bug.cgi?id=1150554
 CVE-2019-18935 - http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html
 CVE-2019-18935 - http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html
 CVE-2019-18935 - https://github.com/noperator/CVE-2019-18935
@@ -59452,6 +59455,7 @@ CVE-2021-28680 - https://labanskoller.se/blog/2021/03/23/the-devise-extension-th
 CVE-2021-28684 - https://peterka.tech/blog/posts/cve-2021-28684/
 CVE-2021-28807 - https://www.shielder.it/advisories/qnap-qcenter-post-auth-remote-code-execution-via-qpkg/
 CVE-2021-28807 - https://www.shielder.it/advisories/qnap-qcenter-virtual-stored-xss/
+CVE-2021-28857 - https://yunus-shn.medium.com/tp-links-tl-wpa4220-v4-0-cleartext-credentials-in-cookie-7516a2649394
 CVE-2021-28861 - https://bugs.python.org/issue43223
 CVE-2021-28903 - https://github.com/CESNET/libyang/issues/1453
 CVE-2021-28918 - https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md
@@ -64075,6 +64079,7 @@ CVE-2022-24434 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865
 CVE-2022-24434 - https://snyk.io/vuln/SNYK-JS-DICER-2311764
 CVE-2022-24437 - https://gist.github.com/lirantal/327e9dd32686991b5a1fa6341aac2e7b
 CVE-2022-24437 - https://snyk.io/vuln/SNYK-JS-GITPULLORCLONE-2434307
+CVE-2022-24439 - https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
 CVE-2022-24440 - https://snyk.io/vuln/SNYK-RUBY-COCOAPODSDOWNLOADER-2414278
 CVE-2022-24448 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
 CVE-2022-24448 - https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a@huawei.com/T/
@@ -64396,6 +64401,8 @@ CVE-2022-25898 - https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
 CVE-2022-25900 - https://snyk.io/vuln/SNYK-JS-GITCLONE-2434308
 CVE-2022-25903 - https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988750
 CVE-2022-25907 - https://security.snyk.io/vuln/SNYK-JS-TSDEEPMERGE-2959975
+CVE-2022-25912 - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532
+CVE-2022-25912 - https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221
 CVE-2022-25914 - https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECLOUDTOOLS-2968871
 CVE-2022-25918 - https://security.snyk.io/vuln/SNYK-JS-SHESCAPE-3061108
 CVE-2022-25921 - https://security.snyk.io/vuln/SNYK-JS-MORGANJSON-2976193
@@ -65777,8 +65784,10 @@ CVE-2022-34716 - http://packetstormsecurity.com/files/168332/.NET-XML-Signature-
 CVE-2022-3472 - https://vuldb.com/?id.210716
 CVE-2022-3473 - https://vuldb.com/?id.210717
 CVE-2022-34753 - http://packetstormsecurity.com/files/167783/Schneider-Electric-SpaceLogic-C-Bus-Home-Controller-5200WHC2-Remote-Root.html
+CVE-2022-3486 - https://gitlab.com/gitlab-org/gitlab/-/issues/377810
 CVE-2022-34903 - http://www.openwall.com/lists/oss-security/2022/07/02/1
 CVE-2022-34903 - https://www.openwall.com/lists/oss-security/2022/06/30/1
+CVE-2022-3491 - https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb
 CVE-2022-34918 - http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html
 CVE-2022-34918 - http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html
 CVE-2022-34918 - http://www.openwall.com/lists/oss-security/2022/07/05/1
@@ -65827,6 +65836,7 @@ CVE-2022-35156 - https://packetstormsecurity.com/files/168555/Bus-Pass-Managemen
 CVE-2022-3516 - https://huntr.dev/bounties/734bb5eb-715c-4b64-bd33-280300a63748
 CVE-2022-35174 - https://www.youtube.com/watch?v=0lngc_zPTSg
 CVE-2022-35194 - https://github.com/HuangYuHsiangPhone/CVEs/tree/main/TestLink/CVE-2022-35194
+CVE-2022-3520 - https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246
 CVE-2022-35203 - https://medium.com/@shrutukapoor25/cve-2022-35203-2372a0728279
 CVE-2022-3525 - https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330
 CVE-2022-35405 - http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html
@@ -65870,6 +65880,7 @@ CVE-2022-3583 - https://vuldb.com/?id.211192
 CVE-2022-35890 - https://github.com/sourceincite/randy
 CVE-2022-35899 - https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html
 CVE-2022-35899 - https://www.exploit-db.com/exploits/50985
+CVE-2022-3591 - https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921
 CVE-2022-35911 - https://packetstormsecurity.com/files/167797/Patlite-1.46-Buffer-Overflow.html
 CVE-2022-35913 - https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html
 CVE-2022-35914 - http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html
@@ -66050,6 +66061,7 @@ CVE-2022-37416 - https://issuetracker.google.com/issues/231026247
 CVE-2022-37434 - http://seclists.org/fulldisclosure/2022/Oct/41
 CVE-2022-37454 - https://mouha.be/sha-3-buffer-overflow/
 CVE-2022-37461 - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=30693
+CVE-2022-3751 - https://huntr.dev/bounties/a04cff99-5d53-45e5-a882-771b0fad62c9
 CVE-2022-3754 - https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
 CVE-2022-3765 - https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d
 CVE-2022-3766 - https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983
@@ -66243,6 +66255,7 @@ CVE-2022-41446 - https://ihexcoder.wixsite.com/secresearch/post/privilege-escala
 CVE-2022-41495 - https://github.com/jayus0821/insight/blob/master/ClipperCMS%20SSRF2.md
 CVE-2022-41674 - http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
 CVE-2022-41674 - https://www.openwall.com/lists/oss-security/2022/10/13/5
+CVE-2022-4173 - https://support.norton.com/sp/static/external/tools/security-advisories.html
 CVE-2022-41842 - https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928
 CVE-2022-41843 - https://forum.xpdfreader.com/viewtopic.php?f=1&t=42344
 CVE-2022-41843 - https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421
@@ -66278,6 +66291,7 @@ CVE-2022-42221 - https://github.com/Cj775995/CVE_Report/tree/main/Netgear/R6220
 CVE-2022-42457 - https://github.com/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-Command-Execution
 CVE-2022-4246 - https://seclists.org/fulldisclosure/2022/Nov/16
 CVE-2022-42703 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.7
+CVE-2022-4271 - https://huntr.dev/bounties/a11c922f-255a-412a-aa87-7f3bd7121599
 CVE-2022-42719 - http://www.openwall.com/lists/oss-security/2022/10/13/5
 CVE-2022-42720 - http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
 CVE-2022-42720 - http://www.openwall.com/lists/oss-security/2022/10/13/5
@@ -66286,6 +66300,8 @@ CVE-2022-42721 - http://www.openwall.com/lists/oss-security/2022/10/13/5
 CVE-2022-42722 - http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
 CVE-2022-42722 - http://www.openwall.com/lists/oss-security/2022/10/13/5
 CVE-2022-42801 - http://packetstormsecurity.com/files/170011/XNU-vm_object-Use-After-Free.html
+CVE-2022-4292 - https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b
+CVE-2022-4293 - https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143
 CVE-2022-42964 - https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
 CVE-2022-42965 - https://research.jfrog.com/vulnerabilities/snowflake-connector-python-redos-xray-257185/
 CVE-2022-42966 - https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/