{"vulnerability": "CVE-2022-2229", "sightings": [{"uuid": "f811dc02-c900-4d6b-b779-941e0bab4314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22298", "type": "seen", "source": "https://t.me/cibsecurity/71976", "content": "\u203c CVE-2022-22298 \u203c\n\nA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T20:16:58.000000Z"}, {"uuid": "7bf8913c-a5f8-47e5-9e4f-a1add549e0a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22294", "type": "seen", "source": "https://t.me/cibsecurity/36470", "content": "\u203c CVE-2022-22294 \u203c\n\nA SQL injection vulnerability exists in ZFAKA&lt;=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-28T20:21:46.000000Z"}, {"uuid": "ada4b4fe-da27-451b-a742-fbdb6e2b770b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22296", "type": "seen", "source": "https://t.me/cibsecurity/36126", "content": "\u203c CVE-2022-22296 \u203c\n\nSourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T15:30:32.000000Z"}, {"uuid": "f30395ca-b7ed-4964-bade-4f6eeef26bbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22292", "type": "seen", "source": "https://t.me/ctinow/49882", "content": "CVE-2022-22292 flaw could allow hacking of Samsung Android devices\n\nhttps://ift.tt/WK1VIbF", "creation_timestamp": "2022-04-07T15:21:46.000000Z"}, {"uuid": "ce17854f-b081-4d56-b28b-1481e6a5b933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22292", "type": "seen", "source": "https://t.me/true_secator/2828", "content": "\u0427\u0430\u0441\u0442\u043e \u043b\u0438 \u0432\u044b \u0437\u0430\u0434\u0443\u043c\u044b\u0432\u0430\u043b\u0438\u0441\u044c \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043a\u0442\u043e-\u0442\u043e \u0435\u0449\u0435 \u0438\u043c\u0435\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0430\u0448\u0435\u043c\u0443 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0443? \u0418 \u043a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0432\u044b \u043f\u0440\u0430\u0432\u044b.\n\n\u0412 \u043a\u043e\u043d\u0446\u0435 2022 \u0433\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0438\u0437 Kryptowire \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0443\u044e \u043a\u0430\u043a CVE-2022-22292, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Android 9, 10, 11 \u0438 12.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u043f\u0440\u0435\u0434\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u0422\u0435\u043b\u0435\u0444\u043e\u043d, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0441 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Samsung. \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u0422\u0435\u043b\u0435\u0444\u043e\u043d \u0435\u0441\u0442\u044c \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0431\u0435\u0437 \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u0411\u0430\u0433\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0431\u0440\u043e\u0441 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u043a \u0437\u0430\u0432\u043e\u0434\u0441\u043a\u0438\u043c (\u0442. \u0435. \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0432\u0441\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435), \u0441\u043e\u0432\u0435\u0440\u0448\u0430\u0442\u044c \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043d\u044b\u0435 \u0437\u0432\u043e\u043d\u043a\u0438, \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c/\u0443\u0434\u0430\u043b\u044f\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043a\u043e\u0440\u043d\u0435\u0432\u044b\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u0438 \u0432\u0441\u0435 \u044d\u0442\u043e \u0438\u0437 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u0432 \u0444\u043e\u043d\u043e\u0432\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435 \u0438 \u0431\u0435\u0437 \u043e\u0434\u043e\u0431\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-22292 \u0431\u044b\u043b\u0430 \u043e\u0446\u0435\u043d\u0435\u043d\u0430 \u043a\u0430\u043a \u0432\u044b\u0441\u043e\u043a\u0430\u044f \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0438 \u043e \u043d\u0435\u0439 \u0431\u044b\u043b\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u043e Samsung \u0435\u0449\u0435 27 \u043d\u043e\u044f\u0431\u0440\u044f 2021 \u0433\u043e\u0434\u0430. \u041d\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0442\u043e\u043b\u044c\u043a\u043e \u0444\u0435\u0432\u0440\u0430\u043b\u0435 2022, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u043f\u0430\u0442\u0447 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (SMR).\n\n\u0427\u0442\u043e \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Samsung \u0437\u0430 \u0441\u0442\u043e\u043b\u044c \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0435\u0440\u0438\u043e\u0434 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043e\u0434\u043d\u043e\u043c\u0443 \u0411\u043e\u0433\u0443 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e. \u0412 \u043f\u0440\u043e\u0447\u0435\u043c \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0433\u0443\u0434\u0435\u043b\u0438 \u0443\u0436\u0435 \u043c\u043d\u043e\u0433\u0438\u0435, \u043d\u043e \u0438 \u043c\u044b \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0434\u0435\u0432\u0430\u0439\u0441\u044b \u043f\u043e\u043a\u0430 \u0435\u0441\u0442\u044c \u0442\u0430\u043a\u0430\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c.", "creation_timestamp": "2022-04-08T21:00:03.000000Z"}, {"uuid": "145a71de-6063-47f8-84e7-1c54b663002c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2229", "type": "seen", "source": "https://t.me/cibsecurity/45483", "content": "\u203c CVE-2022-2229 \u203c\n\nAn improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-01T20:42:43.000000Z"}, {"uuid": "b3468b0f-8bdd-4766-9379-ba65cd1f4479", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22295", "type": "seen", "source": "https://t.me/cibsecurity/37470", "content": "\u203c CVE-2022-22295 \u203c\n\nMetinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T00:33:24.000000Z"}, {"uuid": "560fbb64-4f18-4052-9a16-3a9e3630005f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22290", "type": "seen", "source": "https://t.me/cibsecurity/35610", "content": "\u203c CVE-2022-22290 \u203c\n\nIncorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-14T22:23:52.000000Z"}, {"uuid": "b5224929-4780-4ca4-aafa-711665f69d2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22293", "type": "seen", "source": "https://t.me/cibsecurity/34820", "content": "\u203c CVE-2022-22293 \u203c\n\nadmin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-02T02:41:45.000000Z"}, {"uuid": "3f00f0b1-53d3-48db-83ee-96a541f01928", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22292", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9301", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 Tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices.\n\nhttps://securityaffairs.co/wordpress/129942/hacking/cve-2022-22292-hack-samsung-android-devices.html", "creation_timestamp": "2022-04-08T08:30:33.000000Z"}, {"uuid": "c7ac678f-16c0-445b-b23f-8fef6cca9b2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22297", "type": "seen", "source": "https://t.me/cibsecurity/59605", "content": "\u203c CVE-2022-22297 \u203c\n\nAn incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:50.000000Z"}, {"uuid": "12785701-5eb5-4599-8a64-d5a96be45b73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22292", "type": "seen", "source": "https://t.me/cibsecurity/37313", "content": "\u203c CVE-2022-22292 \u203c\n\nUnprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:28:57.000000Z"}, {"uuid": "815908ec-c960-41da-9297-2bb962ef90cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22292", "type": "seen", "source": "https://t.me/androidMalware/1499", "content": "Start Arbitrary Activity App Components as the System User Vulnerability Affecting Samsung Android Devices (CVE-2022-22292)\nhttps://www.kryptowire.com/blog/start-arbitrary-activity-app-components-as-the-system-user-vulnerability-affecting-samsung-android-devices/", "creation_timestamp": "2022-04-11T08:07:12.000000Z"}]}