Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 06 May 2026 11:26:25 +0000 28b5f238-3418-4be3-ac98-1f4f8312040c https://vulnerability.circl.lu/sighting/28b5f238-3418-4be3-ac98-1f4f8312040c/export {"uuid": "28b5f238-3418-4be3-ac98-1f4f8312040c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2049", "type": "seen", "source": "https://t.me/cibsecurity/48425", "content": "\u203c CVE-2022-2049 \u203c\n\nIn affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T12:17:10.000000Z"} {"uuid": "28b5f238-3418-4be3-ac98-1f4f8312040c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2049", "type": "seen", "source": "https://t.me/cibsecurity/48425", "content": "\u203c CVE-2022-2049 \u203c\n\nIn affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T12:17:10.000000Z"} https://vulnerability.circl.lu/sighting/28b5f238-3418-4be3-ac98-1f4f8312040c/export Fri, 19 Aug 2022 12:17:10 +0000 1f161a78-4144-40c8-9a66-8fed2f296d68 https://vulnerability.circl.lu/sighting/1f161a78-4144-40c8-9a66-8fed2f296d68/export {"uuid": "1f161a78-4144-40c8-9a66-8fed2f296d68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20498", "type": "seen", "source": "https://t.me/true_secator/3797", "content": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0434\u0435\u043a\u0430\u0431\u0440\u044c\u0441\u043a\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f Android, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 81 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, \u0432\u043a\u043b\u044e\u0447\u0430\u044f RCE, \u0438\u0442\u043e\u0433\u043e: 45 \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f 2022-12-01 \u0438 36 - 2022-12-05.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u0430\u043c\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0438\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u2014 \u044d\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 System, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE \u0447\u0435\u0440\u0435\u0437 Bluetooth \u0431\u0435\u0437 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u0421\u0440\u0435\u0434\u0438 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u0438 Android \u0441 10 \u043f\u043e 13: CVE-2022-20472 (RRCE-\u043e\u0448\u0438\u0431\u043a\u0430 \u0432 Android Framework), CVE-2022-20473 (RCE-\u043e\u0448\u0438\u0431\u043a\u0430 \u0432 Android Framework), CVE-2022-20411 (RCE-\u043e\u0448\u0438\u0431\u043a\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Android), CVE-2022-20498 (\u043e\u0448\u0438\u0431\u043a\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Android).\n\n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.\n\n\u041e\u0448\u0438\u0431\u043a\u0438 EoP \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430\u043c\u0438, \u043f\u0440\u043e\u043d\u0438\u043a\u0430\u044e\u0449\u0438\u043c\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0447\u0435\u0440\u0435\u0437 \u043f\u0443\u0442\u044c \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043f\u0443\u0442\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u043c\u0430\u0441\u043a\u0438\u0440\u0443\u044e\u0449\u0435\u0433\u043e\u0441\u044f \u043f\u043e\u0434 \u0431\u0435\u0437\u043e\u0431\u0438\u0434\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043c\u0435\u0435\u0442 \u0440\u0435\u0448\u0430\u044e\u0449\u0435\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043d\u0438 \u043e\u0434\u043d\u0430 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Android 9 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0442. \u0412 \u044d\u0442\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438\u043b\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u041f\u0417\u0423 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Android, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 LineageOS.\n\n\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Google Pixel \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 16 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445.", "creation_timestamp": "2022-12-07T15:10:08.000000Z"} {"uuid": "1f161a78-4144-40c8-9a66-8fed2f296d68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20498", "type": "seen", "source": "https://t.me/true_secator/3797", "content": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0434\u0435\u043a\u0430\u0431\u0440\u044c\u0441\u043a\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f Android, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 81 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, \u0432\u043a\u043b\u044e\u0447\u0430\u044f RCE, \u0438\u0442\u043e\u0433\u043e: 45 \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f 2022-12-01 \u0438 36 - 2022-12-05.