Dec 22, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-36320 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102.

  • CVSS 9.8

New critical Mozilla Firefox Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-38143 Openimageio RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Openimageio RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-41639 Debian Linux RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Debian Linux RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-36320 CVSS 9.8

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102.

CVE-2022-38143 CVSS 9.8

A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images.

CVE-2022-41639 CVSS 9.8

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2...

CVE-2022-41649 CVSS 9.1

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0.

CVE-2022-41794 CVSS 9.8

A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0.

CVE-2022-41837 CVSS 9.8

An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2...

CVE-2022-41838 CVSS 9.8

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2.

CVE-2022-45406 CVSS 9.8

If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived...

CVE-2022-46493 CVSS 9.8

Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.

CVE-2022-46882 CVSS 9.8

A use-after-free in WebGL extensions could have led to a potentially exploitable crash.

View critical disclosures

cvelogic Threat Intelligence