Weekly Vulnerabilities Reports > August 29 to September 4, 2022

Overview

77 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 312 products from 42 vendors including Debian, Redhat, Netapp, Fedoraproject, and Linux. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Use After Free", "Resource Exhaustion", "Out-of-bounds Read", and "NULL Pointer Dereference".

  • 40 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 51 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 20 reported vulnerabilities.
  • Apache has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-02 CVE-2022-25371 Apache Code Injection vulnerability in Apache Ofbiz

Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports.

9.8
2022-09-01 CVE-2020-35527 Sqlite
Netapp
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.

9.8
2022-08-31 CVE-2022-36201 Doctor S Appointment System Project SQL Injection vulnerability in Doctor'S Appointment System Project Doctor'S Appointment System 1.0

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.

9.8
2022-08-31 CVE-2022-21941 Johnsoncontrols Command Injection vulnerability in Johnsoncontrols Istar Ultra Firmware

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.

9.8

30 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-02 CVE-2022-39176 Bluez
Canonical
Debian
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
8.8
2022-09-02 CVE-2022-39177 Bluez
Canonical
Debian
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
8.8
2022-09-02 CVE-2022-39170 Libdwarf Project
Fedoraproject
Double Free vulnerability in multiple products

libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

8.8
2022-08-31 CVE-2022-1271 GNU
Redhat
Debian
Improper Input Validation vulnerability in multiple products

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility.

8.8
2022-08-31 CVE-2022-1552 Postgresql Incomplete Cleanup vulnerability in Postgresql

A flaw was found in PostgreSQL.

8.8
2022-08-30 CVE-2022-38118 Hgiga SQL Injection vulnerability in Hgiga Oaklouds Portal

OAKlouds Portal website’s Meeting Room has insufficient validation for user input.

8.8
2022-09-02 CVE-2022-31176 Grafana Information Exposure vulnerability in Grafana Grafana-Image-Renderer

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome).

8.1
2022-09-01 CVE-2022-36773 IBM
Netapp
XXE vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

8.1
2022-09-03 CVE-2022-3099 VIM
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to 9.0.0360.

7.8
2022-09-01 CVE-2022-2319 X ORG Unspecified vulnerability in X.Org Xorg-Server 21.1.0

A flaw was found in the Xorg-x11-server.

7.8
2022-09-01 CVE-2022-2320 X ORG Out-of-bounds Write vulnerability in X.Org Xorg-Server 21.1.0

A flaw was found in the Xorg-x11-server.

7.8
2022-08-31 CVE-2022-1976 Linux Use After Free vulnerability in Linux Kernel

A flaw was found in the Linux kernel’s implementation of IO-URING.

7.8
2022-08-30 CVE-2022-24106 Glyphandcog Integer Overflow or Wraparound vulnerability in Glyphandcog Xpdfreader

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

7.8
2022-08-30 CVE-2022-24107 Glyphandcog Integer Overflow or Wraparound vulnerability in Glyphandcog Xpdfreader

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.

7.8
2022-08-30 CVE-2022-38784 Freedesktop
Debian
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc).

7.8
2022-08-29 CVE-2022-0358 Qemu
Redhat
Improper Check for Dropped Privileges vulnerability in multiple products

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation.

7.8
2022-08-29 CVE-2022-0367 Libmodbus
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

7.8
2022-09-02 CVE-2020-29260 Libvncserver Project
Debian
Resource Exhaustion vulnerability in multiple products

libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

7.5
2022-09-01 CVE-2021-3826 GNU
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

7.5
2022-09-01 CVE-2022-2738 Redhat
Podman Project
Use After Free vulnerability in multiple products

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117.

7.5
2022-09-01 CVE-2022-30614 IBM
Netapp
Resource Exhaustion vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request.

7.5
2022-08-31 CVE-2022-1259 Redhat
Netapp
Resource Exhaustion vulnerability in multiple products

A flaw was found in Undertow.

7.5
2022-08-31 CVE-2022-1319 Redhat
Netapp
Unchecked Return Value vulnerability in multiple products

A flaw was found in Undertow.

7.5
2022-08-30 CVE-2022-25857 Snakeyaml Project
Debian
Resource Exhaustion vulnerability in multiple products

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

7.5
2022-08-30 CVE-2022-39028 GNU
MIT
Debian
NULL Pointer Dereference vulnerability in multiple products

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8.

7.5
2022-08-29 CVE-2022-37680 Hitachi Unspecified vulnerability in Hitachi Hc-Ip9100Hd Firmware 1.07

An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi.

7.5
2022-08-29 CVE-2022-37681 Hitachi Path Traversal vulnerability in Hitachi Hc-Ip9100Hd Firmware 1.07

Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi.

7.5
2022-08-29 CVE-2022-37177 Hirevue Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hirevue Hiring Platform

** DISPUTED ** HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm.

7.5
2022-09-01 CVE-2022-2996 Python Scciclient Project Improper Certificate Validation vulnerability in Python-Scciclient Project Python-Scciclient 0.11.0

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified.

7.4
2022-08-31 CVE-2022-3028 Linux
Fedoraproject
Debian
Improper Locking vulnerability in multiple products

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously.

7.0

42 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-01 CVE-2022-2447 Openstack
Redhat
Operation on a Resource after Expiration or Release vulnerability in multiple products

A flaw was found in Keystone.

6.6
2022-09-01 CVE-2022-1632 Redhat Improper Certificate Validation vulnerability in Redhat products

An Improper Certificate Validation attack was found in Openshift.

6.5
2022-09-01 CVE-2020-4301 IBM
Netapp
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.5
2022-09-01 CVE-2021-20468 IBM
Netapp
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.5
2022-09-01 CVE-2021-29823 IBM
Netapp
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.5
2022-09-01 CVE-2022-36449 ARM Use After Free vulnerability in ARM Bifrost, Midgard and Valhall

An issue was discovered in the Arm Mali GPU Kernel Driver.

6.5
2022-08-30 CVE-2022-2330 Mcafee XXE vulnerability in Mcafee Data Loss Prevention Endpoint

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.

6.5
2022-08-30 CVE-2021-46837 Asterisk
Digium
NULL Pointer Dereference vulnerability in multiple products

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk.

6.5
2022-08-29 CVE-2022-21385 Oracle Unspecified vulnerability in Oracle Linux

A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine.

6.2
2022-08-31 CVE-2022-1355 Libtiff
Fedoraproject
Redhat
Netapp
Stack-based Buffer Overflow vulnerability in multiple products

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function.

6.1
2022-08-30 CVE-2022-36747 Cobub Cross-site Scripting vulnerability in Cobub Razor 0.8.0

Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel().

6.1
2022-08-29 CVE-2022-36033 Jsoup
Netapp
Cross-site Scripting vulnerability in multiple products

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety.

6.1
2022-08-31 CVE-2022-2758 LS Electric Inadequate Encryption Strength vulnerability in Ls-Electric products

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co.

5.9
2022-09-02 CVE-2022-39190 Linux
Debian
Resource Exhaustion vulnerability in multiple products

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6.

5.5
2022-09-01 CVE-2022-38126 GNU Reachable Assertion vulnerability in GNU Binutils

Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service.

5.5
2022-09-01 CVE-2022-38127 GNU NULL Pointer Dereference vulnerability in GNU Binutils

A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.

5.5
2022-09-01 CVE-2022-38128 GNU Infinite Loop vulnerability in GNU Binutils

An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker.

5.5
2022-09-01 CVE-2021-39009 IBM
Netapp
Cleartext Storage of Sensitive Information vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user.

5.5
2022-09-01 CVE-2021-39045 IBM
Netapp
Exposure of Resource to Wrong Sphere vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields.

5.5
2022-09-01 CVE-2020-35530 Libraw
Debian
Out-of-bounds Write vulnerability in multiple products

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

5.5
2022-09-01 CVE-2020-35531 Libraw
Debian
Out-of-bounds Read vulnerability in multiple products

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

5.5
2022-09-01 CVE-2020-35532 Libraw
Debian
Out-of-bounds Read vulnerability in multiple products

In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.

5.5
2022-09-01 CVE-2022-3061 Linux
Debian
Divide By Zero vulnerability in multiple products

Found Linux Kernel flaw in the i740 driver.

5.5
2022-08-31 CVE-2022-1354 Libtiff
Fedoraproject
Redhat
Netapp
Out-of-bounds Read vulnerability in multiple products

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function.

5.5
2022-08-31 CVE-2022-2153 Linux
Fedoraproject
Redhat
Debian
NULL Pointer Dereference vulnerability in multiple products

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ.

5.5
2022-08-29 CVE-2022-1184 Linux
Redhat
Debian
Use After Free vulnerability in multiple products

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component.

5.5
2022-08-29 CVE-2022-2953 Libtiff
Netapp
Out-of-bounds Read vulnerability in multiple products

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2022-08-29 CVE-2022-35014 Advancemame Unspecified vulnerability in Advancemame Advancecomp 2.3

Advancecomp v2.3 contains a segmentation fault.

5.5
2022-08-29 CVE-2022-35015 Advancemame Out-of-bounds Write vulnerability in Advancemame Advancecomp 2.3

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.

5.5
2022-08-29 CVE-2022-35016 Advancemame Out-of-bounds Write vulnerability in Advancemame Advancecomp 2.3

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

5.5
2022-08-29 CVE-2022-35017 Advancemame Out-of-bounds Write vulnerability in Advancemame Advancecomp 2.3

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

5.5
2022-08-29 CVE-2022-35018 Advancemame Unspecified vulnerability in Advancemame Advancecomp 2.3

Advancecomp v2.3 was discovered to contain a segmentation fault.

5.5
2022-08-29 CVE-2022-35019 Advancemame Unspecified vulnerability in Advancemame Advancecomp 2.3

Advancecomp v2.3 was discovered to contain a segmentation fault.

5.5
2022-08-29 CVE-2022-35020 Advancemame Out-of-bounds Write vulnerability in Advancemame Advancecomp 2.3

Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.

5.5
2022-09-01 CVE-2022-2663 Linux
Debian
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in multiple products

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message.

5.3
2022-09-01 CVE-2022-2739 Redhat
Podman Project
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056.
5.3
2022-08-31 CVE-2022-39046 GNU
Netapp
Information Exposure Through Log Files vulnerability in multiple products

An issue was discovered in the GNU C Library (glibc) 2.36.

5.3
2022-09-01 CVE-2022-2764 Redhat
Netapp
A flaw was found in Undertow.
4.9
2022-08-29 CVE-2022-0718 Openstack
Redhat
Debian
Insufficiently Protected Credentials vulnerability in multiple products

A flaw was found in python-oslo-utils.

4.9
2022-08-29 CVE-2022-0485 Redhat Unchecked Return Value vulnerability in Redhat Enterprise Linux and Libnbd

A flaw was found in the copying tool `nbdcopy` of libnbd.

4.8
2022-09-02 CVE-2022-38170 Apache Race Condition vulnerability in Apache Airflow

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

4.7
2022-09-02 CVE-2022-39188 Linux
Debian
Race Condition vulnerability in multiple products

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19.

4.7

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-01 CVE-2022-2256 Redhat Cross-site Scripting vulnerability in Redhat Single Sign-On 7.0

A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7.

3.8