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u0430\u043c\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0438\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u2014 \u044d\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 System, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE \u0447\u0435\u0440\u0435\u0437 Bluetooth \u0431\u0435\u0437 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u0421\u0440\u0435\u0434\u0438 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u0438 Android \u0441 10 \u043f\u043e 13: CVE-2022-20472 (RRCE-\u043e\u0448\u0438\u0431\u043a\u0430 \u0432 Android Framework), CVE-2022-20473 (RCE-\u043e\u0448\u0438\u0431\u043a\u0430 \u0432 Android Framework), CVE-2022-20411 (RCE-\u043e\u0448\u0438\u0431\u043a\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Android), CVE-2022-20498 (\u043e\u0448\u0438\u0431\u043a\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Android).\n\n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.\n\n\u041e\u0448\u0438\u0431\u043a\u0438 EoP \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430\u043c\u0438, \u043f\u0440\u043e\u043d\u0438\u043a\u0430\u044e\u0449\u0438\u043c\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0447\u0435\u0440\u0435\u0437 \u043f\u0443\u0442\u044c \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043f\u0443\u0442\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u043c\u0430\u0441\u043a\u0438\u0440\u0443\u044e\u0449\u0435\u0433\u043e\u0441\u044f \u043f\u043e\u0434 \u0431\u0435\u0437\u043e\u0431\u0438\u0434\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043c\u0435\u0435\u0442 \u0440\u0435\u0448\u0430\u044e\u0449\u0435\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043d\u0438 \u043e\u0434\u043d\u0430 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Android 9 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0442. \u0412 \u044d\u0442\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438\u043b\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u041f\u0417\u0423 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Android, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 LineageOS.\n\n\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Google Pixel \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 16 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445.", "creation_timestamp": "2022-12-07T15:10:08.000000Z"} https://vulnerability.circl.lu/sighting/1f161a78-4144-40c8-9a66-8fed2f296d68/export Wed, 07 Dec 2022 15:10:08 +0000 8d7837f7-5664-473b-9af6-caa376daf0d5 https://vulnerability.circl.lu/sighting/8d7837f7-5664-473b-9af6-caa376daf0d5/export {"uuid": "8d7837f7-5664-473b-9af6-caa376daf0d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20497", "type": "seen", "source": "https://t.me/cibsecurity/54402", "content": "\u203c CVE-2022-20497 \u203c\n\nIn updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T18:21:47.000000Z"} {"uuid": "8d7837f7-5664-473b-9af6-caa376daf0d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20497", "type": "seen", "source": "https://t.me/cibsecurity/54402", "content": "\u203c CVE-2022-20497 \u203c\n\nIn updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T18:21:47.000000Z"} https://vulnerability.circl.lu/sighting/8d7837f7-5664-473b-9af6-caa376daf0d5/export Tue, 13 Dec 2022 18:21:47 +0000 d3b8985f-9b2d-4094-9630-4089251f4c92 https://vulnerability.circl.lu/sighting/d3b8985f-9b2d-4094-9630-4089251f4c92/export {"uuid": "d3b8985f-9b2d-4094-9630-4089251f4c92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20496", "type": "seen", "source": "https://t.me/cibsecurity/54403", "content": "\u203c CVE-2022-20496 \u203c\n\nIn setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-245242273\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T18:21:48.000000Z"} {"uuid": "d3b8985f-9b2d-4094-9630-4089251f4c92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20496", "type": "seen", "source": "https://t.me/cibsecurity/54403", "content": "\u203c CVE-2022-20496 \u203c\n\nIn setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-245242273\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T18:21:48.000000Z"} https://vulnerability.circl.lu/sighting/d3b8985f-9b2d-4094-9630-4089251f4c92/export Tue, 13 Dec 2022 18:21:48 +0000 d9bd6e05-6076-43e1-90d9-82264db648c8 https://vulnerability.circl.lu/sighting/d9bd6e05-6076-43e1-90d9-82264db648c8/export {"uuid": "d9bd6e05-6076-43e1-90d9-82264db648c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20491", "type": "seen", "source": "https://t.me/cibsecurity/54410", "content": "\u203c CVE-2022-20491 \u203c\n\nIn NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T18:21:55.000000Z"} {"uuid": "d9bd6e05-6076-43e1-90d9-82264db648c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20491", "type": "seen", "source": "https://t.me/cibsecurity/54410", "content": "\u203c