Weekly Vulnerabilities Reports > September 5 to 11, 2022

Overview

41 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 39 products from 33 vendors including Debian, Fedoraproject, Samsung, Linux, and Snakeyaml Project. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Command Injection", "Use After Free", "Out-of-bounds Read", and "Inadequate Encryption Strength".

  • 26 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 23 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Apache has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-06 CVE-2022-36067 VM2 Project Improper Control of Dynamically-Managed Code Resources vulnerability in VM2 Project VM2

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.

10.0
2022-09-11 CVE-2022-39135 Apache XXE vulnerability in Apache Calcite

In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack.

9.8
2022-09-09 CVE-2022-2526 Systemd Project Use After Free vulnerability in Systemd Project Systemd 240

A use-after-free vulnerability was found in systemd.

9.8
2022-09-09 CVE-2022-25765 Pdfkit Project
Fedoraproject
Command Injection vulnerability in multiple products

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.

9.8
2022-09-05 CVE-2022-31814 Netgate Unspecified vulnerability in Netgate Pfblockerng

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header.

9.8
2022-09-05 CVE-2022-3122 Clinic S Patient Management System Project SQL Injection vulnerability in Clinic'S Patient Management System Project Clinic'S Patient Management System 1.0

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0.

9.8

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-09 CVE-2022-40320 Libconfuse Project
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.

8.8
2022-09-08 CVE-2022-30079 Netgear Command Injection vulnerability in Netgear R6200 R6200V2V1.0.3.12

Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter.

8.8
2022-09-05 CVE-2022-30331 Tigergraph Improper Input Validation vulnerability in Tigergraph 3.6.0

** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation.

8.8
2022-09-05 CVE-2022-3008 Tinygltf Project
Debian
Command Injection vulnerability in multiple products

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file.

8.8
2022-09-05 CVE-2022-39051 Otrs Improper Control of Dynamically-Managed Code Resources vulnerability in Otrs

Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package

8.8
2022-09-09 CVE-2022-40297 Ubports Improper Privilege Management vulnerability in Ubports Ubuntu Touch 16.04

** DISPUTED ** UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo.

7.8
2022-09-06 CVE-2022-3134 VIM
Debian
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to 9.0.0389.

7.8
2022-09-05 CVE-2022-39831 GNU
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in PSPP 1.6.2.

7.8
2022-09-05 CVE-2022-39832 GNU
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in PSPP 1.6.2.

7.8
2022-09-09 CVE-2020-10735 Python
Redhat
Fedoraproject
Incorrect Type Conversion or Cast vulnerability in multiple products

A flaw was found in python.

7.5
2022-09-08 CVE-2022-28220 Apache Command Injection vulnerability in Apache James

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command.

7.5
2022-09-07 CVE-2022-35513 Blink1 Inadequate Encryption Strength vulnerability in Blink1 Blink1Control2

The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.

7.5
2022-09-07 CVE-2022-40023 Sqlalchemy
Debian
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse.
7.5
2022-09-06 CVE-2022-27664 Golang
Fedoraproject
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
7.5
2022-09-05 CVE-2022-2083 Simple Sign ON Project Inadequate Encryption Strength vulnerability in Simple Sign on Project Simple Sign on

The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.

7.5
2022-09-09 CVE-2022-36423 Openharmony Out-of-bounds Write vulnerability in Openharmony

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing.

7.4
2022-09-05 CVE-2021-28398 Osgeo OS Command Injection vulnerability in Osgeo Geonetwork

A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure.

7.2

18 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-09 CVE-2022-38266 Tesseract Project Divide By Zero vulnerability in Tesseract Project Tesseract 5.0.0

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.

6.5
2022-09-09 CVE-2022-36087 Oauthlib Project
Fedoraproject
Improper Input Validation vulnerability in multiple products

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+.

6.5
2022-09-09 CVE-2022-36870 Samsung Unspecified vulnerability in Samsung PAY and Samsung PAY KR

Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

6.5
2022-09-09 CVE-2022-36871 Samsung Unspecified vulnerability in Samsung PAY and Samsung PAY KR

Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

6.5
2022-09-09 CVE-2022-36872 Samsung Unspecified vulnerability in Samsung PAY and Samsung PAY KR

Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

6.5
2022-09-07 CVE-2021-36783 Suse Insufficiently Protected Credentials vulnerability in Suse Rancher

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints.

6.5
2022-09-05 CVE-2022-38749 Snakeyaml Project
Debian
Out-of-bounds Write vulnerability in multiple products

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).

6.5
2022-09-05 CVE-2022-38751 Snakeyaml Project
Debian
Out-of-bounds Write vulnerability in multiple products

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).

6.5
2022-09-09 CVE-2022-36109 Mobyproject
Fedoraproject
Incorrect Authorization vulnerability in multiple products

Moby is an open-source project created by Docker to enable software containerization.

6.3
2022-09-09 CVE-2022-36869 Samsung Unspecified vulnerability in Samsung Contacts Provider

Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.

6.1
2022-09-05 CVE-2022-3123 Dokuwiki
Fedoraproject
Cross-site Scripting vulnerability in multiple products

Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.

6.1
2022-09-05 CVE-2022-39842 Linux
Debian
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.19.

6.1
2022-09-09 CVE-2022-2905 Linux
Redhat
Debian
Out-of-bounds Read vulnerability in multiple products

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map.

5.5
2022-09-09 CVE-2022-36867 Samsung Unspecified vulnerability in Samsung Editor Lite

Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.

5.5
2022-09-09 CVE-2022-38064 Openharmony Improper Authentication vulnerability in Openharmony 3.1/3.1.1/3.1.2

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability.

5.5
2022-09-05 CVE-2022-38750 Snakeyaml Project
Debian
Out-of-bounds Write vulnerability in multiple products

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).

5.5
2022-09-06 CVE-2022-2941 WP Useronline Project Cross-site Scripting vulnerability in Wp-Useronline Project Wp-Useronline 2.87.6/2.88.0

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0.

4.8
2022-09-09 CVE-2022-40307 Linux
Debian
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel through 5.19.8.

4.7

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS