Jun 8, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Adobe Acrobat And Reader: 13 CVEs added to CISA KEV today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2006-2492 Microsoft Word Malformed Object Pointer

Actively exploited (CISA KEV)
Listed on CISA KEV

Microsoft Word Buffer Overflow is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2022-30882 pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor.

CVSS 9.8
Remote code execution exposure

New critical Pyanxdns Project Pyanxdns Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-31313 api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.

CVSS 9.8
Remote code execution exposure

New critical Api-res-py Project Api-res-py Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2019-7192 KEV

QNAP Photo Station Improper Access Control

CVE-2019-7193 KEV

QNAP QTS Improper Input Validation

CVE-2019-7194 KEV

QNAP Photo Station Path Traversal

CVE-2019-7195 KEV

QNAP Photo Station Path Traversal

CVE-2019-15271 KEV

Cisco RV Series Routers Deserialization of Untrusted Data

CVE-2019-5825 KEV

Google Chromium V8 Out-of-Bounds Write

CVE-2018-17480 KEV

Google Chromium V8 Out-of-Bounds Write

CVE-2018-17463 KEV

Google Chromium V8 Remote Code Execution

CVE-2018-6065 KEV

Google Chromium V8 Integer Overflow

CVE-2018-4990 KEV

Adobe Acrobat and Reader Double Free

CVE-2017-5070 KEV

Google Chromium V8 Type Confusion

CVE-2017-6862 KEV

NETGEAR Multiple Devices Buffer Overflow

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-40589 CVSS 9.8

ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.

CVE-2022-30877 CVSS 9.8

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party.

CVE-2022-30882 CVSS 9.8

pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor.

CVE-2022-30921 CVSS 9.8

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/asp...

CVE-2022-30922 CVSS 9.8

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm.

CVE-2022-30923 CVSS 9.8

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /go...

CVE-2022-30924 CVSS 9.8

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/...

CVE-2022-30925 CVSS 9.8

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm.

CVE-2022-30926 CVSS 9.8

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm.

CVE-2022-31313 CVSS 9.8

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.

View critical disclosures

cvelogic Threat Intelligence