CVE-2022-20491 \u203c\n\nIn NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T18:21:55.000000Z"} https://vulnerability.circl.lu/sighting/d9bd6e05-6076-43e1-90d9-82264db648c8/export Tue, 13 Dec 2022 18:21:55 +0000 6219a401-4401-4b77-8a69-b546e8e60464 https://vulnerability.circl.lu/sighting/6219a401-4401-4b77-8a69-b546e8e60464/export {"uuid": "6219a401-4401-4b77-8a69-b546e8e60464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20493", "type": "seen", "source": "https://t.me/cibsecurity/56984", "content": "\u203c CVE-2022-20493 \u203c\n\nIn Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:43:54.000000Z"} {"uuid": "6219a401-4401-4b77-8a69-b546e8e60464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20493", "type": "seen", "source": "https://t.me/cibsecurity/56984", "content": "\u203c CVE-2022-20493 \u203c\n\nIn Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:43:54.000000Z"} https://vulnerability.circl.lu/sighting/6219a401-4401-4b77-8a69-b546e8e60464/export Fri, 27 Jan 2023 00:43:54 +0000 9e71542b-fb5c-47d2-a164-9fd475f801f9 https://vulnerability.circl.lu/sighting/9e71542b-fb5c-47d2-a164-9fd475f801f9/export {"uuid": "9e71542b-fb5c-47d2-a164-9fd475f801f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20494", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2381", "content": "\u200b\u200bADB-Toolkit\n\nADB-Toolkit is a BASH Script with 28 options and an #METASPLOIT Section which has 6 options which is made to do easy penetration testing in #Android Device. \n\nhttps://github.com/ASHWIN990/ADB-Toolkit\n\n\u200b\u200bworkslikeaJARM\n\nMethod of finding interesting domains using keywords + JARMs.\n\nhttps://github.com/sketchymoose/workslikeaJARM\n\nDetails:\nhttps://sketchymoose.blogspot.com/2023/01/they-are-always-after-me-lucky-jarms.html\n\n\u200b\u200bBugHunter Nuclei templates\n\nI will upload more #nuclei templates that help during the #bugbounty hunting process.\n\nhttps://github.com/ayadim/Nuclei-bug-hunter\n\n\u200b\u200bCVE-2022-20494\n\nExploit app for CVE-2022-20494, a high severity permanent denial-of-service vulnerability that leverages Android's DND (Do not disturb) feature.\n\nhttps://github.com/Supersonic/CVE-2022-20494\n\n\u200b\u200bHW Call Stack\n\nYet another \"Call Stack Spoofing\" implementation. Works for syscalls and APIs, supports x64, x86 and WoW64.\n\nhttps://github.com/fortra/hw-call-stack\n\n\u200b\u200bDigitalOcean Droplet Proxy for Burp Suite\n\nUse this #Burp plugin to automatically spin up a DigitalOcean droplet whenever Burp starts, and shut it down whenever Burp closes. The droplet functions as a SOCKS5 proxy, and the Burp settings are automatically updated to route traffic through the droplet.\n\nhttps://github.com/honoki/burp-digitalocean-droplet-proxy\n\n\u200b\u200bHooka\n\nShellcode loader, hooks detector and more written in Golang.\n\nhttps://github.com/D3Ext/Hooka\n\n\u200b\u200bDroneSecurity\n\nThis project is a receiver for DJI's Drone-ID protocol. The receiver works either live with an SDR, or offline on pre-recorded captures. \n\nhttps://github.com/RUB-SysSec/DroneSecurity\n\nstylehax\n\nA Nintendo DSi browser #exploit.\n\nSee it in action on YouTube! Check out the blog post for the technical writeup.\n\nhttps://github.com/nathanfarlow/stylehax\n\nDetails:\nhttps://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser\n\n\u200b\u200bCamRaptor\n\nA tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.\n\nhttps://github.com/EntySec/CamRaptor\n\n\u200b\u200bVulnPlanet \ud83e\ude90\n\nWell-structured vulnerable code snippets with fixes for Web2, Web3, API, Mobile (iOS and Android) and Infrastructure-as-Code (IaC)\n\nhttps://github.com/yevh/VulnPlanet\n\n\u200b\u200bs6_pcie_microblaze\n\nPCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor\n\nhttps://github.com/Cr4sh/s6_pcie_microblaze\n\n\u200b\u200bInvoke-PSObfuscation\n\nAn in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux.\n\nhttps://github.com/gh0x0st/Invoke-PSObfuscation\n\n\u200b\u200bXSStrike\n\nAdvanced #XSS Detection Suite\n\nXSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.\n\nhttps://github.com/s0md3v/XSStrike\n\n\u200b\u200bEnvizon \n\nNetwork visualization & pentest reporting\n\nThis tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, 'envizon'. We hope your feedback will help to improve and hone it even further.\n\nhttps://github.com/evait-security/envizon\n\n\u200b\u200bgotld\n\nEnumerate all possible root domains of any organization on the fly \u2728\n\nCommand-line tool to enumerate top-level domains, check response codes and find potential vulnerabilities for bug bounty hunters and security researchers.