Weekly Vulnerabilities Reports > August 22 to 28, 2022

Overview

66 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 349 products from 42 vendors including Redhat, Fedoraproject, Debian, Apple, and Netapp. Vulnerabilities are notably categorized as "Use After Free", "Out-of-bounds Write", "Link Following", "Improper Authentication", and "Out-of-bounds Read".

  • 30 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 40 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-24 CVE-2022-32839 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved bounds checks.

9.8
2022-08-22 CVE-2022-38667 Crowcpp Use After Free vulnerability in Crowcpp Crow

HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used.

9.8

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-25 CVE-2022-20824 Cisco Out-of-bounds Write vulnerability in Cisco products

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device.

8.8
2022-08-25 CVE-2021-25642 Apache Deserialization of Untrusted Data vulnerability in Apache Hadoop

ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation.

8.8
2022-08-25 CVE-2022-36804 Atlassian Command Injection vulnerability in Atlassian Bitbucket

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.

8.8
2022-08-24 CVE-2022-32893 Apple
Fedoraproject
Debian
Webkitgtk
Wpewebkit
Out-of-bounds Write vulnerability in multiple products

An out-of-bounds write issue was addressed with improved bounds checking.

8.8
2022-08-24 CVE-2022-36633 Goteleport Command Injection vulnerability in Goteleport Teleport

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution.

8.8
2022-08-25 CVE-2021-3929 Qemu
Fedoraproject
Use After Free vulnerability in multiple products

A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU.

8.2
2022-08-26 CVE-2022-29850 Lexmark Improper Input Validation vulnerability in Lexmark products

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.

8.1
2022-08-25 CVE-2021-43766 Odyssey Project Improper Certificate Validation vulnerability in Odyssey Project Odyssey 1.1

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

8.1
2022-08-25 CVE-2020-27796 UPX Project Out-of-bounds Read vulnerability in UPX Project UPX 4.0.0

A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

7.8
2022-08-25 CVE-2022-0135 Virglrenderer Project
Redhat
Out-of-bounds Write vulnerability in multiple products

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer).

7.8
2022-08-24 CVE-2022-32811 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Macos

A memory corruption vulnerability was addressed with improved locking.

7.8
2022-08-24 CVE-2022-32812 Apple Unspecified vulnerability in Apple mac OS X and Macos

The issue was addressed with improved memory handling.

7.8
2022-08-24 CVE-2022-32813 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

7.8
2022-08-24 CVE-2022-32837 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

7.8
2022-08-24 CVE-2022-32894 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

7.8
2022-08-24 CVE-2021-3999 GNU
Debian
Netapp
Off-by-one Error vulnerability in multiple products

A flaw was found in glibc.

7.8
2022-08-24 CVE-2021-4037 Linux
Debian
Improper Access Control vulnerability in multiple products

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group.

7.8
2022-08-23 CVE-2022-31676 Vmware
Debian
Fedoraproject
Netapp
Improper Privilege Management vulnerability in multiple products

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability.

7.8
2022-08-23 CVE-2022-2946 VIM
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to 9.0.0246.

7.8
2022-08-23 CVE-2021-23177 Libarchive
Fedoraproject
Redhat
Debian
Link Following vulnerability in multiple products

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link.

7.8
2022-08-23 CVE-2021-31566 Libarchive
Fedoraproject
Redhat
Debian
Link Following vulnerability in multiple products

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive.

7.8
2022-08-22 CVE-2022-38171 Xpdfreader
Freedesktop
Integer Overflow or Wraparound vulnerability in multiple products

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc).

7.8
2022-08-26 CVE-2021-3632 Redhat Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On

A flaw was found in Keycloak.

7.5
2022-08-26 CVE-2021-3859 Redhat Information Exposure Through Process Environment vulnerability in Redhat Jboss Enterprise Application Platform and Undertow

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2.

7.5
2022-08-25 CVE-2022-2255 Modwsgi
Debian
Insufficient Verification of Data Authenticity vulnerability in multiple products

A vulnerability was found in mod_wsgi.

7.5
2022-08-24 CVE-2021-3998 GNU
Netapp
Out-of-bounds Read vulnerability in multiple products

A flaw was found in glibc.

7.5
2022-08-24 CVE-2022-27812 Stormshield Resource Exhaustion vulnerability in Stormshield Network Security

Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.

7.5
2022-08-23 CVE-2021-20304 Openexr Integer Overflow or Wraparound vulnerability in Openexr

A flaw was found in OpenEXR's hufDecode functionality.

7.5
2022-08-23 CVE-2021-3800 Gnome
Debian
Netapp
Information Exposure vulnerability in multiple products

A flaw was found in glib before version 2.63.6.

7.5
2022-08-22 CVE-2022-38668 Crowcpp Information Exposure vulnerability in Crowcpp Crow 1.0+4

HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB.

