Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 53
Remote code execution in Apple iOS
CVE-2022-42856
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213516
Remote code execution in Citrix ADC and Citrix Gateway
CVE-2022-27518
Improper control of a resource through its lifetime
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper access restrictions in systems configured as a SAML SP or a SAML IdP. A remote non-authenticated attacker can gain unauthorized access to the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Citrix Access Gateway
Links:
https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
SmartScreen MOTW bypass in Microsoft Windows
CVE-2022-44698
Security features bypass
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in Windows SmartScreen. A remote attacker can bypass Mark of the Web (MOTW) defenses and potentially compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-44698
Remote code execution in FortiOS sslvpnd
CVE-2022-42475
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the sslvpnd daemon. A remote non-authenticated attacker can pass specially crafted data to the SSL-VPN interface, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: FortiOS
Links:
https://fortiguard.fortinet.com/psirt/FG-IR-22-398
Remote code execution in Google Chrome
CVE-2022-4262
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
Remote code execution in Google Chrome
CVE-2022-4135
Heap-based buffer overflow
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in GPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Multiple vulnerabilities in Microsoft Windows Mark of the Web
CVE-2022-41091
Security features bypass
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to security features bypass in Windows Mark of the Web functionality. A remote attacker can trick a victim to open a specially crafted file and bypass Protected View in Microsoft Office, as demonstrated using a specially crafted ZIP archive.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Privilege escalation in Microsoft Windows CNG Key Isolation Service
CVE-2022-41125
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows CNG Key Isolation Service. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41125
Remote code execution in Microsoft Windows Scripting Languages
CVE-2022-41128
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the JScript9 engine. A remote attacker can trick the victim into visiting a malicious website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability was exploited by APT37 in late October 2022 against South Korea.
Software: Windows
Privilege escalation in Microsoft Windows Print Spooler service
CVE-2022-41073
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Print Spooler. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41073
Multiple vulnerabilities in Apple iOS 15 and iPadOS 15
CVE-2022-48618
Improper authentication
The vulnerability allows a local application to compromise the affected system.
The vulnerability exists due to an error within the OS kernel. A local application or user with arbitrary read and write capability can bypass Pointer Authentication and compromise the affected system.
Note, the vulnerability is being actively exploited in the wild against versions of iOS released before iOS 15.7.1.
Software: Apple iOS
Remote code execution in Google Chrome
CVE-2022-3723
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2022-42827
Out-of-bounds write
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213489
Privilege escalation in Microsoft Windows COM+ Event System Service
CVE-2022-41033
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows COM+ Event System Service. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41033
Arbitrary file upload in bingo!CMS
CVE-2022-42458
Missing Authorization
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to missing authorization in the management functionality responsible for file uploads. A remote non-authenticated attacker can upload a malicious file on the server and execute it.
Successful exploitation of the vulnerability may result in full system compromise.
Note, the vulnerability is being exploited in the wild.
Software: bingo!CMS
Links:
https://www.bingo-cms.jp/information/20221011.html
Remote code execution in Microsoft Exchange Server
CVE-2022-41040
Server-Side Request Forgery (SSRF)
The disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the Exchange OWA Autodiscover service.. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Exchange Server
Links:
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Remote code execution in Microsoft Exchange Server
CVE-2022-41082
Deserialization of Untrusted Data
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote user with access to PowerShell Remoting on vulnerable Exchange systems can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Software: Microsoft Exchange Server
Links:
https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
Remote code execution in Sophos Firewall
CVE-2022-3236
Code Injection
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the User Portal and Webadmin interfaces of Sophos Firewall. A remote non-authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Sophos Firewall
Links:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
Privilege escalation in Microsoft Windows common log file system driver
CVE-2022-37969
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local unprivileged user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969
Multiple vulnerabilities in Trend Micro Apex One
CVE-2022-40139
Insufficient verification of data authenticity
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to improper input validation within the rollback functionality. A remote authenticated user with access to the administrative console can force the agent into downloading unverified rollback components and compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apex One
Links:
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
https://success.trendmicro.com/jp/solution/000291471
Multiple vulnerabilities in Apple macOS Monterey
CVE-2022-32917
Buffer overflow
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: macOS
Links:
https://support.apple.com/en-us/HT213444
Remote code execution in WPGateway plugin for WordPress
CVE-2022-3180
Improper Authorization
The vulnerability allows a remote attacker to compromise the web application.
