{"vulnerability": "cve-2022-3276", "sightings": [{"uuid": "83c99021-d9c5-4c7e-b1d0-af6d8c4d6001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32761", "type": "seen", "source": "https://t.me/cibsecurity/48550", "content": "\u203c CVE-2022-32761 \u203c\n\nAn information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T22:21:00.000000Z"}, {"uuid": "a415b8c2-a218-49bd-ac8d-bd822e0eabf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32764", "type": "seen", "source": "https://t.me/cibsecurity/58371", "content": "\u203c CVE-2022-32764 \u203c\n\nDescription: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:26:42.000000Z"}, {"uuid": "dfff16ca-f8ff-49c3-9d02-b2d42173b6c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32769", "type": "seen", "source": "https://t.me/cibsecurity/48543", "content": "\u203c CVE-2022-32769 \u203c\n\nMultiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's playlists.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T22:20:49.000000Z"}, {"uuid": "9573fa4d-5245-478a-b572-833b46228cd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32768", "type": "seen", "source": "https://t.me/cibsecurity/48541", "content": "\u203c CVE-2022-32768 \u203c\n\nMultiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's streams.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T22:20:48.000000Z"}, {"uuid": "99cffb70-9f6f-4e27-99c4-7550cec1aed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32769", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11886", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-32769\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's playlists.\n\ud83d\udccf Published: 2022-08-22T18:26:47.619Z\n\ud83d\udccf Modified: 2025-04-15T18:50:37.442Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql\n2. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536", "creation_timestamp": "2025-04-15T18:54:58.000000Z"}, {"uuid": "0563246c-8d30-457c-800d-93da16d1af3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32768", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11885", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-32768\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's streams.\n\ud83d\udccf Published: 2022-08-22T18:26:26.065Z\n\ud83d\udccf Modified: 2025-04-15T18:50:44.932Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql\n2. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536", "creation_timestamp": "2025-04-15T18:54:57.000000Z"}, {"uuid": "5ecf5abe-3219-41f0-90b0-80b795fc9c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32761", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11884", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-32761\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.\n\ud83d\udccf Published: 2022-08-22T18:25:58.437Z\n\ud83d\udccf Modified: 2025-04-15T18:50:53.295Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql\n2. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1549", "creation_timestamp": "2025-04-15T18:54:53.000000Z"}, {"uuid": "6e849fee-7f41-4de8-b68b-45398a0fc4f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32765", "type": "seen", "source": "https://t.me/ics_cert/629", "content": "\u0634\u0631\u06a9\u062a Cisco Talos \u0627\u062e\u06cc\u0631\u0627\u064b 9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u062f\u0631 \u0631\u0648\u062a\u0631 \u0633\u0644\u0648\u0644\u06cc \u0635\u0646\u0639\u062a\u06cc Robustel R1510 \u06a9\u0634\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0622\u0646\u0647\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 RCE \u0648 DoS \u0634\u0648\u062f.\n\n Robustel R1510 \u06cc\u06a9 \u0631\u0648\u062a\u0631 \u0628\u06cc \u0633\u06cc\u0645 \u062f\u0648 \u067e\u0648\u0631\u062a \u0627\u062a\u0631\u0646\u062a \u0627\u0633\u062a \u06a9\u0647 \u0633\u06cc\u06af\u0646\u0627\u0644 \u0647\u0627\u06cc \u0646\u0633\u0644 \u06f3 \u0648 \u0646\u0633\u0644 \u06f4  \u0628\u06cc \u0633\u06cc\u0645  \u0631\u0627 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u062f\u0647\u0627\u06cc \u0635\u0646\u0639\u062a\u06cc \u0648 IoT \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f. \n\u0627\u06cc\u0646 \u0634\u0627\u0645\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0646\u0644 VPN \u0628\u0627\u0632\u060c \u06cc\u06a9 \u067e\u0644\u062a \u0641\u0631\u0645 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0627\u0628\u0631 \u0628\u0631\u0627\u06cc \u0633\u0627\u06cc\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0647\u0627 \u0648 \u0631\u0648\u062a\u0631\u0647\u0627 \u0648 \u0631\u0627\u0647 \u062d\u0644 \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u062e\u062a\u0644\u0641 \u0627\u0633\u062a. \n\n\u0645\u062d\u0642\u0642\u0627\u0646 \u062e\u0627\u0637\u0631\u0646\u0634\u0627\u0646 \u06a9\u0631\u062f\u0646\u062f \u06a9\u0647 \u067e\u0646\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc RCE \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0634\u0628\u06a9\u0647 \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0641\u0639\u0627\u0644 \u06a9\u0631\u062f: TALOS-2022-1578 (CVE-2022-34850)\u060c TALOS-2022-1577 (CVE-2022-33150)\u060c TALOS- 2022-1576 (CVE-2022-32765)\u060c TALOS-2022-1573 (CVE-2022-33325 - CVE-2022-33329) \u0648 TALOS-2022-1572 (CVE-2022-333312 - CVE-2022-333312 - CVE-2022-33325). \u0647\u0645\u0647 \u062f\u0627\u0631\u0627\u06cc \u0646\u0645\u0631\u0647 \u0634\u062f\u062a CVSS 9.1 \u0627\u0632 10 \u0647\u0633\u062a\u0646\u062f. \u062f\u0648 TALOS-2022-1580 \u062f\u06cc\u06af\u0631 (CVE-2022-34845) \u0648 TALOS-2022-1570 (CVE-2022-32585) \u0646\u06cc\u0632 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 RCE \u0634\u0648\u0646\u062f\u060c \u0627\u0645\u0627 \u06a9\u0645\u062a\u0631 \u0645\u062f\u06cc\u0631 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0634\u0628\u06a9\u0647 \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0628\u0631\u0627\u06cc \u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 TALOS-2022-1575 (CVE-2022-35261 - CVE-2022-35271) \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u0648 \u0628\u0627\u0639\u062b \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 \u062f\u0631 \u0639\u0645\u0644\u06a9\u0631\u062f hashFirst \u0633\u0631\u0648\u0631 \u0648\u0628 \u062f\u0633\u062a\u06af\u0627\u0647 \u0634\u0648\u062f. \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc TALOS-2022-1571 (CVE-2022-28127) \u062f\u0631 \u0648\u0628 \u0633\u0631\u0648\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u0627\u0645\u0627 \u062f\u0631 \u0639\u0648\u0636 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0631\u0627\u06cc \u062d\u0630\u0641 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u062d\u062a\u06cc \u062f\u0631 \u0635\u0648\u0631\u062a \u0648\u062c\u0648\u062f \u0628\u0631\u0631\u0633\u06cc \u067e\u06cc\u0645\u0627\u06cc\u0634 \u0645\u0633\u06cc\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f. Cisco Talos \u0628\u0627 Robustel \u06a9\u0627\u0631 \u06a9\u0631\u062f \u062a\u0627 \u0631\u0627\u0647 \u062d\u0644\u06cc \u0628\u0631\u0627\u06cc \u0645\u0634\u06a9\u0644\u0627\u062a \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0648 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0628\u0631\u0627\u06cc \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0622\u0633\u06cc\u0628 \u062f\u06cc\u062f\u0647 \u0627\u0631\u0627\u0626\u0647 \u062f\u0647\u062f. \n\n\u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0622\u0633\u06cc\u0628 \u062f\u06cc\u062f\u0647 Robustel R1510 \u0631\u0627 \u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0628\u0647 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 3.3.0 \u0648 3.1.16 \u0628\u0647 \u0631\u0648\u0632 \u06a9\u0646\u0646\u062f.\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2022-10-13T17:22:33.000000Z"}, {"uuid": "98c75513-fa38-4351-ac4c-8aa0c85b6f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32765", "type": "seen", "source": "https://t.me/true_secator/3558", "content": "Cisco Talos \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0434\u0435\u0432\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u043c \u0441\u043e\u0442\u043e\u0432\u043e\u043c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0435 Robustel R1510, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE \u0438 DoS.\n\nRobustel R1510 \u2014 \u044d\u0442\u043e \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440 \u0441 \u0434\u0432\u0443\u043c\u044f \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Ethernet, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u044b\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u044b 3G \u0438 4G \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0441\u0444\u0435\u0440\u0435 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0438 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0432\u0435\u0449\u0435\u0439.\n\n\u041e\u043d \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f VPN, \u043e\u0431\u043b\u0430\u0447\u043d\u0443\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u043c\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u043f\u044f\u0442\u044c RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u043d\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441: \u0422\u0410\u041b\u041e\u0421-2022-1578 (CVE-2022-34850), TALOS-2022-1577 (CVE-2022-33150), TALOS-2022-1576 (CVE-2022-32765), TALOS-2022-1573 (CVE-2022-33325 - CVE-2022-33329)\u00a0\u0438 TALOS-2022-1572 (CVE-2022-33312 - CVE-2022-33314). \n\n\u0412\u0441\u0435 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVSS 9,1 \u0438\u0437 10.\n\n\u0414\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 TALOS-2022-1580 (CVE-2022-34845) \u0438\u00a0TALOS-2022-1570 (CVE-2022-32585) \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE, \u043d\u043e \u0438\u0437-\u043f\u043e\u0434 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441, \u0447\u0442\u043e\u0431\u044b \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c TALOS-2022-1575 (CVE-2022-35261 - CVE-2022-35271) \u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 hashFirst \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c TALOS-2022-1571 (CVE-2022-28127) \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u043d\u043e \u0432\u043c\u0435\u0441\u0442\u043e \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0438\u043c\u0435\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438.\n\nCisco Talos \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 Robustel \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Robustel R1510 \u0434\u043e \u043d\u043e\u0432\u0435\u0439\u0448\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0438 3.3.0 \u0438 3.1.16.", "creation_timestamp": "2022-10-13T15:05:03.000000Z"}, {"uuid": "4e3138b7-d3f6-4371-9b6c-ced522ff136c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3276", "type": "seen", "source": "https://t.me/cibsecurity/51031", "content": "\u203c CVE-2022-3276 \u203c\n\nCommand injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-08T00:17:38.000000Z"}]}