CVE-2007-2022
published 2007-04-13CVE-2007-2022: Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information…
PriorityP422medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.92%
91.0th percentile
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
Affected
51 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
cisa9.8CRITICAL
vendor_msrc8.8HIGH
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x42c-gqrm-5gfv: Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9
ghsa_unreviewed·2022-05-03
CVE-2007-2022 [MEDIUM] CWE-200 GHSA-x42c-gqrm-5gfv: Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
Microsoft
Chromium: CVE-2022-2007 Use after free in WebGPU
vendor_msrc·2022-06-14·CVSS 8.8
CVE-2022-2007 [HIGH] Chromium: CVE-2022-2007 Use after free in WebGPU
Chromium: CVE-2022-2007 Use after free in WebGPU
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
102.0.1245.41
6/13/2022
102.0.5005.115
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In yo
Chrome
Stable Channel Update for Desktop: CVE-2022-2007
vendor_chrome·2022-06-09·CVSS 8.8
CVE-2022-2007 [HIGH] Stable Channel Update for Desktop: CVE-2022-2007
Stable Channel Update for Desktop
CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17 [$TBD][ 1317673 ] High CVE-2022-2008: Out of bounds memory access in WebGL
Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19 [$NA][ 1325298 ] High CVE-2022-2010: Out of bounds read in compositing
Severity: high
CISA
Adobe Acrobat and Reader Buffer Overflow Vulnerability
cisa·2022-06-08·CVSS 7.8
CVE-2007-5659 [HIGH] CWE-119 Adobe Acrobat and Reader Buffer Overflow Vulnerability
Vulnerability: Adobe Acrobat and Reader Buffer Overflow Vulnerability
Affected: Adobe Acrobat and Reader
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2007-5659
Remediation Due Date: 2022-06-22
CISA
Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability
cisa·2022-04-15·CVSS 9.8
CVE-2007-3010 [CRITICAL] CWE-20 Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability
Vulnerability: Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability
Affected: Alcatel OmniPCX Enterprise
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2007-3010
Remediation Due Date: 2022-05-06
Red Hat
kdebase3 flash-player interaction problem
vendor_redhat·2007-05-25·CVSS 6.8
CVE-2007-2022 [MEDIUM] kdebase3 flash-player interaction problem
kdebase3 flash-player interaction problem
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
Suricata
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0372 [HIGH] ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII"; flow:established,to_server; http.uri; content:"/modules/Advertising/admin/index.php?"; nocase; content:"clickurl="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0372; reference:url,www.securityfocus.com/bid/22116; classtype:web-application-attack; sid:2005478; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2022_04_18, mitre_tactic_id
Bugzilla
CVE-2022-50068 kernel: drm/ttm: Fix dummy res NULL ptr deref bug
bugzilla·2025-06-18·CVSS 5.5
CVE-2022-50068 [MEDIUM] CVE-2022-50068 kernel: drm/ttm: Fix dummy res NULL ptr deref bug
CVE-2022-50068 kernel: drm/ttm: Fix dummy res NULL ptr deref bug
In the Linux kernel, the following vulnerability has been resolved:
drm/ttm: Fix dummy res NULL ptr deref bug
Check the bo->resource value before accessing the resource
mem_type.
v2: Fix commit description unwrapped warning
[ 40.191227][ T184] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI
[ 40.192995][ T184] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
[ 40.194411][ T184] CPU: 1 PID: 184 Comm: systemd-udevd Not tainted 5.19.0-rc4-00721-gb297c22b7070 #1
[ 40.196063][ T184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 40.199605][ T184] RIP: 0010:ttm_bo_validate+0x1b3/0x240 [ttm]
[ 40.2007
Bugzilla
CVE-2007-2022 kdebase3 flash-player interaction problem
bugzilla·2007-06-10·CVSS 6.8
CVE-2007-2022 [MEDIUM] CVE-2007-2022 kdebase3 flash-player interaction problem
CVE-2007-2022 kdebase3 flash-player interaction problem
According to
http://www.novell.com/linux/security/advisories/2007_12_sr.html
A problem with the interaction between the Flash Player and the Konqueror web
browser was fixed. The problem could lead to key presses leaking to the applet
instead of the browser. (CVE-2007-2022)
Patch from Dirk Mueller.
