{"vulnerability": "CVE-2022-2586", "sightings": [{"uuid": "1a4f578a-97b7-451b-9942-a6f848a5d46d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "seen", "source": "MISP/ea70cf3c-6079-4c57-8341-baa1d0389833", "content": "", "creation_timestamp": "2024-06-27T07:06:52.000000Z"}, {"uuid": "49cb615f-97f8-4b17-a9f7-4e4211c86729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-06-26T18:10:02.000000Z"}, {"uuid": "ab7975ed-0e43-49d1-8e59-a1985dff8f78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-2586", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/c65b0f67-52cb-4bfa-9952-71e3e5f69928", "content": "", "creation_timestamp": "2026-02-02T12:26:34.585632Z"}, {"uuid": "2a56088c-bea2-4c70-8073-816005e2f7a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:55.000000Z"}, {"uuid": "e77d0c6a-95ce-4de5-86eb-135a44f897cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18736", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-50213\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not allow SET_ID to refer to another table\n\nWhen doing lookups for sets on the same batch by using its ID, a set from a\ndifferent table can be used.\n\nThen, when the table is removed, a reference to the set may be kept after\nthe set is freed, leading to a potential use-after-free.\n\nWhen looking for sets by ID, use the table that was used for the lookup by\nname, and only return sets belonging to that same table.\n\nThis fixes CVE-2022-2586, also reported as ZDI-CAN-17470.\n\ud83d\udccf Published: 2025-06-18T11:03:50.958Z\n\ud83d\udccf Modified: 2025-06-18T11:03:50.958Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/77d3b5038b7462318f5183e2ad704b01d57215a2\n2. https://git.kernel.org/stable/c/fab2f61cc3b0e441b1749f017cfee75f9bbaded7\n3. https://git.kernel.org/stable/c/1a4b18b1ff11ba26f9a852019d674fde9d1d1cff\n4. https://git.kernel.org/stable/c/faafd9286f1355c76fe9ac3021c280297213330e\n5. https://git.kernel.org/stable/c/f4fa03410f7c5f5bd8f90e9c11e9a8c4b526ff6f\n6. https://git.kernel.org/stable/c/0d07039397527361850c554c192e749cfc879ea9\n7. https://git.kernel.org/stable/c/470ee20e069a6d05ae549f7d0ef2bdbcee6a81b2", "creation_timestamp": "2025-06-18T11:38:44.000000Z"}, {"uuid": "e10497fa-87ad-4538-bc8c-869d5a5e5e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25860", "type": "published-proof-of-concept", "source": "Telegram/61DYlWTca6IkcT_FpN2RYBtwr9MKXFEKysLP63-1xRoUERI", "content": "", "creation_timestamp": "2026-04-13T19:19:04.000000Z"}, {"uuid": "da46f9ab-35aa-4983-abbf-9bc3fb49ef23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25860", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9917", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25860\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P)\n\ud83d\udd39 Description: Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization.This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).\n\ud83d\udccf Published: 2023-01-24T05:00:02.399Z\n\ud83d\udccf Modified: 2025-04-01T15:29:18.377Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391\n2. https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13\n3. https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951", "creation_timestamp": "2025-04-01T15:32:31.000000Z"}, {"uuid": "6a551755-0fbb-44a9-af1c-10bf7eca76e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/973", "content": "CVE-2022-2586\n\u041f\u043e\u043c\u043d\u0438\u0442\u0435 \u0434\u044b\u0440\u043a\u0443 \u0432 \u043a\u0440\u043e\u0441\u0441-\u0442\u0430\u0431\u043b\u0438\u0446\u0435 nf_tables \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 net/netfilter/nf_tables_api.c \u044f\u0434\u0440\u0430 Linux ?\n*\n\u0422\u0430\u043a \u0432\u043e\u0442, \u0440\u0435\u0431\u044f\u0442\u0430 \u0438\u0437 OpenWall (\u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e Alejandro Guerrero), \u043d\u0430\u043f\u0438\u0441\u0430\u043b \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 writeup \u043f\u043e \u044d\u0442\u043e\u0439 \u0434\u044b\u0440\u043a\u0435, \u043d\u0443 \u0438 \u0432 \u0434\u043e\u0433\u043e\u043d\u043a\u0443 \u043d\u0430\u043f\u0438\u0441\u0430\u043b \u0441\u043f\u043b\u043e\u0438\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0447\u0435\u043d\u044c \u0434\u0430\u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c.\n*\n\u0427\u0438\u0442\u0430\u0442\u044c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\n\u0421\u043a\u0430\u0447\u0430\u0442\u044c exploit\n\n#linux #exploit #lpe", "creation_timestamp": "2022-09-10T09:25:25.000000Z"}, {"uuid": "ad95b4f6-668f-46c6-9182-7afd47df35a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/603", "content": "\u200b\u200bCVE-2022-2586\n\ngcc exploit.c -o exploit -lmnl -lnftnl -no-pie -lpthread\n\nhttps://github.com/sniper404ghostxploit/CVE-2022-2586\n\n#cve", "creation_timestamp": "2022-11-28T19:09:36.000000Z"}, {"uuid": "eb207bf2-5c5e-45ec-8445-62f0df783bf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "seen", "source": "https://t.me/poxek/2454", "content": "#CVE #POC\n\nLinux kernel LPE flaw\nCVE-2022-2586\n\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043d\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430\u0445 Linux Kernel. \u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0438\u0437\u043a\u043e\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0421\u043f\u0435\u0446\u0438\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 nft_objects. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u0430 \u043f\u0435\u0440\u0435\u0434 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u043d\u0430\u0434 \u043d\u0438\u043c. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 root.", "creation_timestamp": "2022-09-14T14:54:54.000000Z"}, {"uuid": "363e909e-e4c7-49b3-aa91-5997233719aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25869", "type": "published-proof-of-concept", "source": "Telegram/YEiFamPdgcqsNBKcTHrz6s6bZPTIwshB08cHvtzul5ZyUxA", "content": "", "creation_timestamp": "2025-06-30T21:00:03.000000Z"}, {"uuid": "c2ad45ff-ba38-4099-9918-882d70b9b7a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25869", "type": "seen", "source": "https://t.me/cibsecurity/46375", "content": "\u203c CVE-2022-25869 \u203c\n\nAll versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of  elements.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-16T00:20:41.000000Z"}, {"uuid": "3a11465b-e126-49ad-bf03-b9ddde39b356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25860", "type": "seen", "source": "https://t.me/cibsecurity/56953", "content": "\u203c CVE-2022-25860 \u203c\n\nVersions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:34:06.000000Z"}, {"uuid": "8389a537-8d2a-460b-9b6b-647d83487ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "published-proof-of-concept", "source": "Telegram/izShTurh2ZI2RvRqsY3N1UKFCyACLPLVSKabNZ9ZjbuVFWk", "content": "", "creation_timestamp": "2022-09-11T12:04:18.000000Z"}, {"uuid": "ad334f5e-64d2-401d-8dd2-e9b9b42f9b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "seen", "source": "https://t.me/true_secator/5890", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Positive Technologies \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u0438\u0437\u0430\u0446\u0438\u0438 ExCobalt \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u043c \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043d\u043e\u0432\u043e\u0433\u043e \u0431\u044d\u043a\u0434\u043e\u0440\u0430 GoRed \u043d\u0430 \u0431\u0430\u0437\u0435 Golang.\n\n\u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 ExCobalt \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d\u0430 \u043d\u0430 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435 \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u043e\u0432, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 2016 \u0433\u043e\u0434\u0430, \u0438\u0437 \u0447\u0438\u0441\u043b\u0430, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0431\u044b\u0432\u0448\u0438\u0445 \u0447\u043b\u0435\u043d\u043e\u0432 \u0431\u0430\u043d\u0434\u044b Cobalt.\n\nCobalt\u00a0\u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f\u00a0\u0441 \u0446\u0435\u043b\u044c\u044e \u043a\u0440\u0430\u0436\u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432, \u043e\u0442\u043b\u0438\u0447\u0430\u044f\u0441\u044c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 CobInt, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u0432 2022 \u0433\u043e\u0434\u0443.\n\n\u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0433\u043e\u0434 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u044f\u0442\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0420\u0424 \u0430\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0441\u0435\u043a\u0442\u043e\u0440\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0433\u043e\u0441\u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438, \u043c\u0435\u0442\u0430\u043b\u043b\u0443\u0440\u0433\u0438\u044e, \u0433\u043e\u0440\u043d\u043e\u0434\u043e\u0431\u044b\u0432\u0430\u044e\u0449\u0443\u044e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0438 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0440\u0435\u0434\u0430\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a\u0430\u00a0\u0438 \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u0447\u0442\u043e \u043e\u0442\u0440\u0430\u0436\u0430\u0435\u0442 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439.\n\n\u041c\u0435\u0442\u043e\u0434\u043e\u043b\u043e\u0433\u0438\u044f \u0440\u0430\u0431\u043e\u0442\u044b ExCobalt \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Metasploit, Mimikatz, ProcDump, SMBExec, Spark RAT\u00a0\u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u0430\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 EoP-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0434\u043b\u044f Linux (CVE-2019-13272, CVE-2021-3156, CVE-2021- 4034 \u0438 CVE-2022-2586).\n\n\u041f\u0440\u0435\u0442\u0435\u0440\u043f\u0435\u0432\u0448\u0438\u0439 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u0441\u0432\u043e\u0435\u0433\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f GoRed \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u0445, \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u0445 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445.\n\n\u041e\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 RPC \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u0438 \u0441 C2.\n\n\u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043e\u043d \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0440\u044f\u0434 \u0444\u043e\u043d\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0443\u044e\u0449\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u0430\u0440\u043e\u043b\u0435\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438. \u0421\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u0442\u0435\u043c \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443, \u043f\u043e\u0434\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443.\n\nExCobalt \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u044f \u0432 \u0441\u0432\u043e\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b \u043d\u043e\u0432\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u0443\u044f \u043c\u0435\u0442\u043e\u0434\u044b.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c GoRed\u00a0\u043f\u0440\u0438\u043e\u0431\u0440\u0435\u0442\u0430\u0435\u0442 \u0432\u0441\u0435 \u043d\u043e\u0432\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e \u0441\u0431\u043e\u0440\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432\u044b, \u043f\u043e\u0432\u044b\u0448\u0430\u044f \u0441\u043a\u0440\u044b\u0442\u043d\u043e\u0441\u0442\u044c \u043a\u0430\u043a \u0432\u043d\u0443\u0442\u0440\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0442\u0430\u043a \u0438 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438 \u0441 C2.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, ExCobalt \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442 \u0433\u0438\u0431\u043a\u043e\u0441\u0442\u044c \u0438 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0434\u043e\u043f\u043e\u043b\u043d\u044f\u044f \u0441\u0432\u043e\u0439 \u043d\u0430\u0431\u043e\u0440 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u043c\u0438 \u0443\u0442\u0438\u043b\u0438\u0442\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u044e\u0442 \u0433\u0440\u0443\u043f\u043f\u0435 \u043b\u0435\u0433\u043a\u043e \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u0438 \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043a \u0435\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c, \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044f \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0435 \u043f\u043e\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0441\u043b\u0430\u0431\u044b\u0445 \u0441\u0442\u043e\u0440\u043e\u043d \u0436\u0435\u0440\u0442\u0432\u044b.", "creation_timestamp": "2024-06-24T14:33:41.000000Z"}, {"uuid": "a30a500e-02da-4f05-9813-ce6d067629ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "seen", "source": "https://t.me/ctinow/164574", "content": "https://ift.tt/erSov7I\nCVE-2022-2586", "creation_timestamp": "2024-01-08T19:26:19.000000Z"}, {"uuid": "4ff62f1b-7308-44b6-9dbb-3213ac39a685", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25867", "type": "seen", "source": "https://t.me/cibsecurity/47406", "content": "\u203c CVE-2022-25867 \u203c\n\nThe package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T18:17:45.000000Z"}, {"uuid": "023fb8fe-4b48-4bde-a825-5cde20b73963", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25866", "type": "seen", "source": "https://t.me/cibsecurity/41409", "content": "\u203c CVE-2022-25866 \u203c\n\nThe package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T20:36:39.000000Z"}, {"uuid": "7c56daf0-3e2e-4c2e-ad5a-de2e86a701b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25863", "type": "seen", "source": "https://t.me/cibsecurity/44223", "content": "\u203c CVE-2022-25863 \u203c\n\nThe package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-11T00:34:49.000000Z"}, {"uuid": "03a41530-e4ba-460c-9cd1-f08e740044c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25865", "type": "seen", "source": "https://t.me/cibsecurity/42700", "content": "\u203c CVE-2022-25865 \u203c\n\nThe package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-14T00:27:26.000000Z"}, {"uuid": "597f7d21-ffdd-480b-a508-887cc8d68da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25862", "type": "seen", "source": "https://t.me/cibsecurity/42696", "content": "\u203c CVE-2022-25862 \u203c\n\nThis affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-14T00:27:22.000000Z"}, {"uuid": "e7a628b2-b0a6-4acc-968c-73e576a432e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2586", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7116", "content": "#exploit\n1. CVE-2022-43144:\nXSS vulnerability in Canteen Management System v.1.0\u00a0\nhttps://github.com/mudassiruddin/CVE-2022-43144-Stored-XSS\n\n2. CVE-2022-2586:\ngcc exploit.c -o exploit -lmnl -lnftnl -no-pie -lpthread\nhttps://github.com/sniper404ghostxploit/CVE-2022-2586", "creation_timestamp": "2022-11-07T11:00:17.000000Z"}]}