Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 14 Jun 2026 17:55:57 +0000 9335d75c-ab6d-42d6-bd87-8c4f9d21ba2b https://vulnerability.circl.lu/sighting/9335d75c-ab6d-42d6-bd87-8c4f9d21ba2b/export {"uuid": "9335d75c-ab6d-42d6-bd87-8c4f9d21ba2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33916", "type": "seen", "source": "https://t.me/cibsecurity/48565", "content": "\u203c CVE-2022-33916 \u203c\n\nOPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T07:21:04.000000Z"} {"uuid": "9335d75c-ab6d-42d6-bd87-8c4f9d21ba2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33916", "type": "seen", "source": "https://t.me/cibsecurity/48565", "content": "\u203c CVE-2022-33916 \u203c\n\nOPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T07:21:04.000000Z"} https://vulnerability.circl.lu/sighting/9335d75c-ab6d-42d6-bd87-8c4f9d21ba2b/export Tue, 23 Aug 2022 07:21:04 +0000 e45ed94c-03f9-4215-97b6-52a7103a2e06 https://vulnerability.circl.lu/sighting/e45ed94c-03f9-4215-97b6-52a7103a2e06/export {"uuid": "e45ed94c-03f9-4215-97b6-52a7103a2e06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3391", "type": "seen", "source": "https://t.me/cibsecurity/52037", "content": "\u203c CVE-2022-3391 \u203c\n\nThe Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:27:08.000000Z"} {"uuid": "e45ed94c-03f9-4215-97b6-52a7103a2e06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3391", "type": "seen", "source": "https://t.me/cibsecurity/52037", "content": "\u203c CVE-2022-3391 \u203c\n\nThe Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:27:08.000000Z"} https://vulnerability.circl.lu/sighting/e45ed94c-03f9-4215-97b6-52a7103a2e06/export Tue, 25 Oct 2022 20:27:08 +0000 ae035b46-eb3a-431b-9335-f960f8490441 https://vulnerability.circl.lu/sighting/ae035b46-eb3a-431b-9335-f960f8490441/export {"uuid": "ae035b46-eb3a-431b-9335-f960f8490441", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "seen", "source": "https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html", "content": "", "creation_timestamp": "2022-11-22T21:05:00.000000Z"} {"uuid": "ae035b46-eb3a-431b-9335-f960f8490441", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "seen", "source": "https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html", "content": "", "creation_timestamp": "2022-11-22T21:05:00.000000Z"} https://vulnerability.circl.lu/sighting/ae035b46-eb3a-431b-9335-f960f8490441/export Tue, 22 Nov 2022 21:05:00 +0000 3aa0ee5b-ebd4-4c84-837f-f65734068e18 https://vulnerability.circl.lu/sighting/3aa0ee5b-ebd4-4c84-837f-f65734068e18/export {"uuid": "3aa0ee5b-ebd4-4c84-837f-f65734068e18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7224", "content": "#exploit\n1. CVE-2022-26696:\nmacOS Sandbox Escape vulnerability via Terminal\nhttps://wojciechregula.blog/post/macos-sandbox-escape-via-terminal\n\n2. CVE-2022-33917:\nArm Mali CSF: page freed while still mapped into host userspace due to VMA split mishandling\n]-> https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html", "creation_timestamp": "2022-11-23T11:03:00.000000Z"} {"uuid": "3aa0ee5b-ebd4-4c84-837f-f65734068e18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7224", "content": "#exploit\n1. CVE-2022-26696:\nmacOS Sandbox Escape vulnerability via Terminal\nhttps://wojciechregula.blog/post/macos-sandbox-escape-via-terminal\n\n2. CVE-2022-33917:\nArm Mali CSF: page freed while still mapped into host userspace due to VMA split mishandling\n]-> https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html", "creation_timestamp": "2022-11-23T11:03:00.000000Z"} https://vulnerability.circl.lu/sighting/3aa0ee5b-ebd4-4c84-837f-f65734068e18/export Wed, 23 Nov 2022 11:03:00 +0000 c7e271f8-00d3-4138-9056-ce134e5f719b https://vulnerability.circl.lu/sighting/c7e271f8-00d3-4138-9056-ce134e5f719b/export {"uuid": "c7e271f8-00d3-4138-9056-ce134e5f719b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1471", "content": "#exploit\n1. CVE-2022-26696:\nmacOS Sandbox Escape vulnerability via Terminal\nhttps://wojciechregula.blog/post/macos-sandbox-escape-via-terminal\n\n2. CVE-2022-33917:\nArm Mali CSF: page freed while still mapped into host userspace due to VMA split mishandling\n]-> https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html", "creation_timestamp": "2022-11-23T16:05:12.000000Z"} {"uuid": "c7e271f8-00d3-4138-9056-ce134e5f719b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1471", "content": "#exploit\n1. CVE-2022-26696:\nmacOS Sandbox Escape vulnerability via Terminal\nhttps://wojciechregula.blog/post/macos-sandbox-escape-via-terminal\n\n2. CVE-2022-33917:\nArm Mali CSF: page freed while still mapped into host userspace due to VMA split mishandling\n]-> https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html", "creation_timestamp": "2022-11-23T16:05:12.000000Z"} https://vulnerability.circl.lu/sighting/c7e271f8-00d3-4138-9056-ce134e5f719b/export Wed, 23 Nov 2022 16:05:12 +0000 e1edffe1-ed13-474f-ac05-64b6b614c415 https://vulnerability.circl.lu/sighting/e1edffe1-ed13-474f-ac05-64b6b614c415/export {"uuid": "e1edffe1-ed13-474f-ac05-64b6b614c415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/3742", "content": "\u0417\u0430\u0434\u0435\u0440\u0436\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c\u0438 Android-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u0437 \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 Arm Mali \u0434\u0435\u043b\u0430\u0435\u0442 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u0434\u0435\u0432\u0430\u0439\u0441\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043c\u043e\u0434\u0435\u043b\u0438 Google, Samsung, Xiaomi, Oppo, Vivo, Honor, Asus, RealMe, Motorola, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u043c\u0430\u0440\u043e\u043a. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0447\u0438\u043f\u043e\u0432 Arm Mali \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b \u043e\u0448\u0438\u0431\u043a\u0438.\n\n\u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043f\u0430\u0440\u0442\u043d\u0435\u0440\u0430\u043c-\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f (OEM) \u043d\u0443\u0436\u043d\u043e \u0432\u0440\u0435\u043c\u044f, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0438\u0445 \u0432 \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u2014 \u043f\u0440\u043e\u0446\u0435\u0441\u0441, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u0432\u0430\u0435\u0442 \u0432\u0440\u0435\u043c\u044f \u0434\u043e \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0422\u0440\u0435\u0432\u043e\u0433\u0443 \u0437\u0430\u0431\u0438\u043b\u0438 Google Project Zero, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u00ab\u043f\u0440\u043e\u0431\u0435\u043b\u0435 \u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445\u00bb.\n\nProject Zero \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-33917 \u0438 CVE-2022-36449 (\u0441\u043e\u0431\u0438\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0434\u043b\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438) \u0432 \u0438\u044e\u043d\u0435 2022 \u0433\u043e\u0434\u0430.\n\nCVE-2022-33917 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GPU \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u044b\u043c \u0440\u0430\u0437\u0434\u0435\u043b\u0430\u043c \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u044f\u0434\u0440\u0430 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 Arm Mali \u043e\u0442 Valhall r29p0 \u0434\u043e r38p0.\n\n\u0414\u0440\u0443\u0433\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u0412\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u044f\u0434\u0440\u0430 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 Arm Mali \u043e\u0442 Midgard r4p0 \u0434\u043e r32p0, Bifrost \u043e\u0442 r0p0 \u0434\u043e r38p0 \u0438 r39p0 \u0434\u043e r38p1 \u0438 Valhall \u043e\u0442 r19p0 \u0434\u043e r38p0 \u0438 r39p0 \u0434\u043e r38p1.\n\n\u0414\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 Mali \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0442\u0430\u043a\u0438\u043c\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c\u0438, \u043a\u0430\u043a MediaTek, HiSilicon Kirin \u0438 Exyno, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e Android-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043d\u0430 \u0440\u044b\u043d\u043a\u0435.