top of page

New most known CVEs !

Updated: Dec 8, 2022

Introduction



I) List of CVEs


1) CVE-2022-24889

a) Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.

b) References

  • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5vw6-6prg-gvw6

  • https://github.com/nextcloud/server/pull/30615

  • https://hackerone.com/reports/1403614

2) CVE-2022-29243

a) Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available.

b) References

  • https://github.com/nextcloud/server/pull/31658

  • https://hackerone.com/reports/1153138

  • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7cwm-qph5-4h5w

3) CVE-2022-30323

a) Description

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.

b) References

  • https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930

  • https://discuss.hashicorp.com/

4) CVE-2022-25374

a) Description

HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.

b) References

  • https://discuss.hashicorp.com/

  • https://discuss.hashicorp.com/t/hcsec-2022-06-terraform-enterprise-may-capture-sensitive-data-in-logs/

5) CVE-2022-37451

a) Description

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

b) References

  • https://www.exim.org/static/doc/security/

  • https://github.com/ivd38/exim_invalid_free

  • https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html

6) CVE-2022-26979

a) Description

Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.

b) References

  • https://drive.google.com/file/d/1WpwDgVRU-Mb792z6dgDoWMXDRSeB8ZLU/view?usp=sharing

  • https://www.foxit.com/support/security-bulletins.html

7) CVE-2022-35697

a) Description

Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.

b) References

  • https://github.com/adobe/aem-core-wcm-components/security/advisories/GHSA-qcgc-6q86-7x2p

8) CVE-2022-34844

a) Description

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

b) References

  • https://support.f5.com/csp/article/K34511555

9) CVE-2022-33203

a) Description

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

b) References

  • https://support.f5.com/csp/article/K52534925

10) CVE-2022-36839

a) Description

SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.

b) References

  • https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08

11) CVE-2022-36446

a) Description

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

b) References

  • https://github.com/webmin/webmin/compare/1.996...1.997

  • https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde

  • http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html

12) CVE-2022-1919

a) Description

Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

b) References

  • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html

  • https://crbug.com/1313709

  • https://security.gentoo.org/glsa/202208-08

13) CVE-2022-32458

a) Description

Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.

b) References

  • https://www.twcert.org.tw/tw/cp-132-6288-49e01-1.html

  • https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb

14) CVE-2022-32457

a) Description

Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

b) References

  • https://www.twcert.org.tw/tw/cp-132-6287-20ef0-1.html

  • https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb

15) CVE-2022-2122

a) Description

DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.

b) References

  • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225

  • https://www.debian.org/security/2022/dsa-5204

16) CVE-2022-1925

a) Description

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.

b) References

  • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225

  • https://www.debian.org/security/2022/dsa-5204

  • https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html

17) CVE-2022-1921

a) Description

Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.

b) References

  • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224

  • https://www.debian.org/security/2022/dsa-5204

18) CVE-2022-34663

a) Description

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS1600 (All versions), RUGGEDCOM ROS RS1600F (All versions), RUGGEDCOM ROS RS1600T (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Affected devices are vulnerable to a web-based code injection attack via the console. An attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected device.

b) References

  • https://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdf

19) CVE-2022-2309

a) Description

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

b) References

  • https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba

  • https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f

20) CVE-2022-31101

a) Description

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.

b) References

  • https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp

  • https://github.com/PrestaShop/blockwishlist/commit/b3ec4b85af5fd73f74d55390b226d221298ca084

21) CVE-2022-30174

a) Description

Microsoft Office Remote Code Execution Vulnerability.

b) References

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30174

22) CVE-2022-30168

a) Description

Microsoft Photos App Remote Code Execution Vulnerability.

b) References

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30168

23) CVE-2022-29801

a) Description

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

b) References

  • https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf

24) CVE-2022-29110

a) Description

Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29109.

b) References

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29110

25) CVE-2022-30292

a) Description

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.

b) References

  • https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d

  • https://github.com/sprushed/CVE-2022-30292

  • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WBUYGYXDQX3OSAYHP4TCG3JS7PJTIE75/

26) CVE-2022-25622

a) Description

A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (All versions >= 4.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions < V8.2.3), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions), SINAMICS DCM (All versions with Ethernet interface), SINAMICS G110M (All versions with Ethernet interface), SINAMICS G115D (All versions with Ethernet interface), SINAMICS G120 (incl. SIPLUS variants) (All versions with Ethernet interface), SINAMICS G130 (All versions), SINAMICS G150 (All versions), SINAMICS S110 (All versions with Ethernet interface), SINAMICS S120 (incl. SIPLUS variants) (All versions), SINAMICS S150 (All versions), SINAMICS S210 (All versions), SINAMICS V90 (All versions with Ethernet interface), SIPLUS HCS4200 CIM4210 (All versions), SIPLUS HCS4200 CIM4210C (All versions), SIPLUS HCS4300 CIM4310 (All versions), SIPLUS NET PN/PN Coupler (All versions >= 4.2). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

b) References

  • https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf

27) CVE-2022-1040

a) Description

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

b) References

  • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce

  • http://packetstormsecurity.com/files/168046/Sophos-XG115w-Firewall-17.0.10-MR-10-Authentication-Bypass.html

28) CVE-2022-0847

a) Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

b) References

  • https://bugzilla.redhat.com/show_bug.cgi?id=2060795

  • http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html

  • http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html

29) CVE-2022-24713

a) Description

regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.

b) References

  • https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8

  • https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283ehttps://lists.debian.org/debian-lts-announce/2022/04/msg00009.html

30) CVE-2022-21970

a) Description

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954.

b) References

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21970

31) CVE-2022-21907

a) Description

HTTP Protocol Stack Remote Code Execution Vulnerability.

b) References

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21907

  • http://packetstormsecurity.com/files/165566/HTTP-Protocol-Stack-Denial-Of-Service-Remote-Code-Execution.html

32) CVE-2022-21906

a) Description

Windows Defender Application Control Security Feature Bypass Vulnerability.

b) References

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21906

33) CVE-2022-31614

a) Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.

b) References

  • https://nvidia.custhelp.com/app/answers/detail/a_id/5383

34) CVE-2022-35788

a) Description

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.

b) References

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35788

35) CVE-2022-24010

a) Description

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cwmpd binary.

b) References

  • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1463

36) CVE-2022-24007

a) Description

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cfm binary.

b) References

  • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1463

Conclusion


Every day, new vulnerabilities are discovered and published on the Internet. These vulnerabilities are quickly used, by malicious people, and affect the security of your systems. Companies must implement countermeasures as soon as possible, and then deploy definitive patches.


About us


Headquarter: 9 rue des colonnes 75002 Paris

Phone: +33134908672

Email: contact@bluepinksecurity.com

47 views0 comments

Recent Posts

See All
bottom of page