Weekly Vulnerabilities Reports > July 18 to 24, 2022

Overview

61 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 42 high severity vulnerabilities. This weekly summary report vulnerabilities in 76 products from 32 vendors including Google, Debian, Gstreamer Project, Fedoraproject, and Linux. Vulnerabilities are notably categorized as "Use After Free", "Out-of-bounds Write", "Exposure of Resource to Wrong Sphere", "Integer Overflow or Wraparound", and "NULL Pointer Dereference".

  • 42 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 50 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-22 CVE-2022-34115 Dataease Project Unrestricted Upload of File with Dangerous Type vulnerability in Dataease Project Dataease 1.11.1

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.

9.8
2022-07-22 CVE-2022-2143 Advantech Command Injection vulnerability in Advantech Iview

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.

9.8
2022-07-19 CVE-2022-24082 Pega Deserialization of Untrusted Data vulnerability in Pega Infinity

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system.

9.8
2022-07-19 CVE-2022-35405 Zohocorp Unspecified vulnerability in Zohocorp products

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution.

9.8
2022-07-21 CVE-2022-0973 Google Use After Free vulnerability in Google Chrome

Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.6
2022-07-21 CVE-2022-0977 Google Use After Free vulnerability in Google Chrome

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

9.6

42 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-23 CVE-2022-1096 Google Type Confusion vulnerability in Google Chrome

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-23 CVE-2022-1125 Google Use After Free vulnerability in Google Chrome

Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

8.8
2022-07-23 CVE-2022-1127 Google Use After Free vulnerability in Google Chrome

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

8.8
2022-07-23 CVE-2022-1131 Google Use After Free vulnerability in Google Chrome

Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-23 CVE-2022-1133 Google Use After Free vulnerability in Google Chrome

Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-23 CVE-2022-1134 Google Type Confusion vulnerability in Google Chrome

Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-23 CVE-2022-1135 Google Use After Free vulnerability in Google Chrome

Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction.

8.8
2022-07-23 CVE-2022-1136 Google Use After Free vulnerability in Google Chrome

Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures.

8.8
2022-07-22 CVE-2022-0978 Google Use After Free vulnerability in Google Chrome

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-22 CVE-2022-0979 Google Use After Free vulnerability in Google Chrome

Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-22 CVE-2022-0980 Google Use After Free vulnerability in Google Chrome

Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions.

8.8
2022-07-21 CVE-2022-0971 Google Use After Free vulnerability in Google Chrome

Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-21 CVE-2022-0972 Google Use After Free vulnerability in Google Chrome

Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-21 CVE-2022-0974 Google Use After Free vulnerability in Google Chrome

Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-21 CVE-2022-0975 Google Use After Free vulnerability in Google Chrome

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-21 CVE-2022-0976 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-19 CVE-2022-31144 Redis Heap-based Buffer Overflow vulnerability in Redis

Redis is an in-memory database that persists on disk.

8.8
2022-07-18 CVE-2022-26117 Fortinet Weak Password Requirements vulnerability in Fortinet Fortinac

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.

8.8
2022-07-18 CVE-2022-33891 Apache Command Injection vulnerability in Apache Spark

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable.

8.8
2022-07-19 CVE-2022-21571 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

8.2
2022-07-23 CVE-2022-1130 Google NULL Pointer Dereference vulnerability in Google Chrome

Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.

8.1
2022-07-22 CVE-2022-31163 Tzinfo Project
Debian
Relative Path Traversal vulnerability in multiple products

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules.

8.1
2022-07-19 CVE-2022-2469 GNU
Debian
Out-of-bounds Read vulnerability in multiple products

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

8.1
2022-07-24 CVE-2017-20144 Anvsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Anvsoft PDF Converter 1.7.5.0

A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1.7.5.0 and classified as critical.

7.8
2022-07-24 CVE-2021-46829 Gnome
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame.

7.8
2022-07-22 CVE-2022-2327 Linux Double Free vulnerability in Linux Kernel

io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP.

