Snapshot
Oct. 14, 2022 - Oct. 21, 2022
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2021-3493 | The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation. | HIGH | Linux | Oct. 20, 2022 |
CVE-2022-41352 | Zimbra Collaboration (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts. | CRITICAL | Zimbra | Oct. 20, 2022 |
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2022-40684 | An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0... | CRITICAL | Fortinet |
CISA Known Exploited Actively Exploited Used In Ransomware Public Exploits Available |
CVE-2022-42889 | Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | CRITICAL | Apache, Netapp |
Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2022-35829 | Service Fabric Explorer Spoofing Vulnerability. | MEDIUM | Risk Context N/A | |
CVE-2022-41040 | Microsoft Exchange Server Elevation of Privilege Vulnerability. | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Used In Ransomware Public Exploits Available |
CVE-2022-41352 | An issue was discovered in Zimbra Collaboration 8.8.15 and 9.0. | CRITICAL | Zimbra |
CISA Known Exploited Actively Exploited |
CVE-2022-39197 | An XSS vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on th... | MEDIUM |
Public Exploits Available |
|
CVE-2022-22954 | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | CRITICAL | Vmware |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2021-4034 | A local privilege escalation vulnerability was found on polkit's pkexec utility. | HIGH | Suse, Canonical, Oracle, Red Hat, Starwindsoftware, Redhat |
CISA Known Exploited Actively Exploited Public Exploits Available |
CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect agai... | CRITICAL | Apache, Intel, Bentley, Snowsoftware, Cisco, Percussion, Netapp, Siemens |
CISA Known Exploited Actively Exploited Public Exploits Available |
CISA Known Exploited Vulnerabilities
CISA added 2 vulnerabilities to the known exploited vulnerabilities list.
Linux — Kernel |
CVE-2021-3493 / Added: Oct. 20, 2022 |
HIGH CVSS 7.80 |
The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation. |
Headlines |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2022-40684 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Used In Ransomware Public Exploits Available |
Published: Oct. 18, 2022 |
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. |
Vendor Impacted: Fortinet |
Products Impacted: Fortiswitchmanager, Fortios, Fortiproxy, Multiple Products |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-42889 |
CRITICAL CVSS 9.80 |
Actively Exploited Remote Code Execution Public Exploits Available |
Published: Oct. 13, 2022 |
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. |
Vendors Impacted: Apache, Netapp |
Products Impacted: Bluexp, Commons Text |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-35829 |
MEDIUM CVSS 4.80 |
Risk Context N/A |
Published: Oct. 11, 2022 |
Service Fabric Explorer Spoofing Vulnerability. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-41040 |
HIGH CVSS 8.80 |
CISA Known Exploited Actively Exploited Used In Ransomware Public Exploits Available |
Published: Oct. 3, 2022 |
Microsoft Exchange Server Elevation of Privilege Vulnerability. |
Vendor Impacted: Microsoft |
Product Impacted: Exchange Server |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-41352 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited |
Published: Sept. 26, 2022 |
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio. |
Vendor Impacted: Zimbra |
Products Impacted: Collaboration, Collaboration (Zcs) |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-39197 |
MEDIUM CVSS 6.10 |
Public Exploits Available |
Published: Sept. 22, 2022 |
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed). |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-22954 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: April 11, 2022 |
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. |
Vendor Impacted: Vmware |
Products Impacted: Workspace One Access And Identity Manager, Vrealize Suite Lifecycle Manager, Vrealize Automation, Cloud Foundation |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2021-4034 |
HIGH CVSS 7.80 |
CISA Known Exploited Actively Exploited Public Exploits Available |
Published: Jan. 28, 2022 |
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
Vendors Impacted: Suse, Canonical, Oracle, Red Hat, Starwindsoftware, Redhat |
Products Impacted: Linux Enterprise High Performance Co, Linux Enterprise Desktop, Enterprise Linux Eus, Starwind Virtual San, Enterprise Linux Workstation, Enterprise Linux Server Tus, Linux Enterprise Workstation Extensi, Enterprise Linux Desktop, Enterprise Linux Server Update Servi, Enterprise Linux For Scientific Comp, Enterprise Linux, Manager Server, Http Server, Enterprise Linux Server Eus, Enterprise Linux For Power Big Endia, Enterprise Linux Server Aus, Starwind Hyperconverged Appliance, Ubuntu Linux, Enterprise Linux For Ibm Z Systems, Enterprise Linux Server, Enterprise Linux For Ibm Z Systems E, Enterprise Storage, Command Center, Zfs Storage Appliance Kit, Linux Enterprise Server, Enterprise Linux For Power Little En, Polkit, Manager Proxy |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2021-44228 |
CRITICAL CVSS 10.00 |
CISA Known Exploited Actively Exploited Public Exploits Available |
Published: Dec. 10, 2021 |
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
Vendors Impacted: Apache, Intel, Bentley, Snowsoftware, Cisco, Percussion, Netapp, Siemens |
Products Impacted: Finesse, Optical Network Controller, Crosswork Data Gateway, Cloudcenter, Iot Operations Dashboard, Sppa-T3000 Ses3000, Evolved Programmable Network Manager, Unified Workforce Optimization, Data Center Network Manager, Emergency Responder, Cloud Connect, Network Insights For Data Center, Crosswork Platform Infrastructure, Contact Center Management Portal, Crosswork Optimization Engine, Unified Communications Manager Im \&, Virtualized Voice Browser, Cloudcenter Suite, Crosswork Network Controller, Unity Connection, Smart Phy, Fxos, Cloudcenter Suite Admin, Sppa-T3000 Ses3000 Firmware, Crosswork Network Automation, Contact Center Domain Manager, Broadworks, Business Process Automation, Vm Access Proxy, Unified Contact Center Express, Enterprise Chat And Email, Connected Analytics For Network Depl, Ucs Central Software, Workload Optimization Manager, Dna Spaces, Rhythmyx, Synchro 4d, Dna Spaces Connector, Connected Mobile Experiences, Firepower Threat Defense, Mobility Services Engine, Cyber Vision Sensor Management Exten, Video Surveillance Manager, Virtual Topology System, Fog Director, Snapcenter, Ucs Central, Unified Sip Proxy, Snow Commander, Prime Service Catalog, Unified Computing System, Ucs Director, Cloudcenter Workload Manager, Advanced Malware Protection Virtual , Identity Services Engine, Cx Cloud Agent, Sd-Wan Vmanage, Log4j2, Unified Contact Center Enterprise, Wan Automation Engine, Intersight Virtual Appliance, Unified Intelligence Center, Nexus Insights, Packaged Contact Center Enterprise, Webex Meetings Server, Common Services Platform Collector, Log4j, Dna Spaces\, Paging Server, Unified Contact Center Management Po, Virtualized Infrastructure Manager, Nexus Dashboard, Data Center Manager, Customer Experience Cloud Agent, Network Dashboard Fabric Controller, Integrated Management Controller Sup, Dna Center, Unified Communications Manager, Cloudcenter Cost Optimizer, Video Surveillance Operations Manage, Network Services Orchestrator, Unified Communications Manager Im An, Cyber Vision, Oneapi Sample Browser, Synchro, Crosswork Zero Touch Provisioning, Ontap Tools, Automated Subsea Tuning, Network Assurance Engine, Unified Customer Voice Portal |
Quotes
|
Headlines |
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.