{"vulnerability": "CVE-2022-4639", "sightings": [{"uuid": "ee2a0de1-9316-4d87-a957-b44d93a920c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46392", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12679", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46392\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T14:33:40.703Z\n\ud83d\udd17 References:\n1. https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0\n2. https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/", "creation_timestamp": "2025-04-21T15:03:04.000000Z"}, {"uuid": "ad8c5928-e26c-485f-87b7-2a6d8d7c1a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46394", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6550", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46394\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.\n\ud83d\udccf Published: 2023-03-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-05T15:11:23.371Z\n\ud83d\udd17 References:\n1. https://developer.arm.com/support/arm-security-updates\n2. https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "creation_timestamp": "2025-03-05T15:32:56.000000Z"}, {"uuid": "5b23e567-cbc4-4ff6-b6da-8c10ce73c959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46399", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12240", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46399\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.\n\ud83d\udccf Published: 2022-12-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-17T14:36:42.589Z\n\ud83d\udd17 References:\n1. https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG\n2. https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM\n3. https://microchip.com\n4. https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le", "creation_timestamp": "2025-04-17T14:58:24.000000Z"}, {"uuid": "355b34e3-b911-415d-88a6-2741452d4e8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46393", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12680", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46393\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T14:31:49.155Z\n\ud83d\udd17 References:\n1. https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/\n2. https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0\n3. https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/\n5. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/", "creation_timestamp": "2025-04-21T15:03:05.000000Z"}, {"uuid": "625d61c3-9637-4b2a-af35-d5129f16bb28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46395", "type": "seen", "source": "https://t.me/cibsecurity/59479", "content": "\u203c CVE-2022-46395 \u203c\n\nAn issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T16:12:53.000000Z"}, {"uuid": "54cdaf3b-7456-44a8-ac06-c0cc1dadd183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46396", "type": "seen", "source": "Telegram/acurarZxlqVTAxaXPSc4uD5S3O1485Bg8INHcYD3ZlDOgFfz", "content": "", "creation_timestamp": "2025-02-14T10:03:11.000000Z"}, {"uuid": "463e3b2b-fddb-4568-a284-bdd7a463c576", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46395", "type": "published-proof-of-concept", "source": "Telegram/kf4Urssb8wJGlEy3ZhDQuJbRUyCxL_25Ub6xyNT9N9dN9Mg", "content": "", "creation_timestamp": "2023-07-14T08:26:05.000000Z"}, {"uuid": "97878c73-3c6b-4be9-b0cf-5cd0af6d6684", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46396", "type": "seen", "source": "https://t.me/cibsecurity/61930", "content": "\u203c CVE-2022-46396 \u203c\n\nAn issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T00:23:48.000000Z"}, {"uuid": "42c8f040-456d-4a35-9078-9b70c7f83d37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46397", "type": "seen", "source": "https://t.me/cibsecurity/60991", "content": "\u203c CVE-2022-46397 \u203c\n\nFP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T02:14:58.000000Z"}, {"uuid": "8b63d11b-bd33-4ecc-b676-56e29239fe90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46399", "type": "seen", "source": "https://t.me/cibsecurity/54942", "content": "\u203c CVE-2022-46399 \u203c\n\nThe Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T02:11:53.000000Z"}, {"uuid": "bbdb7108-e6ac-4401-986d-f7cf343996ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4639", "type": "seen", "source": "https://t.me/cibsecurity/55089", "content": "\u203c CVE-2022-4639 \u203c\n\nA vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T00:13:07.000000Z"}, {"uuid": "56da514c-0370-4e7d-ac60-fbf78c8bac5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46394", "type": "seen", "source": "https://t.me/cibsecurity/59689", "content": "\u203c CVE-2022-46394 \u203c\n\nAn issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-08T22:24:02.000000Z"}, {"uuid": "d6de2afa-32f4-44f3-8b7b-6ffdd4b93677", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46391", "type": "seen", "source": "https://t.me/cibsecurity/53956", "content": "\u203c CVE-2022-46391 \u203c\n\nAWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-04T07:38:35.000000Z"}]}