The vulnerability exists due to missing authorization checks. A remote non-authenticated attacker can send a specially crafted request to the affected plugin and add an administrative user account into your WordPress installation.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary PHP code on the server.
Note, the vulnerability is being actively exploited in the wild as of September 8.
Software: WPGateway
Links:
https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/
Arbitrary file read in BackupBuddy WordPress plugin
CVE-2022-31474
Improper Authorization
The vulnerability allows a remote attacker to download arbitrary files from the server.
The vulnerability exists due to missing authorization for the feature responsible for remote downloading remote backups. A remote non-authenticated attacker can download arbitrary files from the server.
Note, the vulnerability is being actively exploited in the wild.
Software: BackupBuddy
Links:
https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
Remote code execution in Photo Station
CVE-2022-27593
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified vulnerability. A remote non-authenticated attacker can send a specially crafted request to the affected system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild by the DeadBolt ransomware.
Software: Photo Station
Known/fameous malware:
DeadBolt
Links:
https://www.qnap.com/en/security-advisory/qsa-22-24
Remote code execution in Google Chrome
CVE-2022-3075
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the Mojo component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
Improper access control in General Bytes Crypto Application Server (CAS)
Improper access control
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper access restrictions to the default installation page. A remote attacker can connect to the default installation URL and create an administrative user account.
Note, the vulnerability is being active exploited in the wild.
Software: Crypto Application Server (CAS)
Links:
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2785509377/Security+Incident+August+18th+2022
Multiple vulnerabilities in Apple macOS Monterey
CVE-2022-32893
Out-of-bounds write
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: macOS
Multiple vulnerabilities in Apple macOS Monterey
CVE-2022-32894
Out-of-bounds write
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code on the system with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: macOS
Multiple vulnerabilities in Google Chrome
CVE-2022-2856
Input validation error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Intents component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
Remote code execution in Microsoft Windows Support Diagnostic Tool (MSDT)
CVE-2022-34713
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Windows Support Diagnostic Tool (MSDT) when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34713
Privilege escalation in Microsoft Windows CSRSS
CVE-2022-22047
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Microsoft Windows Client/Server Runtime Subsystem (CSRSS). A local user can run a specially crafted program to execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22047
Remote code execution in Google Chrome
CVE-2022-2294
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within WebRTC implementation. A remote attacker can trick the victim ti visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability was reported to Google by the Avast Threat Intelligence team on 2022-07-01.
Software: Google Chrome
The vulnerability was reported to Google by the Avast Threat Intelligence team on 2022-07-01.
Links:
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
Remote code execution in Mitel MiVoice Connect
CVE-2022-29499
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances тАУ SA 100, SA 400, and Virtual SA). A remote unauthenticated attacker can send a specially crafted HTTP GET request to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: MiVoice Connect
Links:
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0002
Remote code execution in Atlassian Confluence Server
CVE-2022-26134
Code Injection
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when processing OGNL expressions. A remote non-authenticated attacker can send a specially crafted request to the Confluence Server and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.Software: Atlassian Confluence Server
Remote code execution in Microsoft Windows
CVE-2022-30190
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing URL within the Microsoft Windows Support Diagnostic Tool (MSDT). A remote unauthenticated attacker can trick the victim to open a specially crafted file, which calls the ms-msdt tool and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
UPDATED
The vulnerability resides within MSTD and not in Microsoft Word. Microsoft Word is an attack vector and not the source of vulnerability.
Software: Microsoft Word
Links:
https://twitter.com/nao_sec/status/1530196847679401984 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
Improper access restrictions in Cisco IOS XR
CVE-2022-20821
Improper access control
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to unrestricted access to the Redis instance running within the NOSi container, accessible via port 6379/tcp (the health check RPM opens this port by default). A remote non-authenticated attacker can connect to the Redis instance and obtain sensitive information or modify it.
Note, the vulnerability is being actively exploited in the wild.
Software: Cisco IOS XR
Spoofing attack in Microsoft Windows LSA
CVE-2022-26925
Man-in-the-Middle (MitM) attack
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists within the Windows LSA service. A remote attacker can call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. As a result, an attacker can obtain credentials and compromise the affected system via the NTLM Relay Attack.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26925
Remote code execution in Google Chrome
CVE-2022-1364
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in V8 engine in Google Chrome. A remote attacker can trick the victim to visit a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
Privilege escalation in Microsoft Windows common log file system driver
CVE-2022-24521
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24521
Multiple vulnerabilities in Apple macOS Monterey
CVE-2022-22674
Out-of-bounds read
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within Intel Graphics Driver. A local user can trigger an out-of-bounds read error and read contents of kernel memory.
Note, the vulnerability is being actively exploited in the wild.
Software: macOS
Links:
https://support.apple.com/en-us/HT213220
Multiple vulnerabilities in Apple macOS Monterey
CVE-2022-22675
Out-of-bounds write
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AppleAVD subsystem. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: macOS
Links:
https://support.apple.com/en-us/HT213220
Remote code execution in Trend Micro Apex Central
CVE-2022-26871
Arbitrary file upload
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to improper access restrictions in the Trend Micro Apex Central management console. A remote non-authenticated attacker can upload arbitrary file to the system and execute it.
Note, the vulnerability is being actively exploited in the wild.
Software: Apex Central
Links:
https://success.trendmicro.com/dcx/s/solution/000290678?language=en_US
Remote code execution in Spring Framework
CVE-2022-22965
Code Injection
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted HTTP request to the affected application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
This vulnerability was dubbed "Spring4Shell".
Software: Pivotal Spring Framework
Links:
https://lab.wallarm.com/update-on-0-day-vulnerabilities-in-spring-spring4shell-and-cve-2022-22963/
Remote code execution in Sophos Firewall
CVE-2022-1040
Input validation error
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to insufficient validation of user-supplied input in the User Portal and Webadmin. A remote attacker can send specially crafted requests to the web interface and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected device.
Note, the vulnerability is being actively exploited in the wild.
Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region.
Software: Sophos Firewall
Remote code execution in Google Chrome
CVE-2022-1096
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
Remote code execution in Mozilla Firefox
CVE-2022-26486
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing messages in the WebGPU IPC framework. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Mozilla Firefox
Links:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Remote code execution in Mozilla Firefox
CVE-2022-26485
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing XSLT parameter. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Mozilla Firefox
Links:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Multiple vulnerabilities in Google Chrome
CVE-2022-0609
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
Remote code execution in Magento
CVE-2022-24086
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can send a specially crafted HTTP POST request to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Software: Adobe Commerce (formerly Magento Commerce)
Links:
https://helpx.adobe.com/security/products/magento/apsb22-12.html
Remote code execution in Apple iOS and iPadOS
CVE-2022-22620
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213093
Cross-site scripting in Zimbra
CVE-2022-24682
Cross-site scripting
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note, the vulnerability is being actively exploited in the wild in the targeted attacks aimed to exfiltrated data.
Software: Zimbra Collaboration
Links:
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2022-22587
Buffer overflow
The vulnerability allows a malicious application to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger buffer overflow and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213053
Multiple vulnerabilities in Microsoft Win32k
CVE-2022-21882
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Win32k.sys driver. A local user can run a specially crafted program to trigger a buffer overflow and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows