VULNERA Pulse

Google — Chromium

CVE-2022-4135 / Added: Nov. 28, 2022

CRITICAL CVSS 9.60

Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

Headlines

• Dec. 2, 2022 - New Opera 93 Stable update includes fix for latest Chromium zero-day
• Nov. 28, 2022 - Update your Google Chrome Mac install now
• Nov. 28, 2022 - Google ships 8th emergency Chrome update for Mac to fix ‘high-severity’ flaw
• Nov. 28, 2022 - Google Patches Eighth Chrome Zero-Day of 2022
• Nov. 28, 2022 - Chrome fixes 8th zero-day of 2022 – check your version now
• Nov. 26, 2022 - Patch Google Chrome now to fix this emergency security flaw
• Nov. 25, 2022 - Update Chrome ASAP: Google patches new zero-day exploit
• Nov. 25, 2022 - Google issues urgent warning to all Chrome users – you must act right now
• Nov. 25, 2022 - Google releases patch for zero-day Chrome vulnerability
• Nov. 25, 2022 - Google Releases Chrome Patch to Fix New Zero-Day Vulnerability
• Nov. 25, 2022 - Security experts urge Chrome users to patch new zero-day exploit immediately
• Nov. 25, 2022 - Apply This Emergency Google Chrome Zero-Day Patch Before You Shop Black Friday Deals
• Nov. 25, 2022 - Google fixed the eighth actively exploited #Chrome #zeroday this year
• Nov. 25, 2022 - Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw
• Nov. 25, 2022 - Google Issues Emergency Chrome Security Update For All Users
• Nov. 25, 2022 - Google Issues Emergency Chrome Security Update For All Users
• Nov. 25, 2022 - Google rushes out Chrome browser fix for new zero-day flaw

Back to top ↑

Oracle — Fusion Middleware

CVE-2021-35587 / Added: Nov. 28, 2022

CRITICAL CVSS 9.80

Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.

Headlines

• Nov. 29, 2022 - Oracle Fusion Middleware Flaw Flagged by CISA
• Nov. 29, 2022 - Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild: CISA
• Nov. 29, 2022 - Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)
• Nov. 29, 2022 - CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

Back to top ↑

CVE-2022-45483

CVSS Not Assigned

Risk Context N/A

Published: Dec. 2, 2022

Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Quotes

• An exploit of the authentication and authorization vulnerabilities could allow remote unauthenticated attackers to execute arbitrary commands. Similarly, an exploit of the insecure communication vulnerability exposes the user's keystrokes, including sensitive information such as usernames and passwords - Security Affairs
• These three applications are widely used but they are neither maintained nor supported, and evidently, security was not a factor when these applications were developed - The Hacker News

Headlines

• Dec. 2, 2022 - Android Keyboard Apps with 2 Million downloads can remotely hack your device
• Dec. 2, 2022 - Watch Out! These Android Keyboard Apps Used by Millions Can be Hacked Remotely
• Dec. 2, 2022 - Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotely
• Dec. 1, 2022 - Watch out - these Android remote keyboard apps have serious security flaws

CVE-2022-4020

HIGH CVSS 8.20

Risk Context N/A

Published: Nov. 28, 2022

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

Vendor Impacted: Acer

Products Impacted: Extensa Ex215-21 Firmware, Aspire A315-22g, Aspire A315-22 Firmware, Aspire A115-21 Firmware, Extensa Ex215-21g, Extensa Ex215-21g Firmware, Extensa Ex215-21, Aspire A315-22, Aspire A315-22g Firmware, Aspire A115-21

Quotes

• May allow changes to Secure Boot settings by creating NVRAM variables - The Hacker News
• #CVE-2022-4020 is found in the DXE driver HQSwSmiDxe, which checks for the 'BootOrderSecureBootDisable' NVRAM variable - Dark Reading
• Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable - SecurityWeek
• Detections are blocked from running before they can attack or infect the system specification - Security Affairs

Headlines

• Nov. 29, 2022 - Acer fixes major laptop bug that hackers can use to disable secure boot
• Nov. 29, 2022 - New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection
• Nov. 29, 2022 - Acer Firmware Flaw Lets Attackers Bypass Key Security Feature
• Nov. 29, 2022 - Vulnerability in Acer Laptops Allows Attackers to Disable Secure Boot
• Nov. 28, 2022 - A flaw in some Acer laptops can be used to bypass security features

CVE-2022-4135

CRITICAL CVSS 9.60

CISA Known Exploited Actively Exploited

Published: Nov. 25, 2022

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendors Impacted: Microsoft, Google

Products Impacted: Edge Chromium, Edge, Chromium

Quotes

• Is aware that an exploit for CVE-2022-4135 exists in the wild - Security Latest
• CISA has grown more proactive in adding vulnerabilities to the list when they pose a threat - infosecurity-magazine.com
• It may give the attacker access to OAM server, to create any user with any privileges, or just get code execution in the victim's server - The Hacker News
• Aware that an exploit [...] exists in the wild - Naked Security - Sophos
• Google is aware that an exploit for CVE-2022-4135 exists in the wild - SecurityWeek

Headlines

• Dec. 2, 2022 - New Opera 93 Stable update includes fix for latest Chromium zero-day
• Nov. 30, 2022 - Drop What You're Doing and Update iOS, Android, and Windows
• Nov. 29, 2022 - Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild: CISA
• Nov. 29, 2022 - Oracle Fusion Middleware Vulnerability Exploited in the Wild
• Nov. 29, 2022 - CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
• Nov. 28, 2022 - Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)
• Nov. 28, 2022 - Update your Google Chrome Mac install now
• Nov. 28, 2022 - Google ships 8th emergency Chrome update for Mac to fix ‘high-severity’ flaw
• Nov. 28, 2022 - Google Patches Eighth Chrome Zero-Day of 2022
• Nov. 26, 2022 - Patch Google Chrome now to fix this emergency security flaw

CVE-2022-4116

CRITICAL CVSS 9.80

Remote Code Execution

Published: Nov. 22, 2022

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.