Discussion:
Created attachment 156673
proposed patch
---
See also
http://www.adobe.com/support/security/advisories/apsa07-03.html
Setting impact=important
---
it's fixed in
---
This issue has been addressed in following products:
Red Hat Linux Enterprise 3
Red Hat Linux Enterprise 4
Red Hat Linux Enterprise 4.5.z
Red Hat Linux Enterprise 5
Via RHSA-2007:0494, https://rhn.redhat.com/errata/RHSA-2007-0494.html
Trendmicro
Where is the Origin QAKBOT Uses Valid Code Signing
blogs_trendmicro·2022-10-27·CVSS 7.8
[HIGH] Where is the Origin QAKBOT Uses Valid Code Signing
Malware
## Where is the Origin?: QAKBOT Uses Valid Code Signing
Code signing certificates help us assure the file's validity and legitimacy. However, threat actors can use that against us. In this blog, discover how QAKBOT use such tactic and learn ways how to prevent it.
By: Hitomi Kimura 2022/10/27 Read time: ( words)
Save to Folio
A threat actor, QAKBOT, along with EMOTET, has been one of the most active threat actors over the past few years, with numerous reports regarding its actions since it was first observed in 2007. We have reported some of them in the past, however, there are two things that come to mind regarding this threat. Namely, how Black Basta ransomware operators have used QAKBOT as a means of entry , and how they used the vulnerability, CVE-2022-30190, called Follin
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://secunia.com/advisories/24877http://secunia.com/advisories/25027http://secunia.com/advisories/25432http://secunia.com/advisories/25662http://secunia.com/advisories/25669http://secunia.com/advisories/25894http://secunia.com/advisories/25933http://secunia.com/advisories/26027http://secunia.com/advisories/26118http://secunia.com/advisories/26357http://secunia.com/advisories/26860http://secunia.com/advisories/28068http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1http://www.adobe.com/support/security/advisories/apsa07-03.htmlhttp://www.adobe.com/support/security/bulletins/apsb07-12.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200708-01.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:138http://www.novell.com/linux/security/advisories/2007_12_sr.htmlhttp://www.novell.com/linux/security/advisories/2007_28_opera.htmlhttp://www.novell.com/linux/security/advisories/2007_46_flashplayer.htmlhttp://www.opera.com/support/search/view/858/http://www.redhat.com/support/errata/RHSA-2007-0494.htmlhttp://www.securityfocus.com/bid/23437http://www.securitytracker.com/id?1017903http://www.us-cert.gov/cas/techalerts/TA07-192A.htmlhttp://www.vupen.com/english/advisories/2007/1361http://www.vupen.com/english/advisories/2007/2497http://www.vupen.com/english/advisories/2007/4190https://exchange.xforce.ibmcloud.com/vulnerabilities/33595https://issues.rpath.com/browse/RPL-1462https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9332ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://secunia.com/advisories/24877http://secunia.com/advisories/25027http://secunia.com/advisories/25432http://secunia.com/advisories/25662http://secunia.com/advisories/25669http://secunia.com/advisories/25894http://secunia.com/advisories/25933http://secunia.com/advisories/26027http://secunia.com/advisories/26118http://secunia.com/advisories/26357http://secunia.com/advisories/26860http://secunia.com/advisories/28068http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1http://www.adobe.com/support/security/advisories/apsa07-03.htmlhttp://www.adobe.com/support/security/bulletins/apsb07-12.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200708-01.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:138http://www.novell.com/linux/security/advisories/2007_12_sr.htmlhttp://www.novell.com/linux/security/advisories/2007_28_opera.htmlhttp://www.novell.com/linux/security/advisories/2007_46_flashplayer.htmlhttp://www.opera.com/support/search/view/858/http://www.redhat.com/support/errata/RHSA-2007-0494.htmlhttp://www.securityfocus.com/bid/23437http://www.securitytracker.com/id?1017903http://www.us-cert.gov/cas/techalerts/TA07-192A.htmlhttp://www.vupen.com/english/advisories/2007/1361http://www.vupen.com/english/advisories/2007/2497http://www.vupen.com/english/advisories/2007/4190https://exchange.xforce.ibmcloud.com/vulnerabilities/33595https://issues.rpath.com/browse/RPL-1462https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9332
2007-04-13
Published