CVE-2022-24706 - Apache CouchDB Insecure Default Initialization of Resource Vulnerability -

Action Due Sep 15, 2022 Target Vendor : Apache

Description : Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00; https://nvd.nist.gov/vuln/detail/CVE-2022-24706

CVE-2022-24112 - Apache APISIX Authentication Bypass Vulnerability -

Action Due Sep 15, 2022 Target Vendor : Apache

Description : Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94; https://nvd.nist.gov/vuln/detail/CVE-2022-24112

CVE-2022-2294 - WebRTC Heap Buffer Overflow Vulnerability -

Action Due Sep 15, 2022 Target Vendor : WebRTC

Description : WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://groups.google.com/g/discuss-webrtc/c/5KBtZx2gvcQ; https://nvd.nist.gov/vuln/detail/CVE-2022-2294

CVE-2021-39226 - Grafana Authentication Bypass Vulnerability -

Action Due Sep 15, 2022 Target Vendor : Grafana Labs

Description : Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/; https://nvd.nist.gov/vuln/detail/CVE-2021-39226

CVE-2021-38406 - Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability -

Action Due Sep 15, 2022 Target Vendor : Delta Electronics

Description : Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-02; https://nvd.nist.gov/vuln/detail/CVE-2021-38406

CVE-2021-31010 - Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability -

Action Due Sep 15, 2022 Target Vendor : Apple

Description : In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-us/HT212804, https://support.apple.com/en-us/HT212805, https://support.apple.com/en-us/HT212806, https://support.apple.com/en-us/HT212807, https://support.apple.com/en-us/HT212824; https://nvd.nist.gov/vuln/detail/CVE-2021-31010

CVE-2020-28949 - PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability -

Action Due Sep 15, 2022 Target Vendor : PEAR

Description : PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://pear.php.net/bugs/bug.php?id=27002, https://www.drupal.org/sa-core-2020-013, https://access.redhat.com/security/cve/cve-2020-28949; https://nvd.nist.gov/vuln/detail/CVE-2020-28949

CVE-2022-22963 - VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability -

Action Due Sep 15, 2022 Target Vendor : VMware Tanzu

Description : When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://tanzu.vmware.com/security/cve-2022-22963; https://nvd.nist.gov/vuln/detail/CVE-2022-22963

CVE-2020-36193 - PEAR Archive_Tar Improper Link Resolution Vulnerability -

Action Due Sep 15, 2022 Target Vendor : PEAR

Description : PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916, https://www.drupal.org/sa-core-2021-001, https://access.redhat.com/security/cve/cve-2020-36193; https://nvd.nist.gov/vuln/detail/CVE-2020-36193

CVE-2022-0028 - Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability -

Action Due Sep 12, 2022 Target Vendor : Palo Alto Networks

Description : A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://security.paloaltonetworks.com/CVE-2022-0028; https://nvd.nist.gov/vuln/detail/CVE-2022-0028

CVE-2022-32894 - Apple iOS and macOS Out-of-Bounds Write Vulnerability -

Action Due Sep 08, 2022 Target Vendor : Apple

Description : Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-gb/HT213412, https://support.apple.com/en-gb/HT213413; https://nvd.nist.gov/vuln/detail/CVE-2022-32894

CVE-2022-32893 - Apple iOS and macOS Out-of-Bounds Write Vulnerability -

Action Due Sep 08, 2022 Target Vendor : Apple

Description : Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-gb/HT213412, https://support.apple.com/en-gb/HT213413; https://nvd.nist.gov/vuln/detail/CVE-2022-32893

CVE-2022-2856 - Google Chromium Intents Insufficient Input Validation Vulnerability -

Action Due Sep 08, 2022 Target Vendor : Google

Description : Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html; https://nvd.nist.gov/vuln/detail/CVE-2022-2856

CVE-2022-26923 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability -

Action Due Sep 08, 2022 Target Vendor : Microsoft

Description : An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923; https://nvd.nist.gov/vuln/detail/CVE-2022-26923

CVE-2022-21971 - Microsoft Windows Runtime Remote Code Execution Vulnerability -

Action Due Sep 08, 2022 Target Vendor : Microsoft

Description : Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971; https://nvd.nist.gov/vuln/detail/CVE-2022-21971

CVE-2017-15944 - Palo Alto Networks PAN-OS Remote Code Execution Vulnerability -

Action Due Sep 08, 2022 Target Vendor : Palo Alto Networks

Description : Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://security.paloaltonetworks.com/CVE-2017-15944; https://nvd.nist.gov/vuln/detail/CVE-2017-15944

CVE-2022-22536 - SAP Multiple Products HTTP Request Smuggling Vulnerability -

Action Due Sep 08, 2022 Target Vendor : SAP

Description : SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : SAP users must have an account in order to login and access the patch. https://accounts.sap.com/saml2/idp/sso; https://nvd.nist.gov/vuln/detail/CVE-2022-22536

CVE-2022-27925 - Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability -

Action Due Sep 01, 2022 Target Vendor : Zimbra

Description : Zimbra Collaboration (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2022-27925

CVE-2022-37042 - Zimbra Collaboration (ZCS) Authentication Bypass Vulnerability -

Action Due Sep 01, 2022 Target Vendor : Zimbra

Description : Zimbra Collaboration (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2022-37042

CVE-2022-34713 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability -

Action Due Aug 30, 2022 Target Vendor : Microsoft

Description : A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713; https://nvd.nist.gov/vuln/detail/CVE-2022-34713