{"vulnerability": "CVE-2022-3298", "sightings": [{"uuid": "54f453f8-b627-4c6d-a71d-07b9f4bf3cc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3298", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17132", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3298\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.\n\ud83d\udccf Published: 2022-09-26T22:00:14.000Z\n\ud83d\udccf Modified: 2025-05-21T15:33:10.100Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/f9fedf94-41c9-49c4-8552-e407123a44e7\n2. https://github.com/ikus060/rdiffweb/commit/626cca1b75b6c587afd4241a9692e8929b1921a5", "creation_timestamp": "2025-05-21T15:42:09.000000Z"}, {"uuid": "93e37757-bc0f-4dba-a6f9-45560826cfe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3298", "type": "seen", "source": "https://t.me/cibsecurity/50526", "content": "\u203c CVE-2022-3298 \u203c\n\nAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-27T02:22:54.000000Z"}, {"uuid": "1995da38-550f-4ae0-a065-a8735d31a899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32983", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/4724", "content": "\u0413\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 \u041a\u0430\u043b\u0438\u0444\u043e\u0440\u043d\u0438\u0439\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0432 \u0418\u0440\u0432\u0438\u043d\u0435 \u0438 \u0423\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0426\u0438\u043d\u0445\u0443\u0430 \u043d\u0430 Black Hat 2023 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u043e\u0432\u0443\u044e \u043c\u043e\u0449\u043d\u0443\u044e \u0430\u0442\u0430\u043a\u0443 MaginotDNS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0441\u043b\u043e\u0432\u043d\u044b\u0445 DNS (CDNS) \u0438 \u043c\u043e\u0436\u0435\u0442 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0446\u0435\u043b\u044b\u0435 \u0434\u043e\u043c\u0435\u043d\u044b \u0432\u0435\u0440\u0445\u043d\u0435\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f TLD.\n\n\u0410\u0442\u0430\u043a\u0430 \u0441\u0442\u0430\u043b\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u044f\u043c \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043e\u043a \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u043e\u043c \u041f\u041e DNS \u0438 \u0440\u0435\u0436\u0438\u043c\u0430\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (\u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u044b\u0435 \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0432\u0430\u0442\u0435\u043b\u0438 \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u043a\u0438), \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u0440\u0435\u0442\u044c \u0432\u0441\u0435\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 CDNS.\n\n\u041a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u044f \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0432 \u043a\u0435\u0448 \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0432\u0430\u0442\u0435\u043b\u044f DNS, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0445\u043e\u0434\u044f\u0442 \u0432 \u0434\u043e\u043c\u0435\u043d, \u043d\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0435 IP-\u0430\u0434\u0440\u0435\u0441\u0430, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f \u0438\u0445 \u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u043c \u0431\u0435\u0437 \u0438\u0445 \u0432\u0435\u0434\u043e\u043c\u0430.\n\n\u041f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0433\u043e \u0442\u0438\u043f\u0430 (\u0430\u0442\u0430\u043a\u0430 \u041a\u0430\u0448\u043f\u0443\u0440\u0435\u0432\u0430 \u0432 1997 \u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0430 \u041a\u0430\u043c\u0438\u043d\u0441\u043a\u043e\u0433\u043e \u0432 2008) \u0431\u044b\u043b\u0438 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u044b \u043f\u0443\u0442\u0435\u043c \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0441\u0442\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u043b\u043e\u0436\u043d\u044b\u043c\u0438.\n\n\u041e\u0434\u043d\u0430\u043a\u043e MaginotDNS \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u044d\u0442\u0443 \u0437\u0430\u0449\u0438\u0442\u0443, \u0430\u0442\u0430\u043a\u0443\u044f \u0440\u0435\u0436\u0438\u043c \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u043a\u0438 CDNS \u043b\u0438\u0431\u043e \u043f\u043e \u043f\u0443\u0442\u0438, \u043b\u0438\u0431\u043e \u0432\u043d\u0435 \u043f\u0443\u0442\u0438.\n\n\u0420\u0435\u0437\u043e\u043b\u0432\u0435\u0440\u044b CDNS \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442 \u043a\u0430\u043a \u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u044b\u0439, \u0442\u0430\u043a \u0438 \u0440\u0435\u0436\u0438\u043c \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0438\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u0441\u043d\u0438\u0436\u0435\u043d\u0438\u044f \u0437\u0430\u0442\u0440\u0430\u0442 \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0434\u0435\u043a\u0432\u0430\u0442\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435, \u043e\u0434\u043d\u0430\u043a\u043e \u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u044b\u0439 \u043a\u0435\u0448 DNS, \u0430\u0442\u0430\u043a\u0430 \u043d\u0430 \u0440\u0435\u0436\u0438\u043c \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u043a\u0438 \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u043f\u0443\u0442\u044c \u043a \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430, \u043f\u043e \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443 \u043d\u0430\u0440\u0443\u0448\u0430\u044f \u0433\u0440\u0430\u043d\u0438\u0446\u0443 \u0437\u0430\u0449\u0438\u0442\u044b \u043a\u0435\u0448\u0430 DNS.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u044f \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u041f\u041e DNS, \u0432\u043a\u043b\u044e\u0447\u0430\u044f BIND9 (CVE-2021-25220), Knot Resolver (CVE-2022-32983), Microsoft DNS \u0438 Technitium (CVE-2021-43105).\n\n\u0414\u043b\u044f \u0431\u043e\u043b\u044c\u0448\u0435\u0439 \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0438\u0445 \u0432\u044b\u0432\u043e\u0434\u043e\u0432 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0443 MaginotDNS \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 Microsoft DNS \u043d\u0430 \u0432\u0438\u0434\u0435\u043e.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u044d\u0442\u043e\u0433\u043e, \u0432 \u0445\u043e\u0434\u0435 \u043f\u0440\u0435\u0437\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u0440\u044b \u0430\u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0430 \u043f\u0443\u0442\u0438, \u0442\u0430\u043a \u0438 \u0432\u043d\u0435 \u043f\u0443\u0442\u0438, \u043f\u0440\u0438\u0447\u0435\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u0441\u043b\u043e\u0436\u043d\u044b\u043c\u0438, \u043d\u043e \u0438 \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u0446\u0435\u043d\u043d\u044b\u043c\u0438 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u041f\u0440\u043e\u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0432 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u0443\u044e \u0441\u0435\u0442\u044c \u043e\u043d\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 1 200 000 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 DNS, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 154 955 - \u0441\u0435\u0440\u0432\u0435\u0440\u044b CDNS. \u0414\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e 54 949 \u0438\u0437 \u043d\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0430\u0442\u0430\u043a\u0430\u043c \u043d\u0430 \u043f\u0443\u0442\u0438, \u0430 88,3% - \u0430\u0442\u0430\u043a\u0430\u043c \u0432\u043d\u0435 \u043f\u0443\u0442\u0438.\n\n\u0412\u0441\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0438 \u041f\u041e, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438, \u0430 Microsoft \u0434\u0430\u0436\u0435 \u043d\u0430\u0433\u0440\u0430\u0434\u0438\u043b\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0437\u0430 \u043e\u0442\u0447\u0435\u0442.", "creation_timestamp": "2023-08-14T13:43:15.000000Z"}, {"uuid": "04eca4eb-4f5d-4b93-aa8c-9e54db714744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32984", "type": "seen", "source": "https://t.me/cibsecurity/57233", "content": "\u203c CVE-2022-32984 \u203c\n\nBTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node are exposed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T00:13:31.000000Z"}, {"uuid": "e5e26da9-f7f4-4854-9ecb-0a400a7f4597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32983", "type": "seen", "source": "https://t.me/cibsecurity/44842", "content": "\u203c CVE-2022-32983 \u203c\n\nKnot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-20T20:26:39.000000Z"}, {"uuid": "ab801db7-2816-41f3-b959-864a64f7ce5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32987", "type": "seen", "source": "https://t.me/cibsecurity/45049", "content": "\u203c CVE-2022-32987 \u203c\n\nMultiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T22:36:06.000000Z"}, {"uuid": "fa43317a-eac3-409d-8c56-d62debe2a1a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32985", "type": "seen", "source": "https://t.me/cibsecurity/46407", "content": "\u203c CVE-2022-32985 \u203c\n\nlibnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T02:33:18.000000Z"}, {"uuid": "dfd05e92-6f1d-4b23-bb3b-27012eb3a337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32981", "type": "seen", "source": "https://t.me/cibsecurity/44220", "content": "\u203c CVE-2022-32981 \u203c\n\nAn issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-11T00:34:46.000000Z"}]}