Weekly Vulnerabilities Reports > July 18 to 24, 2022
Overview
61 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 42 high severity vulnerabilities. This weekly summary report vulnerabilities in 76 products from 32 vendors including Google, Debian, Gstreamer Project, Fedoraproject, and Linux. Vulnerabilities are notably categorized as "Use After Free", "Out-of-bounds Write", "Exposure of Resource to Wrong Sphere", "Integer Overflow or Wraparound", and "NULL Pointer Dereference".
- 42 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 50 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 25 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-22 | CVE-2022-34115 | Dataease Project | Unrestricted Upload of File with Dangerous Type vulnerability in Dataease Project Dataease 1.11.1 DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. | 9.8 |
2022-07-22 | CVE-2022-2143 | Advantech | Command Injection vulnerability in Advantech Iview The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | 9.8 |
2022-07-19 | CVE-2022-24082 | Pega | Deserialization of Untrusted Data vulnerability in Pega Infinity If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. | 9.8 |
2022-07-19 | CVE-2022-35405 | Zohocorp | Unspecified vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. | 9.8 |
2022-07-21 | CVE-2022-0973 | Use After Free vulnerability in Google Chrome Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.6 | |
2022-07-21 | CVE-2022-0977 | Use After Free vulnerability in Google Chrome Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 9.6 |
42 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-23 | CVE-2022-1096 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-23 | CVE-2022-1125 | Use After Free vulnerability in Google Chrome Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | 8.8 | |
2022-07-23 | CVE-2022-1127 | Use After Free vulnerability in Google Chrome Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | 8.8 | |
2022-07-23 | CVE-2022-1131 | Use After Free vulnerability in Google Chrome Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-23 | CVE-2022-1133 | Use After Free vulnerability in Google Chrome Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-23 | CVE-2022-1134 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-23 | CVE-2022-1135 | Use After Free vulnerability in Google Chrome Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. | 8.8 | |
2022-07-23 | CVE-2022-1136 | Use After Free vulnerability in Google Chrome Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures. | 8.8 | |
2022-07-22 | CVE-2022-0978 | Use After Free vulnerability in Google Chrome Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-22 | CVE-2022-0979 | Use After Free vulnerability in Google Chrome Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-22 | CVE-2022-0980 | Use After Free vulnerability in Google Chrome Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. | 8.8 | |
2022-07-21 | CVE-2022-0971 | Use After Free vulnerability in Google Chrome Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-21 | CVE-2022-0972 | Use After Free vulnerability in Google Chrome Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-21 | CVE-2022-0974 | Use After Free vulnerability in Google Chrome Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-21 | CVE-2022-0975 | Use After Free vulnerability in Google Chrome Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-21 | CVE-2022-0976 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-19 | CVE-2022-31144 | Redis | Heap-based Buffer Overflow vulnerability in Redis Redis is an in-memory database that persists on disk. | 8.8 |
2022-07-18 | CVE-2022-26117 | Fortinet | Weak Password Requirements vulnerability in Fortinet Fortinac An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. | 8.8 |
2022-07-18 | CVE-2022-33891 | Apache | Command Injection vulnerability in Apache Spark The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. | 8.8 |
2022-07-19 | CVE-2022-21571 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.2 |
2022-07-23 | CVE-2022-1130 | NULL Pointer Dereference vulnerability in Google Chrome Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. | 8.1 | |
2022-07-22 | CVE-2022-31163 | Tzinfo Project Debian | Relative Path Traversal vulnerability in multiple products TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. | 8.1 |
2022-07-19 | CVE-2022-2469 | GNU Debian | Out-of-bounds Read vulnerability in multiple products GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client | 8.1 |
2022-07-24 | CVE-2017-20144 | Anvsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Anvsoft PDF Converter 1.7.5.0 A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1.7.5.0 and classified as critical. | 7.8 |
2022-07-24 | CVE-2021-46829 | Gnome Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. | 7.8 |
2022-07-22 | CVE-2022-2327 | Linux | Double Free vulnerability in Linux Kernel io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. | 7.8 |
2022-07-21 | CVE-2022-35899 | Asus | Unquoted Search Path or Element vulnerability in Asus Aura Ready Game Software Development KIT 1.0.0.4 There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. | 7.8 |
2022-07-20 | CVE-2022-31250 | Opensuse | Link Following vulnerability in Opensuse Tumbleweed 2.6.24.2 A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. | 7.8 |
2022-07-19 | CVE-2022-1920 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. | 7.8 |
2022-07-19 | CVE-2022-1921 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. | 7.8 |
2022-07-19 | CVE-2022-1922 | Gstreamer Project Debian | Out-of-bounds Write vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using zlib decompression. | 7.8 |
2022-07-19 | CVE-2022-1923 | Gstreamer Project Debian | Out-of-bounds Write vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using bzip decompression. | 7.8 |
2022-07-19 | CVE-2022-1924 | Gstreamer Project Debian | Out-of-bounds Write vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using lzo decompression. | 7.8 |
2022-07-19 | CVE-2022-1925 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. | 7.8 |
2022-07-19 | CVE-2022-2122 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in qtdemux using zlib decompression. | 7.8 |
2022-07-19 | CVE-2022-30526 | Zyxel | Improper Privilege Management vulnerability in Zyxel products A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. | 7.8 |
2022-07-20 | CVE-2022-34046 | Wavlink | Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716 An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);]. | 7.5 |
2022-07-20 | CVE-2022-34047 | Wavlink | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. | 7.5 |
2022-07-20 | CVE-2021-46828 | Libtirpc Project Debian | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. | 7.5 |
2022-07-19 | CVE-2022-34169 | Apache Debian Oracle Fedoraproject Netapp Azul | Incorrect Conversion between Numeric Types vulnerability in multiple products The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. | 7.5 |
2022-07-18 | CVE-2022-34027 | F5 | Unspecified vulnerability in F5 NJS 0.7.4 Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. | 7.5 |
2022-07-18 | CVE-2020-16093 | Lemonldap NG Debian | Improper Certificate Validation vulnerability in multiple products In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 7.5 |
13 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-18 | CVE-2021-33656 | Huawei Linux Debian | Out-of-bounds Write vulnerability in multiple products When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. | 6.8 |
2022-07-18 | CVE-2021-33655 | Linux Debian | Out-of-bounds Write vulnerability in multiple products When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. | 6.7 |
2022-07-23 | CVE-2022-1128 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page. | 6.5 | |
2022-07-23 | CVE-2022-1129 | Authentication Bypass by Spoofing vulnerability in Google Chrome Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 | |
2022-07-23 | CVE-2022-1137 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. | 6.5 | |
2022-07-23 | CVE-2022-1138 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 | |
2022-07-23 | CVE-2022-1139 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 | |
2022-07-21 | CVE-2022-31151 | Nodejs | Open Redirect vulnerability in Nodejs Undici Authorization headers are cleared on cross-origin redirect. | 6.5 |
2022-07-19 | CVE-2022-31150 | Nodejs | CRLF Injection vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js. | 6.5 |
2022-07-23 | CVE-2022-1132 | Incorrect Authorization vulnerability in Google Chrome Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. | 6.1 | |
2022-07-20 | CVE-2022-31160 | Jqueryui Netapp Drupal Fedoraproject Debian | Cross-site Scripting vulnerability in multiple products jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. | 6.1 |
2022-07-21 | CVE-2022-36313 | File Type Project | Infinite Loop vulnerability in File-Type Project File-Type An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. | 5.5 |
2022-07-19 | CVE-2022-2476 | Wavpack Fedoraproject | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. | 5.5 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|