{"vulnerability": "cve-2022-3075", "sightings": [{"uuid": "88690e13-52f3-434e-8a7b-6e27f79b9b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3075", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "9d3b05ab-0956-42c8-a446-06cb4ffce250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3075", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971708", "content": "", "creation_timestamp": "2024-12-24T20:33:04.862351Z"}, {"uuid": "8d87dbbe-3cda-40aa-9ad0-2b61fa313126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3075", "type": "seen", "source": "Telegram/rvxhxz9NgvqTCpwo8WqPC2lXP_ACE4xkKUydV762JqVmkSU4", "content": "", "creation_timestamp": "2025-02-06T02:39:17.000000Z"}, {"uuid": "c87415e1-ecd0-465d-b508-6af4df7201d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3075", "type": "seen", "source": "https://t.me/avleonovrus/102", "content": "\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043d\u0430 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 Microsoft Patch Tuesday. \u0412 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043a\u043e\u043c\u043f\u0430\u043a\u0442\u043d\u0435\u043d\u044c\u043a\u043e. \u0412\u0441\u0435\u0433\u043e 63 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0421 \u0443\u0447\u0435\u0442\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0448\u0435\u0434\u0448\u0438\u0445 \u043c\u0435\u0436\u0434\u0443 \u0430\u0432\u0433\u0443\u0441\u0442\u043e\u0432\u0441\u043a\u0438\u043c \u0438 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u043c Patch Tuesday (\u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u0432 Microsoft Edge), \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442\u0441\u044f 90. \u0412\u0435\u0441\u044c\u043c\u0430 \u0438 \u0432\u0435\u0441\u044c\u043c\u0430 \u043d\u0435\u043c\u043d\u043e\u0433\u043e.\n\n1. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430\u043c\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435\u0442. \u0415\u0441\u0442\u044c 3 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 Proof-of-Concept Exploit \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u0437 CVSS\n\nElevation of Privilege - Kerberos (CVE-2022-33679)\nElevation of Privilege - Azure Guest Configuration and Azure Arc-enabled servers (CVE-2022-38007)\nElevation of Privilege - Windows GDI (CVE-2022-34729)\n\n\u041d\u043e \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u043e \u0434\u043e\u043a\u0440\u0443\u0442\u044f\u0442 \u0434\u043e \u0431\u043e\u0435\u0432\u043e\u0433\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u043d\u0435\u0432\u044b\u0441\u043e\u043a\u0430.\n\n2. \u0415\u0441\u0442\u044c 3 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u0436\u0438\u0432\u0443\u044e\n\nElevation of Privilege - Windows Common Log File System Driver (CVE-2022-37969). \u041c\u043e\u0436\u043d\u043e \u043f\u043e\u0434\u043d\u044f\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0434\u043e SYSTEM. \u0417\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043c\u0430\u0441\u0441\u0443 \u0432\u0435\u0440\u0441\u0438\u0439 Windows, \u0435\u0441\u0442\u044c \u043f\u0430\u0442\u0447\u0438 \u0434\u0430\u0436\u0435 \u043f\u043e\u0434 EOL \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043a\u0438. \u041a\u0440\u043e\u043c\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b \u043f\u0443\u0447\u043e\u043a \u0432\u0438\u043d\u0434\u043e\u0432\u044b\u0445 EoP-\u0448\u0435\u043a \u0431\u0435\u0437 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 Elevation of Privilege - Windows Kernel (CVE-2022-37956, CVE-2022-37957, CVE-2022-37964)\n\nSecurity Feature Bypass - Microsoft Edge (CVE-2022-2856, CVE-2022-3075). \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Edge \u044d\u0442\u043e \u043f\u043e \u0444\u0430\u043a\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Chromium. \u041e\u0431\u0440\u0430\u0442\u043d\u0430\u044f \u0441\u0442\u043e\u0440\u043e\u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0434\u043d\u043e\u0433\u043e \u0438 \u0442\u043e\u0433\u043e \u0436\u0435 \u0434\u0432\u0438\u0436\u043a\u0430. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Chrome \u0430\u0444\u0444\u0435\u043a\u0442\u044f\u0442 \u0442\u0430\u043a\u0436\u0435 Edge, Opera, Brave, Vivaldi \u0438 \u043f\u0440\u043e\u0447\u0435\u0435.\n\n3. RCE \u043e\u0442 \u043f\u043e\u0441\u043b\u0430\u043d\u043d\u043e\u0433\u043e IP \u043f\u0430\u043a\u0435\u0442\u0430 \ud83d\ude31\n\nRemote Code Execution - Windows TCP/IP (CVE-2022-34718). \"An unauthorized attacker can use it to execute arbitrary code on the attacked Windows computer with the IPSec service enabled by sending a specially crafted IPv6 packet to it. This vulnerability can only be exploited against systems with Internet Protocol Security (IPsec) enabled.