vulnerability-summary-for-the-week-of-august-1,-2022
Share on facebook
Share on twitter
Share on linkedin
Share on email
News Category

Vulnerability Summary for the Week of August 1, 2022

@acrontum — filesystem-template

  The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. 2022-08-05 not yet calculated CVE-2022-21186

CONFIRM

CONFIRM Ittiam — libmpeg2

  Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8. 2022-08-05 not yet calculated CVE-2022-37416

MISC

MISC accusoft — imagegear

  An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-29465

MISC aes_crypt — aes_crypt

  AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checked before being read. This vulnerability may lead to buffer overruns. This does _not_ affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the `-p` or `-k` command-line options. The problem was fixed via in commit 68761851b and will be included in release 3.16. Users are advised to upgrade. Users unable to upgrade should us the `-p` or `-k` options to provide a password or key. 2022-08-03 not yet calculated CVE-2022-35928

MISC

CONFIRM alphaware_simple_e-commerce_system — alphaware_simple_e-commerce_system

  A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input “http://us-cert.cisa.gov/”> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2682

MISC

MISC apache — hadoop

  Apache Hadoop’s FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. “Check existence of file before untarring/zipping”, which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). 2022-08-04 not yet calculated CVE-2022-25168

MISC apache — jspwiki

  A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later. 2022-08-04 not yet calculated CVE-2022-28730

MISC apache — jspwiki

  A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. 2022-08-04 not yet calculated CVE-2022-27166

MISC apache — jspwiki

  A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later. 2022-08-04 not yet calculated CVE-2022-28732

MISC apache — jspwiki

  A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker’s account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page. 2022-08-04 not yet calculated CVE-2022-34158

MISC apache — jspwiki

  A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page. 2022-08-04 not yet calculated CVE-2022-28731

MISC apartment_visitor_management_system — apartment_visitor_management_system

  A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ‘ AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF) AND ‘htiy’=’htiy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205665 was assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2677

MISC

MISC apartment_visitor_management_system — apartment_visitor_management_system

  A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672. 2022-08-05 not yet calculated CVE-2022-2684

MISC

MISC aplhaware_simple_e-commerce_system — aplhaware_simple_e-commerce_system

  A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2678

MISC

MISC arista — cloudvision_portal

  This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users. 2022-08-05 not yet calculated CVE-2022-29071

MISC arista — eos

  This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass. 2022-08-05 not yet calculated CVE-2021-28511

MISC arm — mali_gpu_kernel_driver

  An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory. 2022-08-02 not yet calculated CVE-2022-33917

MISC arris — multiple_products

  do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. 2022-08-04 not yet calculated CVE-2022-31793

MISC

MISC

MISC

MISC artica — pandora_fms Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role. 2022-08-01 not yet calculated CVE-2022-26308

CONFIRM

CONFIRM artica — pandora_fms A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field. 2022-08-05 not yet calculated CVE-2021-46678

CONFIRM

CONFIRM artica — pandora_fms A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements. 2022-08-05 not yet calculated CVE-2021-46679

CONFIRM

CONFIRM artica — pandora_fms A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field. 2022-08-05 not yet calculated CVE-2021-46680

CONFIRM artica — pandora_fms Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user. 2022-08-01 not yet calculated CVE-2022-26310

CONFIRM

CONFIRM artica — pandora_fms A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field. 2022-08-05 not yet calculated CVE-2021-46677

CONFIRM

CONFIRM artica — pandora_fms

  A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field. 2022-08-05 not yet calculated CVE-2021-46681

CONFIRM

CONFIRM artica– pandora_fms Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group. 2022-08-01 not yet calculated CVE-2022-26309

CONFIRM

CONFIRM artica — pandora_fms A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field. 2022-08-05 not yet calculated CVE-2021-46676

CONFIRM

CONFIRM asustor — adm

  A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below. 2022-08-05 not yet calculated CVE-2022-37398

MISC asuswrt-merlin — asuswrt

  A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-26376

MISC atlassian — jira_data_center This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1. 2022-08-01 not yet calculated CVE-2022-36799

MISC atlassian — jira_service_management_server_and_data_center

  Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the “Browse Users” permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. 2022-08-03 not yet calculated CVE-2022-36800

MISC autodesk — autocad Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-07-29 not yet calculated CVE-2022-33881

MISC autodesk — autodesk_design_review

  A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-07-29 not yet calculated CVE-2022-27866

MISC autodesk — autodesk_design_review

  A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code. 2022-07-29 not yet calculated CVE-2022-27865

MISC autodesk — autodesk_design_review

  A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2022-07-29 not yet calculated CVE-2022-27864

MISC autodesk — fusion_360 An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information. 2022-07-29 not yet calculated CVE-2022-27873

MISC backdrop — backdrop

  An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames. 2022-08-01 not yet calculated CVE-2022-34530

MISC

MISC beancount — fava Cross-site Scripting (XSS) – Reflected in GitHub repository beancount/fava prior to 1.22.3. 2022-08-01 not yet calculated CVE-2022-2589

CONFIRM

MISC best_fee_management_system — best_fee_management_system

  A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2674

MISC bigtree_cms — bigtree_cms

  BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. 2022-08-03 not yet calculated CVE-2022-36197

MISC bmc — track-it

  This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690. 2022-08-03 not yet calculated CVE-2022-35864

MISC

MISC bmc — track-it

  This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709. 2022-08-03 not yet calculated CVE-2022-35865

MISC

MISC boltcms — boltcms

  The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. 2022-08-01 not yet calculated CVE-2022-31321

MISC

MISC bookwyrm — bookwyrm

  BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually. 2022-08-02 not yet calculated CVE-2022-35925

MISC

CONFIRM

MISC bookwyrm — bookwyrm

  Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. 2022-08-04 not yet calculated CVE-2022-2651

CONFIRM

MISC bosch — bf-os

  BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. 2022-08-01 not yet calculated CVE-2022-36301

CONFIRM bosch — bf-os

  File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. 2022-08-01 not yet calculated CVE-2022-36302

CONFIRM centreon — centreon

  This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335. 2022-08-03 not yet calculated CVE-2022-34871

MISC

MISC centreon — centreon

  This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336. 2022-08-03 not yet calculated CVE-2022-34872

MISC

MISC chia_network — cat1

  An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious. 2022-07-29 not yet calculated CVE-2022-36447

MISC

MISC church_management_system — church_management_system

  A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ‘ OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)– jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668. 2022-08-05 not yet calculated CVE-2022-2680

MISC

MISC ckeditor — ckeditor5

  CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5’s packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are `@ckeditor/ckeditor5-markdown-gfm`, `@ckeditor/ckeditor5-html-support`, and `@ckeditor/ckeditor5-html-embed`. The specific conditions are 1) Using one of the affected packages. In case of `ckeditor5-html-support` and `ckeditor5-html-embed`, additionally, it was required to use a configuration that allows unsafe markup inside the editor. 2) Destroying the editor instance and 3) Initializing the editor on an element and using an element other than `