{"vulnerability": "CVE-2022-2030", "sightings": [{"uuid": "9b267588-76d2-46b7-9b3b-02c7f8971950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2030", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1069", "content": "Updates On Hackbyte Forum:-\n\n1. paykart.ae Leak\n2. NFCGate - an Android application meant to capture, analyze, or modify NFC traffic\n3. iuristec.es leak\n4. grupomerenson Leak\n5. Donut File Leaks\n6. erdogan_offshore_leak\n7. H. Municipality of Metepec Mexico Goverment Leak\n8. VB-COVIDVAC Vaccine Leak Documents\n9. Pitraix Botnet \u2013 Modern P2P Self-Modifying Botnet Cross-Platform Over TOR\n10. \u201cUseless\u201d path traversals in Zyxel admin interface (CVE-2022-2030)\n11. Patch bypass for [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager\n12. CVE-2022-22715 PoC: Windows Dirty Pipe\n13. HTTP header Blind SQL injection Example\n14. [CVE-2020-2733] Technical overview and PoC of bypassing admin authentication of JD Edwards EnterpriseOne\n15. bomber \u2013 a vulnerability scanner for SBOMs\n16. CVE-2022-22715\n17. 2022-LPE-UAF\n18. Paracosme \u2013 Remote Code Execution in ICONICS Genesis64.\n19. XSS vulnerability in Artica Proxy 4.30.0.\n20. Internal Hostname Disclosure Vulnerability\n21. CVE-2021-36260\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffbAll Updates On :- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-08-26T10:50:04.000000Z"}, {"uuid": "390d0b62-8ba0-42e9-9b6b-36717d6d9268", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20305", "type": "seen", "source": "https://t.me/cibsecurity/48075", "content": "\u203c CVE-2022-20305 \u203c\n\nIn ContentService, there is a possible disclosure of available account types due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199751623\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:46:41.000000Z"}, {"uuid": "fa22dd4a-853c-42fe-aa5f-5edb4e2729c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20308", "type": "seen", "source": "https://t.me/cibsecurity/48082", "content": "\u203c CVE-2022-20308 \u203c\n\nIn hostapd, there is a possible insecure configuration due to an insecure default value. This could lead to remote denial of service of the wifi hotspot with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-197874458\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:56:26.000000Z"}, {"uuid": "1c6efde1-56a7-4294-b2b2-ba31a8bae411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20309", "type": "seen", "source": "https://t.me/cibsecurity/48024", "content": "\u203c CVE-2022-20309 \u203c\n\nIn PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694094\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:33:22.000000Z"}, {"uuid": "c4fec59b-ae15-446c-8071-23397fb0a48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20302", "type": "seen", "source": "https://t.me/cibsecurity/48070", "content": "\u203c CVE-2022-20302 \u203c\n\nIn Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200746457\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:43:41.000000Z"}, {"uuid": "c0b50bd4-7a27-46fb-90fd-26f5d0ebdcef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20307", "type": "seen", "source": "https://t.me/cibsecurity/48044", "content": "\u203c CVE-2022-20307 \u203c\n\nIn AlarmManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-198782887\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:39:27.000000Z"}, {"uuid": "a46dce68-516c-41f9-9161-1046fb7f296b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2030", "type": "seen", "source": "https://t.me/cibsecurity/46530", "content": "\u203c CVE-2022-2030 \u203c\n\nA directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T12:40:32.000000Z"}]}