\n\nhttps://github.com/WHOISshuvam/gotld\n\n\u200b\u200bdirsearch \n\nWeb path discovery. \n\nAn advanced web path brute-forcer.\n\nhttps://github.com/maurosoria/dirsearch\n\n\u200b\u200bGo-Hacking\n\nA comprehensive and FREE Online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Golang from scratch.\n\nhttps://github.com/mytechnotalent/Go-Hacking\n\nBTC:\nbc1q62lwma4r3w3klq4mcn5hys9nps5h40qmafrc8e\n\n\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nhttps://t.me/dilagrafie\n\n2/2", "creation_timestamp": "2023-03-05T09:31:54.000000Z"} {"uuid": "9e71542b-fb5c-47d2-a164-9fd475f801f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20494", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2381", "content": "\u200b\u200bADB-Toolkit\n\nADB-Toolkit is a BASH Script with 28 options and an #METASPLOIT Section which has 6 options which is made to do easy penetration testing in #Android Device. \n\nhttps://github.com/ASHWIN990/ADB-Toolkit\n\n\u200b\u200bworkslikeaJARM\n\nMethod of finding interesting domains using keywords + JARMs.\n\nhttps://github.com/sketchymoose/workslikeaJARM\n\nDetails:\nhttps://sketchymoose.blogspot.com/2023/01/they-are-always-after-me-lucky-jarms.html\n\n\u200b\u200bBugHunter Nuclei templates\n\nI will upload more #nuclei templates that help during the #bugbounty hunting process.\n\nhttps://github.com/ayadim/Nuclei-bug-hunter\n\n\u200b\u200bCVE-2022-20494\n\nExploit app for CVE-2022-20494, a high severity permanent denial-of-service vulnerability that leverages Android's DND (Do not disturb) feature.\n\nhttps://github.com/Supersonic/CVE-2022-20494\n\n\u200b\u200bHW Call Stack\n\nYet another \"Call Stack Spoofing\" implementation. Works for syscalls and APIs, supports x64, x86 and WoW64.\n\nhttps://github.com/fortra/hw-call-stack\n\n\u200b\u200bDigitalOcean Droplet Proxy for Burp Suite\n\nUse this #Burp plugin to automatically spin up a DigitalOcean droplet whenever Burp starts, and shut it down whenever Burp closes. The droplet functions as a SOCKS5 proxy, and the Burp settings are automatically updated to route traffic through the droplet.\n\nhttps://github.com/honoki/burp-digitalocean-droplet-proxy\n\n\u200b\u200bHooka\n\nShellcode loader, hooks detector and more written in Golang.\n\nhttps://github.com/D3Ext/Hooka\n\n\u200b\u200bDroneSecurity\n\nThis project is a receiver for DJI's Drone-ID protocol. The receiver works either live with an SDR, or offline on pre-recorded captures. \n\nhttps://github.com/RUB-SysSec/DroneSecurity\n\nstylehax\n\nA Nintendo DSi browser #exploit.\n\nSee it in action on YouTube! Check out the blog post for the technical writeup.\n\nhttps://github.com/nathanfarlow/stylehax\n\nDetails:\nhttps://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser\n\n\u200b\u200bCamRaptor\n\nA tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.\n\nhttps://github.com/EntySec/CamRaptor\n\n\u200b\u200bVulnPlanet \ud83e\ude90\n\nWell-structured vulnerable code snippets with fixes for Web2, Web3, API, Mobile (iOS and Android) and Infrastructure-as-Code (IaC)\n\nhttps://github.com/yevh/VulnPlanet\n\n\u200b\u200bs6_pcie_microblaze\n\nPCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor\n\nhttps://github.com/Cr4sh/s6_pcie_microblaze\n\n\u200b\u200bInvoke-PSObfuscation\n\nAn in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux.\n\nhttps://github.com/gh0x0st/Invoke-PSObfuscation\n\n\u200b\u200bXSStrike\n\nAdvanced #XSS Detection Suite\n\nXSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.\n\nhttps://github.com/s0md3v/XSStrike\n\n\u200b\u200bEnvizon \n\nNetwork visualization & pentest reporting\n\nThis tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, 'envizon'. We hope your feedback will help to improve and hone it even further.\n\nhttps://github.com/evait-security/envizon\n\n\u200b\u200bgotld\n\nEnumerate all possible root domains of any organization on the fly \u2728\n\nCommand-line tool to enumerate top-level domains, check response codes and find potential vulnerabilities for bug bounty hunters and security researchers.\n\nhttps://github.com/WHOISshuvam/gotld\n\n\u200b\u200bdirsearch \n\nWeb path discovery. \n\nAn advanced web path brute-forcer.\n\nhttps://github.com/maurosoria/dirsearch\n\n\u200b\u200bGo-Hacking\n\nA comprehensive and FREE Online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Golang from scratch.\n\nhttps://github.com/mytechnotalent/Go-Hacking\n\nBTC:\nbc1q62lwma4r3w3klq4mcn5hys9nps5h40qmafrc8e\n\n\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nhttps://t.me/dilagrafie\n\n2/2", "creation_timestamp": "2023-03-05T09:31:54.000000Z"} https://vulnerability.circl.lu/sighting/9e71542b-fb5c-47d2-a164-9fd475f801f9/export Sun, 05 Mar 2023 09:31:54 +0000