\" IPsec \u0438 IPv6 \u0437\u043b\u043e, \u043b\u043e\u043b. \ud83d\ude42 \u041d\u043e \u0435\u0441\u043b\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e, \u0442\u043e \u0441\u043a\u0432\u0435\u0440\u043d\u043e, \u0447\u0442\u043e \u0442\u0430\u043a\u043e\u0435 \u0432\u043e\u043e\u0431\u0449\u0435 \u0431\u044b\u0432\u0430\u0435\u0442.\n\n\u0418 \u044d\u0442\u043e \u0435\u0449\u0451 \u043d\u0435 \u0432\u0441\u0435, \u0435\u0441\u0442\u044c \u0435\u0449\u0451 Remote Code Execution - Windows Internet Key Exchange (IKE) Protocol Extensions (CVE-2022-34721, CVE-2022-34722). \"An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation.\"\n\n4. Denial of Service - Windows DNS Server (CVE-2022-34724). \u0421 \u043e\u0434\u043d\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0442\u043e\u043b\u044c\u043a\u043e DoS, \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0440\u0430\u0431\u043e\u0442\u0443 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043c\u043e\u0436\u043d\u043e \u043d\u0435\u043f\u043b\u043e\u0445\u043e \u0442\u0430\u043a \u043f\u0430\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c.\n\n5. Memory Corruption - ARM processor (CVE-2022-23960). \u0424\u0438\u043a\u0441 \u0434\u043b\u044f \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0433\u043e Spectre, \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 Spectre-BHB. \u041f\u0440\u043e \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0431\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0432\u0438\u0434\u0438\u043c\u043e \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c \u043d\u0435 \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442\u0441\u044f, \u0442\u0430\u043a \u0436\u0435 \u043a\u0430\u043a \u0438 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0438\u043f\u0430 Spectre, \u043d\u043e \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435 \u043e\u0431\u0437\u043e\u0440\u0449\u0438\u043a\u0438 \u043d\u0430 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043e\u0431\u0440\u0430\u0442\u0438\u043b\u0438.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u043e\u0442\u0447\u0435\u0442 Vulristics: https://avleonov.com/vulristics_reports/ms_patch_tuesday_september2022_report_with_comments_ext_img.html\n\n@avleonovrus #Microsoft #PatchTuesday #Vulristics", "creation_timestamp": "2023-09-21T09:16:46.000000Z"}, {"uuid": "4fc2bee9-da65-4d5a-8475-652a44eecf59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3075", "type": "exploited", "source": "https://t.me/itsec_news/1355", "content": "\u200b\u26a1\ufe0f \u0412\u044b\u0448\u043b\u043e \u0441\u0440\u043e\u0447\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Google Chrome, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u0443\u044e 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n\ud83d\udcac \u0412 \u043f\u044f\u0442\u043d\u0438\u0446\u0443 Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0441\u0440\u043e\u0447\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435, \u043f\u0440\u0438\u0437\u0432\u0430\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043e\u043f\u0430\u0441\u043d\u0443\u044e 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2022-3075, \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 IPC-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Mojo.\n\n\u041e \u0431\u0440\u0435\u0448\u0438 \u0432 \u0437\u0430\u0449\u0438\u0442\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u043e\u043c\u0443 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u043e CVE-2022-3075 30 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2022 \u0433\u043e\u0434\u0430.\n\nGoogle \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u043d\u0430\u0435\u0442 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043d\u043e \u043d\u0435 \u0441\u0442\u0430\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0434\u0435\u0442\u0430\u043b\u0438, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438.\n\n\u042d\u0442\u043e \u0443\u0436\u0435 \u0448\u0435\u0441\u0442\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u043a\u043e\u0442\u043e\u0440\u0443\u044e Google \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0441 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430. \n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043d\u0430\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u041e\u0421 Windows, macOS \u0438 Linux \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u044b \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.102. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0434\u0440\u0443\u0433\u0438\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 \u043d\u0430 Chromium \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e \u043c\u0435\u0440\u0435 \u0438\u0445 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f.\n\n#GoogleChrome #0day #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-09-04T13:12:53.000000Z"}, {"uuid": "a8d3addb-5bcb-4fa9-8bbc-2895ee5f9453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3075", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:37.000000Z"}, {"uuid": "c7d5b113-ab55-4a10-bcb8-263f3c7f07c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-3075", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=866", "content": "", "creation_timestamp": "2022-09-05T04:00:00.000000Z"}, {"uuid": "db7e13b5-f8ec-4c75-9660-58ad0c503493", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-3075", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=865", "content": "", "creation_timestamp": "2022-09-05T04:00:00.000000Z"}, {"uuid": "e73edf81-0a2c-4713-94a7-178271cbefb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-3075", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/af1009e6-a1a1-4055-899d-734587b8d9da", "content": "", "creation_timestamp": "2026-02-02T12:27:13.565066Z"}, {"uuid": "0d48e49a-9a8c-433e-9659-f85b53f8cff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3075", "type": "exploited", "source": "https://t.me/itsec_news/1646", "content": "\u200b\u26a1\ufe0f Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Chrome.\n\n\ud83d\udcac Chrome \u0432\u0435\u0440\u0441\u0438\u0438 107 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u0442 Google \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2022-3723, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u0411\u0440\u0435\u0448\u044c \u0432 \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript Chromium V8. \u0410 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043f\u0440\u043e \u043d\u0435\u0435 25 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Avast.\n\nGoogle \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0435\u0439 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043f\u0440\u043e \u0442\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u041d\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e CVE-2022-3723, \u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0440\u0430\u0441\u043a\u0440\u043e\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043e\u0431\u043d\u043e\u0432\u0438\u0442 Chrome.\n\n\u0421\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u043e \u0443\u0436\u0435 \u0441\u0435\u0434\u044c\u043c\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Chrome, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f Google \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443, \u043d\u0438\u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d \u043f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a:\n\nCVE-2022-3075 \u2013 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 IPC-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Mojo;\n\nCVE-2022-2856 \u2013 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 Intents;\n\nCVE-2022-2294 \u2013 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 WebRTC (Web Real-Time Communications);\n\nCVE-2022-1364 \u2013 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0430 \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript Chrome V8;\n\nCVE-2022-1096 \u2013 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0430 \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript Chrome V8;\n\nCVE-2022-0609 \u2013 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0430\u043d\u0438\u043c\u0430\u0446\u0438\u0438;\n\nIT-\u0433\u0438\u0433\u0430\u043d\u0442 \u043d\u0435 \u0441\u0442\u0430\u043b \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a \u0438 \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0438\u0445 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435.\n\n#Google #Chrome #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-10-30T10:05:47.000000Z"}, {"uuid": "00904b63-9c8a-4bc8-baf8-8f4edc2a976f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3075", "type": "seen", "source": "https://t.me/arpsyndicate/1319", "content": "#ExploitObserverAlert\n\nCVE-2022-3075\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-3075. Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n\nFIRST-EPSS: 0.006370000\nNVD-IS: 6.0\nNVD-ES: 2.8", "creation_timestamp": "2023-12-04T22:18:01.000000Z"}, {"uuid": "de25d9f8-502b-4acf-8692-8bb9eab1d2cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3075", "type": "exploited", "source": "https://t.me/true_secator/3374", "content": "Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Chrome 105.0.5195.102 \u0434\u043b\u044f Windows, Mac \u0438 Linux, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0448\u0435\u0441\u0442\u0443\u044e \u0437\u0430 \u044d\u0442\u043e\u0442 \u0433\u043e\u0434 0-day.