Weekly Vulnerabilities Reports > August 1 to 7, 2022

Overview

46 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 72 products from 31 vendors including Samsung, Fedoraproject, Debian, Omicard EDM Project, and Openzeppelin. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Path Traversal", "SQL Injection", "Exposure of Resource to Wrong Sphere", and "Use After Free".

  • 33 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 30 reported vulnerabilities are exploitable by an anonymous user.
  • Samsung has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Debian has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-07 CVE-2022-37452 Exim
Debian
Out-of-bounds Write vulnerability in multiple products

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

9.8
2022-08-05 CVE-2022-26376 Asus
Asuswrt Merlin
Out-of-bounds Write vulnerability in multiple products

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7..

9.8
2022-08-05 CVE-2022-27631 DD WRT Out-of-bounds Write vulnerability in Dd-Wrt

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599.

9.8
2022-08-05 CVE-2022-28664 Freshtomato Out-of-bounds Write vulnerability in Freshtomato 2022.1

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1.

9.8
2022-08-05 CVE-2022-28665 Freshtomato Out-of-bounds Write vulnerability in Freshtomato 2022.1

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1.

9.8
2022-08-05 CVE-2022-37434 Zlib
Fedoraproject
Debian
Netapp
Apple
Out-of-bounds Write vulnerability in multiple products

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.

9.8
2022-08-04 CVE-2022-25168 Apache Argument Injection or Modification vulnerability in Apache Hadoop

Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell.

9.8
2022-08-04 CVE-2022-32964 Omicard EDM Project SQL Injection vulnerability in Omicard EDM Project Omicard EDM

OMICARD EDM’s API function has insufficient validation for user input.

9.8
2022-08-04 CVE-2022-32965 Omicard EDM Project Use of Hard-coded Credentials vulnerability in Omicard EDM Project Omicard EDM

OMICARD EDM has a hard-coded machine key.

9.8
2022-08-04 CVE-2022-2651 Joinbookwyrm Authentication Bypass by Primary Weakness vulnerability in Joinbookwyrm Bookwyrm

Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.

9.8
2022-08-03 CVE-2022-32292 Intel
Debian
Out-of-bounds Write vulnerability in multiple products

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

9.8
2022-08-02 CVE-2022-35223 Easyuse Deserialization of Untrusted Data vulnerability in Easyuse Mailhunter Ultimate 2020

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability.

9.8
2022-08-01 CVE-2022-31188 Cvat Server-Side Request Forgery (SSRF) vulnerability in Cvat

CVAT is an opensource interactive video and image annotation tool for computer vision.

9.8
2022-08-01 CVE-2022-27255 Realtek Improper Input Validation vulnerability in Realtek Ecos Msdk Firmware and Ecos Rsdk Firmware

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow.

9.8

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-03 CVE-2022-36359 Djangoproject
Debian
Download of Code Without Integrity Check vulnerability in multiple products

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7.

8.8
2022-08-05 CVE-2022-1012 Linux Memory Leak vulnerability in Linux Kernel

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size.

8.2
2022-08-03 CVE-2022-32293 Intel
Debian
Use After Free vulnerability in multiple products

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

8.1
2022-08-03 CVE-2022-31197 Postgresql
Debian
Fedoraproject
SQL Injection vulnerability in multiple products

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code.

8.0
2022-08-05 CVE-2022-36833 Samsung Improper Privilege Management vulnerability in Samsung Gameoptimizingservice

Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.

7.8
2022-08-05 CVE-2022-36840 Samsung Uncontrolled Search Path Element vulnerability in Samsung Update

DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.

7.8
2022-08-06 CVE-2022-37451 Exim
Fedoraproject
Release of Invalid Pointer or Reference vulnerability in multiple products

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

7.5
2022-08-04 CVE-2022-32963 Omicard EDM Project Path Traversal vulnerability in Omicard EDM Project Omicard EDM

OMICARD EDM’s mail file relay function has a path traversal vulnerability.

7.5
2022-08-04 CVE-2022-35216 Omicard EDM Project Path Traversal vulnerability in Omicard EDM Project Omicard EDM

OMICARD EDM’s mail image relay function has a path traversal vulnerability.

7.5
2022-08-03 CVE-2022-35737 Sqlite
Netapp
Improper Validation of Array Index vulnerability in multiple products

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

7.5
2022-08-01 CVE-2022-35922 Rust Websocket Project
Fedoraproject
Resource Exhaustion vulnerability in multiple products

Rust-WebSocket is a WebSocket (RFC6455) library written in Rust.

7.5
2022-08-01 CVE-2022-31198 Openzeppelin Incorrect Calculation vulnerability in Openzeppelin Contracts and Contracts Upgradeable

OpenZeppelin Contracts is a library for secure smart contract development.

7.5
2022-08-02 CVE-2022-29154 Samba
Fedoraproject
Missing Authorization vulnerability in multiple products

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers.

7.4
2022-08-05 CVE-2022-1973 Linux
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.

7.1

16 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-01 CVE-2022-35918 Streamlit Path Traversal vulnerability in Streamlit

Streamlit is a data oriented application development framework for python.

6.5
2022-08-01 CVE-2022-30698 Nlnetlabs
Fedoraproject
Insufficient Session Expiration vulnerability in multiple products

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack.

6.5
2022-08-01 CVE-2022-30699 Nlnetlabs
Fedoraproject
Insufficient Session Expiration vulnerability in multiple products

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack.

6.5
2022-08-01 CVE-2022-2370 Yaycommerce Exposure of Resource to Wrong Sphere vulnerability in Yaycommerce Yaysmtp

The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them

6.5
2022-08-05 CVE-2022-2497 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1.

6.4
2022-08-05 CVE-2022-36829 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Charm Firmware

PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.

5.5
2022-08-05 CVE-2022-36830 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Charm Firmware

PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.

5.5
2022-08-05 CVE-2022-36831 Samsung Path Traversal vulnerability in Samsung Notes

Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission.

5.5
2022-08-05 CVE-2022-36836 Samsung Missing Authorization vulnerability in Samsung Charm Firmware

Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission.

5.5
2022-08-05 CVE-2022-36837 Samsung Unspecified vulnerability in Samsung Email

Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information.

5.5
2022-08-05 CVE-2022-36839 Samsung SQL Injection vulnerability in Samsung Checkout

SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.

5.5
2022-08-01 CVE-2022-2598 VIM
Debian
Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.
5.5
2022-08-01 CVE-2022-35915 Openzeppelin Resource Exhaustion vulnerability in Openzeppelin products

OpenZeppelin Contracts is a library for secure smart contract development.

5.3
2022-08-01 CVE-2022-35916 Openzeppelin Incorrect Resource Transfer Between Spheres vulnerability in Openzeppelin Contracts and Contracts Upgradeable

OpenZeppelin Contracts is a library for secure smart contract development.

5.3
2022-08-01 CVE-2022-0598 Login With Phone Number Project Cross-site Scripting vulnerability in Login With Phone Number Project Login With Phone Number

The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-08-05 CVE-2022-36838 Samsung Unspecified vulnerability in Samsung Galaxy Wearable

Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.

4.6

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-05 CVE-2022-36832 Samsung Improper Privilege Management vulnerability in Samsung Cameralyzer 3.2.0/3.3.0/3.4.0

Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.

3.3
2022-08-05 CVE-2022-36835 Samsung Unspecified vulnerability in Samsung Internet Browser

Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.

3.3