7.5
2022-08-26 CVE-2021-3563 Openstack
Debian
Redhat
Incorrect Authorization vulnerability in multiple products

A flaw was found in openstack-keystone.

7.4
2022-08-23 CVE-2021-28861 Python
Fedoraproject
Open Redirect vulnerability in multiple products

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.

7.4

30 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-23 CVE-2021-3827 Redhat Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed.

6.8
2022-08-26 CVE-2021-35939 RPM
Redhat
Link Following vulnerability in multiple products

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created.

6.7
2022-08-25 CVE-2021-35938 RPM
Fedoraproject
Redhat
Link Following vulnerability in multiple products

A symbolic link issue was found in rpm.

6.7
2022-08-24 CVE-2021-4178 Redhat Deserialization of Untrusted Data vulnerability in Redhat products

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above.

6.7
2022-08-25 CVE-2021-3979 Redhat
Fedoraproject
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

A key length flaw was found in Red Hat Ceph Storage.

6.5
2022-08-24 CVE-2021-4209 GNU
Redhat
Netapp
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer dereference flaw was found in GnuTLS.

6.5
2022-08-23 CVE-2021-3975 Redhat
Canonical
Fedoraproject
Debian
Use After Free vulnerability in multiple products

A use-after-free flaw was found in libvirt.

6.5
2022-08-23 CVE-2022-37428 Powerdns
Fedoraproject
Incomplete Cleanup vulnerability in multiple products

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.

6.5
2022-08-25 CVE-2021-35937 RPM
Redhat
Fedoraproject
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

A race condition vulnerability was found in rpm.

6.4
2022-08-26 CVE-2021-3427 Deluge Torrent Cross-site Scripting vulnerability in Deluge-Torrent Deluge

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file.

6.1
2022-08-23 CVE-2022-35278 Apache Cross-site Scripting vulnerability in Apache Activemq Artemis

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

6.1
2022-08-27 CVE-2022-38791 Mariadb
Fedoraproject
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
5.5
2022-08-26 CVE-2022-0171 Linux
Redhat
Debian
Incomplete Cleanup vulnerability in multiple products

A flaw was found in the Linux kernel.

5.5
2022-08-26 CVE-2022-0175 Virglrenderer Project
Redhat
Missing Initialization of Resource vulnerability in multiple products

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer).

5.5
2022-08-26 CVE-2022-38533 GNU
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

5.5
2022-08-24 CVE-2022-32834 Apple Unspecified vulnerability in Apple mac OS X and Macos

An access issue was addressed with improvements to the sandbox.

5.5
2022-08-24 CVE-2022-32838 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

5.5
2022-08-24 CVE-2021-4214 Libpng
Debian
Netapp
Classic Buffer Overflow vulnerability in multiple products

A heap overflow flaw was found in libpngs' pngimage.c program.

5.5
2022-08-23 CVE-2021-3995 Kernel
Fedoraproject
Files or Directories Accessible to External Parties vulnerability in multiple products

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem.

5.5
2022-08-23 CVE-2021-3996 Kernel
Fedoraproject
Files or Directories Accessible to External Parties vulnerability in multiple products

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem.

5.5
2022-08-23 CVE-2021-3997 Systemd Project
Fedoraproject
Redhat
Uncontrolled Recursion vulnerability in multiple products

A flaw was found in systemd.

5.5
2022-08-23 CVE-2020-35509 Redhat Improper Certificate Validation vulnerability in Redhat Keycloak 11.0.3/12.0.0

A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0.

5.4
2022-08-24 CVE-2021-4189 Python
Debian
Redhat
Netapp
Unchecked Return Value vulnerability in multiple products

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode.

5.3
2022-08-23 CVE-2022-35242 59Sec Permissions, Privileges, and Access Controls vulnerability in 59Sec the Leads Management System: 59Sec Lite 3.4.1

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.

5.3
2022-08-22 CVE-2022-2552 Snapcreek Improper Authentication vulnerability in Snapcreek Duplicator

The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

5.3
2022-08-22 CVE-2021-3521 RPM Improper Verification of Cryptographic Signature vulnerability in RPM

There is a flaw in RPM's signature functionality.

4.7
2022-08-26 CVE-2022-0216 Qemu
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU.

4.4
2022-08-24 CVE-2021-4159 Linux
Redhat
Debian
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.
4.4
2022-08-27 CVE-2022-2787 Debian Improper Preservation of Permissions vulnerability in Debian Linux and Schroot

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

4.3
2022-08-24 CVE-2022-32857 Apple Unspecified vulnerability in Apple products

This issue was addressed by using HTTPS when sending information over the network.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-26 CVE-2021-3574 Imagemagick
Fedoraproject
Memory Leak vulnerability in multiple products

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.

3.3
2022-08-24 CVE-2021-4217 Unzip Project
Fedoraproject
Redhat
NULL Pointer Dereference vulnerability in multiple products

A flaw was found in unzip.

3.3