Quotes

• The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks that could lead to remote-code execution (RCE) - The Hacker News
• While preparing a talk for the recent DeepSec Conference about attacking the developer environment through drive-by localhost, I reviewed some popular Java frameworks to see if they were vulnerable - infosecurity-magazine.com
• Exploiting the vulnerability isn't difficult, and can be done by a malicious actor without any privileges - Dark Reading
• Exploiting the vulnerability isn't difficult and can be done by a malicious actor without any privileges - SecurityWeek

Headlines

• Dec. 1, 2022 - Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework
• Nov. 30, 2022 - Zero-Day Flaw Discovered in Quarkus Java Framework
• Nov. 30, 2022 - Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE
• Nov. 30, 2022 - Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework

CVE-2022-36449

MEDIUM CVSS 6.50

Risk Context N/A

Published: Sept. 1, 2022

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.

Vendor Impacted: Arm

Products Impacted: Bifrost, Valhall, Midgard

Quotes

• We reported these five issues to ARM when they were discovered between June and July 2022. ARM fixed the issues promptly in July and August 2022, disclosing them as security issues on their Arm Mali Driver Vulnerabilities page (assigning CVE-2022-36449) and publishing the patched driver source on their public developer website - SecurityWeek

Headlines

• Nov. 29, 2022 - Google's security team says companies need to get better at patching Android
• Nov. 28, 2022 - Google says Google should do a better job of patching Android phones
• Nov. 28, 2022 - Project Zero Flags 'Patch Gap' Problems on Android
• Nov. 28, 2022 - Zero-day ARM vulnerabilities affect millions of smartphones
• Nov. 28, 2022 - Millions Of Android Smartphones Can Be Hacked Due To This Reason: Warning Issued By Google - Trak.in
• Nov. 27, 2022 - [U: Fix coming] Months-old security vulnerability still hasn’t been patched on Pixel, Samsung

CVE-2022-24521

HIGH CVSS 7.80

CISA Known Exploited Actively Exploited Used In Ransomware

Published: April 15, 2022

Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24481.

Vendor Impacted: Microsoft

Product Impacted: Windows

Quotes

• Since spring 2022, Cuba ransomware actors have modified their TTPs and tools to interact with compromised networks and extort payments from victims - SecurityWeek
• According to third-party reporting, suspected Cuba ransomware actors compromised a foreign healthcare company. The threat actors deployed Industrial Spy ransomware, which shares distinct similarities in configuration to Cuba ransomware - infosecurity-magazine.com

Headlines

• Dec. 2, 2022 - Cuba Ransomware received over $60M in Ransom payments as of August 2022
• Dec. 2, 2022 - Over 100 Organizations Hit by Cuba Ransomware: CISA, FBI
• Dec. 2, 2022 - Cuba Ransomware Actors Pocket $60m
• Dec. 2, 2022 - Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities
• Dec. 1, 2022 - #StopRansomware: Cuba Ransomware

CVE-2021-35587

CRITICAL CVSS 9.80

CISA Known Exploited Actively Exploited Public Exploits Available

Published: Jan. 19, 2022

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vendor Impacted: Oracle

Product Impacted: Fusion Middleware

Quotes

• Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to take over the Access Manager product - Dark Reading
• CISA has grown more proactive in adding vulnerabilities to the list when they pose a threat - infosecurity-magazine.com
• Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 - Security Affairs
• It may give the attacker access to OAM server, to create any user with any privileges, or just get code execution in the victim's server - The Hacker News

Headlines

• Nov. 29, 2022 - Oracle Fusion Middleware Flaw Flagged by CISA
• Nov. 29, 2022 - Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild: CISA
• Nov. 29, 2022 - CISA adds Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities Catalog
• Nov. 29, 2022 - Oracle Fusion Middleware Vulnerability Exploited in the Wild
• Nov. 29, 2022 - Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)
• Nov. 29, 2022 - CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

CVE-2021-42298

HIGH CVSS 7.80

Actively Exploited Remote Code Execution

Published: Nov. 10, 2021

Microsoft Defender Remote Code Execution Vulnerability

Quotes

• Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device - The Hacker News
• Although the vulnerabilities are now patched, we assess it is likely the exploits were used as 0-days before they were fixed - Security Affairs
• 1-click full chain for Google Chrome without persistence reaching medium integrity - SecurityWeek

Headlines

• Dec. 1, 2022 - Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days
• Dec. 1, 2022 - Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, and Windows Zero-Days
• Dec. 1, 2022 - Google ties Spanish IT firm to 0-days exploiting Chrome, Defender, and Firefox
• Nov. 30, 2022 - Google links three exploitation frameworks to Spanish commercial spyware vendor Variston
• Nov. 30, 2022 - Google TAG Warns on Emerging Heliconia Exploit Framework for RCE
• Nov. 30, 2022 - Google Links Exploitation Frameworks to Spanish Spyware Vendor Variston