7.8
2022-07-21 CVE-2022-35899 Asus Unquoted Search Path or Element vulnerability in Asus Aura Ready Game Software Development KIT 1.0.0.4

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4.

7.8
2022-07-20 CVE-2022-31250 Opensuse Link Following vulnerability in Opensuse Tumbleweed 2.6.24.2

A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root.

7.8
2022-07-19 CVE-2022-1920 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files.

7.8
2022-07-19 CVE-2022-1921 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files.

7.8
2022-07-19 CVE-2022-1922 Gstreamer Project
Debian
Out-of-bounds Write vulnerability in multiple products

DOS / potential heap overwrite in mkv demuxing using zlib decompression.

7.8
2022-07-19 CVE-2022-1923 Gstreamer Project
Debian
Out-of-bounds Write vulnerability in multiple products

DOS / potential heap overwrite in mkv demuxing using bzip decompression.

7.8
2022-07-19 CVE-2022-1924 Gstreamer Project
Debian
Out-of-bounds Write vulnerability in multiple products

DOS / potential heap overwrite in mkv demuxing using lzo decompression.

7.8
2022-07-19 CVE-2022-1925 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression.

7.8
2022-07-19 CVE-2022-2122 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

DOS / potential heap overwrite in qtdemux using zlib decompression.

7.8
2022-07-19 CVE-2022-30526 Zyxel Improper Privilege Management vulnerability in Zyxel products

A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.

7.8
2022-07-20 CVE-2022-34046 Wavlink Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].

7.5
2022-07-20 CVE-2022-34047 Wavlink Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].

7.5
2022-07-20 CVE-2021-46828 Libtirpc Project
Debian
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled.

7.5
2022-07-19 CVE-2022-34169 Apache
Debian
Oracle
Fedoraproject
Netapp
Azul
Incorrect Conversion between Numeric Types vulnerability in multiple products

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets.

7.5
2022-07-18 CVE-2022-34027 F5 Unspecified vulnerability in F5 NJS 0.7.4

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.

7.5
2022-07-18 CVE-2020-16093 Lemonldap NG
Debian
Improper Certificate Validation vulnerability in multiple products

In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.

7.5

13 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-18 CVE-2021-33656 Huawei
Linux
Debian
Out-of-bounds Write vulnerability in multiple products

When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.

6.8
2022-07-18 CVE-2021-33655 Linux
Debian
Out-of-bounds Write vulnerability in multiple products

When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.

6.7
2022-07-23 CVE-2022-1128 Google Exposure of Resource to Wrong Sphere vulnerability in Google Chrome

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.

6.5
2022-07-23 CVE-2022-1129 Google Authentication Bypass by Spoofing vulnerability in Google Chrome

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5
2022-07-23 CVE-2022-1137 Google Exposure of Resource to Wrong Sphere vulnerability in Google Chrome

Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.

6.5
2022-07-23 CVE-2022-1138 Google Exposure of Resource to Wrong Sphere vulnerability in Google Chrome

Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5
2022-07-23 CVE-2022-1139 Google Exposure of Resource to Wrong Sphere vulnerability in Google Chrome

Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5
2022-07-21 CVE-2022-31151 Nodejs Open Redirect vulnerability in Nodejs Undici

Authorization headers are cleared on cross-origin redirect.

6.5
2022-07-19 CVE-2022-31150 Nodejs CRLF Injection vulnerability in Nodejs Undici

undici is an HTTP/1.1 client, written from scratch for Node.js.

6.5
2022-07-23 CVE-2022-1132 Google Incorrect Authorization vulnerability in Google Chrome

Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.

6.1
2022-07-20 CVE-2022-31160 Jqueryui
Netapp
Drupal
Fedoraproject
Debian
Cross-site Scripting vulnerability in multiple products

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery.

6.1
2022-07-21 CVE-2022-36313 File Type Project Infinite Loop vulnerability in File-Type Project File-Type

An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js.

5.5
2022-07-19 CVE-2022-2476 Wavpack
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access.

5.5

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS