{"vulnerability": "cve-2022-3398", "sightings": [{"uuid": "d34d7212-d746-41b8-9010-b1f432825c50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2896", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-33980\nURL\uff1ahttps://github.com/HKirito/CVE-2022-33980\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-10T03:22:01.000000Z"}, {"uuid": "52f2301a-e45b-4e4b-8ba9-984035bedfa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33984", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14142", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-33984\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T20:02:19.323Z\n\ud83d\udd17 References:\n1. https://www.insyde.com/security-pledge\n2. https://www.insyde.com/security-pledge/SA-2022054\n3. https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf", "creation_timestamp": "2025-04-30T20:14:15.000000Z"}, {"uuid": "d4063794-27c9-438a-8fb1-ad728907bbbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "seen", "source": "Telegram/Uieng4hhAZFXjH9lPmah2RHnRpBbF9ZOA1GgoU9giQZ2kg", "content": "", "creation_timestamp": "2022-08-18T15:56:07.000000Z"}, {"uuid": "e0d235a9-d1f6-45a5-8589-d062f8bdad09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33986", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14153", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-33986\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T19:56:45.263Z\n\ud83d\udd17 References:\n1. https://www.insyde.com/security-pledge\n2. https://www.insyde.com/security-pledge/SA-2022056", "creation_timestamp": "2025-04-30T20:14:29.000000Z"}, {"uuid": "3167a851-7379-4810-9f75-9de5be4b25fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "seen", "source": "https://t.me/poxek/2303", "content": "Exploring CVE-2022-33980: the Apache Commons configuration RCE vulnerability\n\n\u041f\u0440\u0435\u0436\u0434\u0435 \u0447\u0435\u043c \u043c\u044b \u043f\u043e\u0433\u0440\u0443\u0437\u0438\u043c\u0441\u044f \u0432 \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043c\u044b \u0445\u043e\u0442\u0438\u043c \u043f\u043e\u044f\u0441\u043d\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u0430\u043d\u0438\u043a\u043e\u0432\u0430\u0442\u044c \u043d\u0435 \u0441\u0442\u043e\u0438\u0442. \u041c\u043d\u043e\u0433\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0442\u0438\u043f\u043e\u0432 \u043a\u043e\u0434\u0430 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u0430\u0445, \u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0442 \u0437\u0430\u043a\u043e\u043d\u043d\u044b\u0435 \u0441\u043b\u0443\u0447\u0430\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u043e\u043b\u044f\u0446\u0438\u0438 \u0441\u0442\u0440\u043e\u043a \u0438 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0438 \u0441\u0438\u0441\u0442\u0435\u043c. \u042d\u0442\u043e \u043d\u0435 Log4Shell \u0437\u0430\u043d\u043e\u0432\u043e. \u042d\u0442\u043e \u043f\u0440\u043e\u0441\u0442\u043e\u0435 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439. \u0415\u0441\u043b\u0438 \u043a\u0442\u043e-\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043b\u0435\u0433\u043a\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u0430\u0448\u0443 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0438\u043b\u0438 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c, \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u0443 \u0432\u0430\u0441 \u0435\u0441\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b.", "creation_timestamp": "2022-08-18T17:00:04.000000Z"}, {"uuid": "e9664ac5-ef8c-4681-be18-64c6c4f27c5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33985", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14150", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-33985\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T20:00:25.064Z\n\ud83d\udd17 References:\n1. https://www.insyde.com/security-pledge\n2. https://www.insyde.com/security-pledge/SA-2022055", "creation_timestamp": "2025-04-30T20:14:25.000000Z"}, {"uuid": "b265ef37-8a78-426c-a41f-deba3382257d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/318", "content": "CVE-2022-33980: Apache Commons Configuration-RCE\nhttps://github.com/tangxiaofeng7/CVE-2022-33980-Apache-Commons-Configuration-RCE", "creation_timestamp": "2022-07-10T23:04:09.000000Z"}, {"uuid": "6a5caec4-2b92-4f5f-968d-7d1244432125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "published-proof-of-concept", "source": "Telegram/r5i-toYK2LmEKblilAbI6DQ5XOX4pVpACjVWGnbPihqd9A", "content": "", "creation_timestamp": "2022-08-11T13:53:18.000000Z"}, {"uuid": "2e8759a6-4d17-49b9-ad70-4a62c445b90b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "seen", "source": "https://t.me/crackcodes/1040", "content": "Updates On Hackbyte Forum:-\n\n1. Universidad IEU Mexico Leak Files\n2. SCS-Siberia \u201c\u0421\u041a\u0421-\u0421\u0438\u0431\u0438\u0440\u044c\u201d \u2013 Telecommunications Company Russia Leak\n3. D.RDynamicShellcode\n4. DashOverride\n5. CVE-2022-33980 - Apache Commons RCE can use url,dns,script key-words to connect any server\n6. lfimap - Local file inclusion discovery and exploitation tool\n7. MSMAP - Msmap is a Memory WebShell Generator\n8. CVE-2022-29968\n9. CVE-2022-21894 - Secure Boot Security Feature Bypass Vulnerability\n10. PowerHuntShares\n11. chrome_password Js script - Steal Get username & password from Chrome. (Now Only Windows)\n12. Fatebot - Fate is IRC botnet\n13. JNDI-Injection-Exploit-Plus\n14. CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow\n15. Bypass-Sandbox-Evasion\n16. blackhat-arsenal-tools\n17. Blackhat 2022 recap \u2013 cloud, eBPF, global conflicts, supply chain, and more\n18. Hacking Zyxel IP cameras to gain a root shell\n19. CobaltStrike4.5\n20. DUOCELL Leak\n21. KisasaCredit Leak\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffbAll Updates On :- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-08-18T15:53:26.000000Z"}, {"uuid": "9b79f844-7902-4d20-92b2-f322a47b516d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "seen", "source": "https://t.me/cibsecurity/45645", "content": "\u203c CVE-2022-33980 \u203c\n\nApache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:54.000000Z"}, {"uuid": "e9379d20-d457-4d2e-9feb-8c0b254840b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33983", "type": "seen", "source": "https://t.me/cibsecurity/52968", "content": "\u203c CVE-2022-33983 \u203c\n\nDMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-16T07:51:32.000000Z"}, {"uuid": "a98165de-b3ab-4b32-8fca-b52857f63ab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33981", "type": "seen", "source": "https://t.me/cibsecurity/44770", "content": "\u203c CVE-2022-33981 \u203c\n\ndrivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-18T20:23:52.000000Z"}, {"uuid": "44cbe0d2-a2fa-41e0-b1e9-9d0e5ec9ae36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33987", "type": "seen", "source": "https://t.me/cibsecurity/44773", "content": "\u203c CVE-2022-33987 \u203c\n\nThe got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-19T00:23:27.000000Z"}, {"uuid": "c00cd8d1-8dd4-4755-ad68-7533f7675916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33989", "type": "seen", "source": "https://t.me/cibsecurity/48156", "content": "\u203c CVE-2022-33989 \u203c\n\ndproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T16:37:49.000000Z"}, {"uuid": "67e8f736-626b-44b7-8307-8cf773eaef32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33988", "type": "seen", "source": "https://t.me/cibsecurity/48154", "content": "\u203c CVE-2022-33988 \u203c\n\ndproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T16:37:47.000000Z"}, {"uuid": "54479e97-389c-438b-bb46-595201cb1f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6365", "content": "#exploit\n1. CVE-2022-33980:\nApache Commons Configuration-RCE\nhttps://github.com/tangxiaofeng7/CVE-2022-33980-Apache-Commons-Configuration-RCE\n\n2. CVE-2022-29554:\nMishandling of Input to API in PrintixService.exe\nhttps://github.com/ComparedArray/printix-CVE-2022-29554", "creation_timestamp": "2022-07-10T13:46:00.000000Z"}, {"uuid": "53389790-15f5-487b-946f-690cc59492b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33987", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6982", "content": "#exploit\n1. A Deep Dive of CVE-2022-33987 (Got allows a redirect to a UNIX socket)\nhttps://itnext.io/a-deep-dive-of-cve-2022-33987-got-allows-a-redirect-to-a-unix-socket-cdeed53944f7\n\n2. An experimental webkit-based kernel exploit (Arb. R/W) for the PS5 on <= 4.51FW\nhttps://github.com/Cryptogenic/PS5-IPV6-Kernel-Exploit", "creation_timestamp": "2022-10-15T13:08:01.000000Z"}]}