{"vulnerability": "cve-2022-3314", "sightings": [{"uuid": "8e91db73-0a9e-4476-a23c-04a4fa583431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3314", "type": "seen", "source": "https://t.me/true_secator/3490", "content": "Google \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 Chrome 106 \u0434\u043b\u044f Windows, Mac \u0438 Linux \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 20 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 5 \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u043b\u043e\u0432\u0438\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE, DoS \u0438\u043b\u0438 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445.\u00a0\u0412 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0418\u0437 \u043f\u044f\u0442\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435\u00a0\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 Chrome 106, \u0447\u0435\u0442\u044b\u0440\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CVE-2022-3304, CVE-2022-3305, CVE-2022-3306, CVE-2022-3307), \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0442\u0440\u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e CSS, Survey \u0438 Media.\n\n\u041f\u044f\u0442\u0430\u044f \u2014 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430 \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0445 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 (CVE-2022-3201).\n\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f, \u0442\u0430\u043a\u0436\u0435 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CVE-2022-3309, CVE-2022-3311, CVE-2022-3314), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u043b\u0438\u044f\u044e\u0442 \u043d\u0430 \u0442\u0440\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Chrome: Assistant, Import \u0438 Logging.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0445 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 (CVE-2022-3308) \u0438 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u0432\u043a\u043b\u0430\u0434\u043a\u0430\u0445 (CVE-2022-3310), \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430 \u0432 VPN (CVE-2022-3312), \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u043e\u043b\u043d\u043e\u044d\u043a\u0440\u0430\u043d\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435 (CVE-2022-3313) \u0438 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0443 \u0442\u0438\u043f\u043e\u0432 \u0432 Blink (CVE-2022-3315).\n\nGoogle \u0432\u044b\u043f\u043b\u0430\u0442\u0438\u043b\u0430 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0431\u043e\u043b\u0435\u0435 38 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u043f\u043e BugBounty \u0441\u043e\u043e\u0431\u0449\u0438\u0432\u0448\u0438\u043c \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0430\u0445.\n\n\u0421\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 Google \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442.\n\n\u041f\u043e\u0447\u0442\u0438 \u043d\u0435\u0437\u0430\u043c\u0435\u0442\u043d\u044b\u043c \u043f\u0440\u043e\u0448\u043b\u043e \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Apple \u0434\u043b\u044f \u0441\u0432\u043e\u0435\u0439 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0439 iOS \u0438 watchOS.\n\n\u041d\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 iOS\u00a016.0.2 \u0438 watchOS\u00a09.0.1 \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b 22 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u043a\u0430\u043a \u0438 \u0434\u043b\u044f \u0432\u044b\u0448\u0435\u0434\u0448\u0435\u0439 \u0435\u0449\u0435 \u043d\u0435\u0434\u0435\u043b\u0435\u0439 \u0440\u0430\u043d\u0435\u0435 iOS\u00a016.0.1 \u0437\u0430\u043f\u0438\u0441\u0438 CVE \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442.\n\nApple \u0432 \u0446\u0435\u043b\u044f\u0445 \u0437\u0430\u0449\u0438\u0442\u044b \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043d\u0435 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0430\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041d\u0430\u0432\u0435\u0440\u043d\u043e, \u043d\u043e\u0432\u044b\u0435 \u0410\u041d\u0411\u044d\u0448\u043d\u044b\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u044b \u043f\u043e\u0434\u044a\u0435\u0445\u0430\u043b\u0438, \u0430 \u0441\u0442\u0430\u0440\u044b\u0435 \u0435\u0449\u0435 \u043d\u0435 \u0443\u0441\u043f\u0435\u043b\u0438 \u0441\u043f\u0438\u0441\u0430\u0442\u044c.", "creation_timestamp": "2022-09-29T15:30:06.000000Z"}, {"uuid": "59b583c0-4803-442a-82ef-bfe041b58950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33147", "type": "seen", "source": "https://t.me/cibsecurity/48545", "content": "\u203c CVE-2022-33147 \u203c\n\nA sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder functionality which can be used to add new videos, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T22:20:55.000000Z"}, {"uuid": "da3faa59-8f25-480a-8099-de193f18002e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33146", "type": "seen", "source": "https://t.me/cibsecurity/45163", "content": "\u203c CVE-2022-33146 \u203c\n\nOpen redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-27T07:34:17.000000Z"}, {"uuid": "14434e69-f812-41a6-bb55-f26fcb442285", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33148", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11893", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-33148\n\ud83d\udd25 CVSS Score: 8.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)\n\ud83d\udd39 Description: A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the title parameter.\n\ud83d\udccf Published: 2022-08-22T18:29:35.981Z\n\ud83d\udccf Modified: 2025-04-15T18:49:46.519Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql\n2. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1551", "creation_timestamp": "2025-04-15T18:55:07.000000Z"}, {"uuid": "db212a07-d1e3-4bfe-9b4f-f0d394c7cab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33147", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11892", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-33147\n\ud83d\udd25 CVSS Score: 8.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)\n\ud83d\udd39 Description: A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder functionality which can be used to add new videos, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter.\n\ud83d\udccf Published: 2022-08-22T18:29:10.678Z\n\ud83d\udccf Modified: 2025-04-15T18:49:53.529Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql\n2. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1551", "creation_timestamp": "2025-04-15T18:55:06.000000Z"}, {"uuid": "d4d91c25-4c25-48c3-9886-9e87b3fa83ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33149", "type": "seen", "source": "https://t.me/cibsecurity/48552", "content": "\u203c CVE-2022-33149 \u203c\n\nA sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin, allowing an attacker to inject SQL by manipulating the url parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T22:21:02.000000Z"}, {"uuid": "a35f0eb3-6514-4ae5-9988-e0e413a39a83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33148", "type": "seen", "source": "https://t.me/cibsecurity/48536", "content": "\u203c CVE-2022-33148 \u203c\n\nA sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the title parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T22:20:40.000000Z"}, {"uuid": "cda1e278-dcd3-459b-80c5-68a78f083224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33140", "type": "seen", "source": "https://t.me/cibsecurity/44539", "content": "\u203c CVE-2022-33140 \u203c\n\nThe optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:47.000000Z"}, {"uuid": "84d8f24a-6693-4810-9ee3-7c9e6133d9c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33140", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrspzzl7b2m", "content": "", "creation_timestamp": "2025-08-19T21:02:28.249611Z"}, {"uuid": "92188878-df31-4e35-adfd-921d7b5f5478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33149", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11894", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-33149\n\ud83d\udd25 CVSS Score: 8.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)\n\ud83d\udd39 Description: A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin, allowing an attacker to inject SQL by manipulating the url parameter.\n\ud83d\udccf Published: 2022-08-22T18:29:57.518Z\n\ud83d\udccf Modified: 2025-04-15T18:49:38.033Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql\n2. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1551", "creation_timestamp": "2025-04-15T18:55:08.000000Z"}, {"uuid": "d3b68d34-de2f-4976-a1f8-b8511ee8e25b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3314", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15131", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3314\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\ud83d\udccf Published: 2022-11-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-06T15:14:38.848Z\n\ud83d\udd17 References:\n1. https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html\n2. https://crbug.com/1328708", "creation_timestamp": "2025-05-06T15:21:28.000000Z"}, {"uuid": "c696571c-930f-4fc6-a18d-6bdd0df95894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-33140", "type": "seen", "source": "https://t.me/arpsyndicate/3183", "content": "#ExploitObserverAlert\n\nCVE-2022-33140\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-33140. The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.\n\nFIRST-EPSS: 0.001660000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T03:26:30.000000Z"}]}