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0443\u044e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u00a0Mojo, \u043d\u0430\u0431\u043e\u0440\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0443 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0436\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043d\u044b\u0435 \u0438 \u0432\u043d\u0443\u0442\u0440\u0438\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043d\u044b\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b. \u0415\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u043b \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e, Google \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f CVE-2022-3075 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u041e\u0434\u043d\u0430\u043a\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043d\u0435 \u043f\u0440\u0438\u0432\u0435\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0438\u043b\u0438 \u0438\u043d\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432. \u0414\u043e\u0441\u0442\u0443\u043f \u043a \u044d\u0442\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0431\u0443\u0434\u0435\u0442 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0435 \u043d\u0430\u043a\u0430\u0442\u044f\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f 0-day \u0434\u043d\u044f \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440 Google Chrome.\n\n\u0412\u0435\u0434\u044c \u043e\u0434\u043d\u0443 \u0438\u0437 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CVE-2022-0609 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0438\u0435 \u0410\u0420\u0422 \u0435\u0449\u0435 \u0437\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u0434\u0435\u043b\u044c \u0434\u043e \u0444\u0435\u0432\u0440\u0430\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430, \u0430 \u0441\u0430\u043c\u044b\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044f\u043d\u0432\u0430\u0440\u044f.", "creation_timestamp": "2022-09-05T12:47:05.000000Z"}, {"uuid": "f8dadbb4-8f0c-4517-883e-4d5e60668794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30759", "type": "seen", "source": "https://t.me/cibsecurity/63187", "content": "\u203c CVE-2022-30759 \u203c\n\nIn Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-03T00:30:39.000000Z"}, {"uuid": "27e4b4be-0cea-4203-88e2-0544e1a6e03a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30758", "type": "seen", "source": "https://t.me/cibsecurity/46065", "content": "\u203c CVE-2022-30758 \u203c\n\nImplicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T18:39:35.000000Z"}, {"uuid": "23ecad12-e60b-4ea7-9e17-b6335ba476ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3075", "type": "seen", "source": "https://t.me/cibsecurity/50518", "content": "\u203c CVE-2022-3075 \u203c\n\nInsufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-26T20:28:44.000000Z"}, {"uuid": "fe6b7620-b581-474d-8595-eac4b80c88b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30751", "type": "seen", "source": "https://t.me/cibsecurity/45994", "content": "\u203c CVE-2022-30751 \u203c\n\nImproper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T18:25:45.000000Z"}, {"uuid": "632f2c26-79a6-4a82-ab0e-f0c4ebdac252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30755", "type": "seen", "source": "https://t.me/cibsecurity/45993", "content": "\u203c CVE-2022-30755 \u203c\n\nImproper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T18:25:44.000000Z"}, {"uuid": "c830ac98-cb3b-485f-b2b6-59a701f4d4ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30752", "type": "seen", "source": "https://t.me/cibsecurity/45992", "content": "\u203c CVE-2022-30752 \u203c\n\nImproper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T18:25:43.000000Z"}, {"uuid": "2b4682e4-e4bd-41a3-8453-67deaf9d39cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30753", "type": "seen", "source": "https://t.me/cibsecurity/46006", "content": "\u203c CVE-2022-30753 \u203c\n\nImproper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T18:26:03.000000Z"}, {"uuid": "202b34f5-f3b0-42c1-ab03-0bb1dc093cd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30757", "type": "seen", "source": "https://t.me/cibsecurity/46031", "content": "\u203c CVE-2022-30757 \u203c\n\nImproper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T18:36:16.000000Z"}, {"uuid": "2cee0436-bcc3-4da2-a629-9a6a32de4043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30756", "type": "seen", "source": "https://t.me/cibsecurity/46035", "content": "\u203c CVE-2022-30756 \u203c\n\nImplicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T18:36:21.000000Z"}]}