\n\nProject Zero \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043a\u0430\u043a (2325, 2327, 2331, 2333 \u0438 2334) \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0441\u0440\u0435\u0434\u043d\u044e\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0433\u043e \u0447\u0438\u0441\u043b\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Android.\n\n\u041d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u0442 Arm \u0435\u0449\u0435 \u043d\u0435 \u0434\u043e\u0448\u043b\u043e \u0434\u043e OEM-\u043f\u0430\u0440\u0442\u043d\u0435\u0440\u043e\u0432 \u0438 \u0442\u0435\u0441\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Android \u0438 Pixel.\n\n\u0427\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u0434\u0435\u043b\u044c Android \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0432\u043e\u0438\u043c \u043f\u0430\u0440\u0442\u043d\u0435\u0440\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0436\u0435 \u0431\u0443\u0434\u0443\u0442 \u0441\u0430\u043c\u0438 \u043d\u0435\u0441\u0442\u0438 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0437\u0430 \u0435\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0436\u0435 \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0434\u0435\u043b\u0430\u0442\u044c, \u043a\u0430\u043a \u043e\u0436\u0438\u0434\u0430\u0442\u044c, \u043f\u043e\u043a\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0438 \u0438\u0445 \u0434\u0435\u0432\u0430\u0439\u0441\u043e\u0432 \u0432\u044b\u043a\u0430\u0442\u044f\u0442 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043d\u0430 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 Midgard \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0438\u043c \u043f\u0440\u0438\u0434\u0435\u0442\u0441\u044f \u043f\u043e\u043f\u0440\u043e\u0449\u0430\u0442\u044c\u0441\u044f \u0441\u043e \u0441\u0432\u043e\u0438\u043c\u0438 \u0433\u0430\u0434\u0436\u0435\u0442\u0430\u043c\u0438.", "creation_timestamp": "2022-11-24T12:08:24.000000Z"} {"uuid": "e1edffe1-ed13-474f-ac05-64b6b614c415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/3742", "content": "\u0417\u0430\u0434\u0435\u0440\u0436\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c\u0438 Android-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u0437 \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 Arm Mali \u0434\u0435\u043b\u0430\u0435\u0442 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u0434\u0435\u0432\u0430\u0439\u0441\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043c\u043e\u0434\u0435\u043b\u0438 Google, Samsung, Xiaomi, Oppo, Vivo, Honor, Asus, RealMe, Motorola, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u043c\u0430\u0440\u043e\u043a. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0447\u0438\u043f\u043e\u0432 Arm Mali \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b \u043e\u0448\u0438\u0431\u043a\u0438.\n\n\u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043f\u0430\u0440\u0442\u043d\u0435\u0440\u0430\u043c-\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f (OEM) \u043d\u0443\u0436\u043d\u043e \u0432\u0440\u0435\u043c\u044f, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0438\u0445 \u0432 \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u2014 \u043f\u0440\u043e\u0446\u0435\u0441\u0441, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u0432\u0430\u0435\u0442 \u0432\u0440\u0435\u043c\u044f \u0434\u043e \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0422\u0440\u0435\u0432\u043e\u0433\u0443 \u0437\u0430\u0431\u0438\u043b\u0438 Google Project Zero, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u00ab\u043f\u0440\u043e\u0431\u0435\u043b\u0435 \u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445\u00bb.\n\nProject Zero \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-33917 \u0438 CVE-2022-36449 (\u0441\u043e\u0431\u0438\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0434\u043b\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438) \u0432 \u0438\u044e\u043d\u0435 2022 \u0433\u043e\u0434\u0430.