{"vulnerability": "CVE-2022-3290", "sightings": [{"uuid": "9efaca1a-3894-42d3-b2d8-cbf701148cdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32903", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15052", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-32903\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.\n\ud83d\udccf Published: 2022-11-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-06T03:28:41.162Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213446\n2. https://support.apple.com/en-us/HT213486\n3. https://support.apple.com/en-us/HT213487", "creation_timestamp": "2025-05-06T04:20:26.000000Z"}, {"uuid": "2d7e8891-a200-48d9-b3b8-f7ac4be2034f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3290", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17198", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3290\n\ud83d\udd25 CVSS Score: 5.7 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.\n\ud83d\udccf Published: 2022-09-26T19:00:14.000Z\n\ud83d\udccf Modified: 2025-05-21T20:07:31.267Z\n\ud83d\udd17 References:\n1. https://github.com/ikus060/rdiffweb/commit/667657c6fe2b336c90be37f37fb92f65df4feee3\n2. https://huntr.dev/bounties/d8b8519d-96a5-484c-8141-624c54290bf5", "creation_timestamp": "2025-05-21T20:41:42.000000Z"}, {"uuid": "9f3c67b3-84b1-4590-8896-a7e84eecfe22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32909", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15193", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-32909\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data.\n\ud83d\udccf Published: 2022-11-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-06T19:04:14.416Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213446", "creation_timestamp": "2025-05-06T19:21:08.000000Z"}, {"uuid": "f4afa47f-96be-42a2-a463-0430aa2b7058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32907", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15191", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-32907\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.\n\ud83d\udccf Published: 2022-11-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-06T19:07:04.313Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213446\n2. https://support.apple.com/en-us/HT213486\n3. https://support.apple.com/en-us/HT213487\n4. http://packetstormsecurity.com/files/169930/AppleAVD-AppleAVDUserClient-decodeFrameFig-Memory-Corruption.html", "creation_timestamp": "2025-05-06T19:21:05.000000Z"}, {"uuid": "d28363ed-b7f7-41b0-9937-2754b1231c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32902", "type": "published-proof-of-concept", "source": "Telegram/hdiB1ZblQFjMQ-lNJr35JlnU2jQXaD9pHOSQrBi90Dfcx6E", "content": "", "creation_timestamp": "2023-07-07T11:53:10.000000Z"}, {"uuid": "08389e86-5f2e-412f-a20c-ad4ff62ef8f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32902", "type": "published-proof-of-concept", "source": "Telegram/07Ia1HA2mW7dpKf7v2YGxCautXo82rrihUV3gCFplIhIrA", "content": "", "creation_timestamp": "2023-06-07T06:16:38.000000Z"}, {"uuid": "f32208ae-897b-410b-8da8-0b91d75a3aa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3290", "type": "seen", "source": "https://t.me/cibsecurity/50525", "content": "\u203c CVE-2022-3290 \u203c\n\nImproper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-27T07:29:26.000000Z"}, {"uuid": "e17f47e8-87a3-4d9e-a108-18ea8d0cf95f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32902", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3628", "content": "\ud83d\udda5Dataleak:\n\n\ud83d\udd31Leak gabo hu : https://system32.ink/d/leak-gabo-hu/\n\n\ud83d\udd31Leak pay concord ua: https://system32.ink/d/leak-pay-concord-ua/\n\n\ud83d\udd31Leak Ashan Technologies : https://system32.ink/d/leak-ashan-technologies/\n\n\ud83d\udd31Leak aminter co th: https://system32.ink/d/leak-aminter-co-th/\n\n\ud83d\udd31Leak (ist.edu.pk)Institute_of_Space_Technology Pakistan : https://system32.ink/d/leak-ist-edu-pkinstitute_of_space_technology-pakistan/\n\n\ud83d\udda5Rats:\n\n\ud83d\udd31Nanocore 2023 Rat : https://system32.ink/d/nanocore-2023-rat/\n\n\ud83d\udda5Exploit:\n\n\ud83d\udd31CVE-2022-32902 PoC exploit : https://system32.ink/d/cve-2022-32902-poc-exploit/", "creation_timestamp": "2023-06-07T07:47:32.000000Z"}, {"uuid": "0acc1a94-eeb1-4938-ac8f-b9a172d5c604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32902", "type": "seen", "source": "https://t.me/cibsecurity/59052", "content": "\u203c CVE-2022-32902 \u203c\n\nA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-27T22:28:08.000000Z"}, {"uuid": "c60e8fa4-f49e-4e3f-8f3f-ef59b0344dd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32902", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8443", "content": "#exploit\n1. CVE-2023-33476:\nminidlna 1.3.2 heap buffer overflow vulnerability\nhttps://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html\n\n2. Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding\nhttps://github.com/ImageMagick/ImageMagick/issues/6338\n\n3. CVE-2022-32902:\nTCC-bypass in macOS\nhttps://github.com/jhftss/POC/tree/main/CVE-2022-32902\n]-> https://jhftss.github.io/CVE-2022-32902-Patch-One-Issue-and-Introduce-Two", "creation_timestamp": "2023-06-07T11:03:01.000000Z"}]}