\n\nCVE-2022-33917 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GPU \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u044b\u043c \u0440\u0430\u0437\u0434\u0435\u043b\u0430\u043c \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u044f\u0434\u0440\u0430 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 Arm Mali \u043e\u0442 Valhall r29p0 \u0434\u043e r38p0.\n\n\u0414\u0440\u0443\u0433\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u0412\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u044f\u0434\u0440\u0430 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 Arm Mali \u043e\u0442 Midgard r4p0 \u0434\u043e r32p0, Bifrost \u043e\u0442 r0p0 \u0434\u043e r38p0 \u0438 r39p0 \u0434\u043e r38p1 \u0438 Valhall \u043e\u0442 r19p0 \u0434\u043e r38p0 \u0438 r39p0 \u0434\u043e r38p1.\n\n\u0414\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 Mali \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0442\u0430\u043a\u0438\u043c\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c\u0438, \u043a\u0430\u043a MediaTek, HiSilicon Kirin \u0438 Exyno, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e Android-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043d\u0430 \u0440\u044b\u043d\u043a\u0435.\n\nProject Zero \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043a\u0430\u043a (2325, 2327, 2331, 2333 \u0438 2334) \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0441\u0440\u0435\u0434\u043d\u044e\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0433\u043e \u0447\u0438\u0441\u043b\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Android.\n\n\u041d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u0442 Arm \u0435\u0449\u0435 \u043d\u0435 \u0434\u043e\u0448\u043b\u043e \u0434\u043e OEM-\u043f\u0430\u0440\u0442\u043d\u0435\u0440\u043e\u0432 \u0438 \u0442\u0435\u0441\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Android \u0438 Pixel.\n\n\u0427\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u0434\u0435\u043b\u044c Android \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0432\u043e\u0438\u043c \u043f\u0430\u0440\u0442\u043d\u0435\u0440\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0436\u0435 \u0431\u0443\u0434\u0443\u0442 \u0441\u0430\u043c\u0438 \u043d\u0435\u0441\u0442\u0438 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0437\u0430 \u0435\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0436\u0435 \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0434\u0435\u043b\u0430\u0442\u044c, \u043a\u0430\u043a \u043e\u0436\u0438\u0434\u0430\u0442\u044c, \u043f\u043e\u043a\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0438 \u0438\u0445 \u0434\u0435\u0432\u0430\u0439\u0441\u043e\u0432 \u0432\u044b\u043a\u0430\u0442\u044f\u0442 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043d\u0430 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 Midgard \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0438\u043c \u043f\u0440\u0438\u0434\u0435\u0442\u0441\u044f \u043f\u043e\u043f\u0440\u043e\u0449\u0430\u0442\u044c\u0441\u044f \u0441\u043e \u0441\u0432\u043e\u0438\u043c\u0438 \u0433\u0430\u0434\u0436\u0435\u0442\u0430\u043c\u0438.", "creation_timestamp": "2022-11-24T12:08:24.000000Z"} https://vulnerability.circl.lu/sighting/e1edffe1-ed13-474f-ac05-64b6b614c415/export Thu, 24 Nov 2022 12:08:24 +0000 06ee9ec8-7a49-420e-985e-e89afead4dd7 https://vulnerability.circl.lu/sighting/06ee9ec8-7a49-420e-985e-e89afead4dd7/export {"uuid": "06ee9ec8-7a49-420e-985e-e89afead4dd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "seen", "source": "Telegram/B5r4kFnBFEHpbf1pdgoKaOZNyOgaMcXW30gWxds-rBS-", "content": "", "creation_timestamp": "2022-11-25T20:25:39.000000Z"} {"uuid": "06ee9ec8-7a49-420e-985e-e89afead4dd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "seen", "source": "Telegram/B5r4kFnBFEHpbf1pdgoKaOZNyOgaMcXW30gWxds-rBS-", "content": "", "creation_timestamp": "2022-11-25T20:25:39.000000Z"} https://vulnerability.circl.lu/sighting/06ee9ec8-7a49-420e-985e-e89afead4dd7/export Fri, 25 Nov 2022 20:25:39 +0000 8150d753-4aec-4ea0-aeea-5b60078a302a https://vulnerability.circl.lu/sighting/8150d753-4aec-4ea0-aeea-5b60078a302a/export {"uuid": "8150d753-4aec-4ea0-aeea-5b60078a302a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "seen", "source": "https://t.me/crackcodes/1544", "content": "\ud83d\udd25Mind the Gap \n\nThe week before FirstCon22, Maddie gave an internal preview of her talk(\"0-day In-the-Wild Exploitation in 2022\u2026so far\"). Inspired by the description of an in-the-wild vulnerability in low-level memory management code, fellow Project Zero researcher Jann Horn started auditing the ARM Mali GPU driver. Over the next three weeks, Jann found five more exploitable vulnerabilities (2325, 2327, 2331, 2333, 2334).\n\n\u26a0\ufe0fThe vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.", "creation_timestamp": "2022-11-28T14:41:47.000000Z"} {"uuid": "8150d753-4aec-4ea0-aeea-5b60078a302a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "seen", "source": "https://t.me/crackcodes/1544", "content": "\ud83d\udd25Mind the Gap \n\nThe week before FirstCon22, Maddie gave an internal preview of her talk(\"0-day In-the-Wild Exploitation in 2022\u2026so far\"). Inspired by the description of an in-the-wild vulnerability in low-level memory management code, fellow Project Zero researcher Jann Horn started auditing the ARM Mali GPU driver. Over the next three weeks, Jann found five more exploitable vulnerabilities (2325, 2327, 2331, 2333, 2334).\n\n\u26a0\ufe0fThe vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.", "creation_timestamp": "2022-11-28T14:41:47.000000Z"} https://vulnerability.circl.lu/sighting/8150d753-4aec-4ea0-aeea-5b60078a302a/export Mon, 28 Nov 2022 14:41:47 +0000 11b41a67-d396-46f1-9378-a23950739f18 https://vulnerability.circl.lu/sighting/11b41a67-d396-46f1-9378-a23950739f18/export {"uuid": "11b41a67-d396-46f1-9378-a23950739f18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "seen", "source": "https://t.me/androidMalware/1711", "content": "Vulnerability discovered in devices with a Mali GPU\nThe vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others) \nhttps://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html", "creation_timestamp": "2023-02-18T06:16:28.000000Z"} {"uuid": "11b41a67-d396-46f1-9378-a23950739f18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33917", "type": "seen", "source": "https://t.me/androidMalware/1711", "content": "Vulnerability discovered in devices with a Mali GPU\nThe vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others) \nhttps://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html", "creation_timestamp": "2023-02-18T06:16:28.000000Z"} https://vulnerability.circl.lu/sighting/11b41a67-d396-46f1-9378-a23950739f18/export Sat, 18 Feb 2023 06:16:28 +0000 413cff85-9b3a-4495-8433-ef90c61eaa46 https://vulnerability.circl.lu/sighting/413cff85-9b3a-4495-8433-ef90c61eaa46/export {"uuid": "413cff85-9b3a-4495-8433-ef90c61eaa46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3391", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15824", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3391\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\ud83d\udccf Published: 2022-10-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T19:07:22.850Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/ecc51420-ee50-4e39-a38d-09686f1996f2", "creation_timestamp": "2025-05-09T19:26:19.000000Z"} {"uuid": "413cff85-9b3a-4495-8433-ef90c61eaa46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3391", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15824", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3391\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\ud83d\udccf Published: 2022-10-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T19:07:22.850Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/ecc51420-ee50-4e39-a38d-09686f1996f2", "creation_timestamp": "2025-05-09T19:26:19.000000Z"} https://vulnerability.circl.lu/sighting/413cff85-9b3a-4495-8433-ef90c61eaa46/export Fri, 09 May 2025 19:26:19 +0000