homepage
Open menu
Contact Sales

@RISK

The Consensus Security Vulnerability Alert

December 22, 2022  |  Vol. 22, Num. 50

Internet Storm Center SpotlightInternet Storm Center EntriesRecent CVEsPrevalent Malware Files

Internet Storm Center Spotlight

INTERNET STORM CENTER SPOTLIGHT

INTERNET STORM CENTER SPOTLIGHT


ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Infostealer Malware with Double Extension

Published: 2022-12-18

Last Updated: 2022-12-18 17:28:06 UTC

by Guy Bruneau (Version: 1)

Got this file attachment this week pretending to be from HSBC Global Payments and Cash Management. The attachment payment_copy.pdf.z is a rar archive, kind of unusual with this type of file archive but when extracted, it comes out as a double extension with pdf.exe. The file is a trojan infostealer and detected by multiple scanning engines.

Read the full diary entry:

https://isc.sans.edu/diary/Infostealer+Malware+with+Double+Extension/29354/



Linux File System Monitoring & Actions

Published: 2022-12-20

Last Updated: 2022-12-20 06:45:13 UTC

by Xavier Mertens (Version: 1)

There can be multiple reasons to keep an eye on a critical/suspicious file or directory. For example, you could track an attacker and wait for some access to the captured credentials in a phishing kit installed on a compromised server. You could deploy an EDR solution or an OSSEC agent that implements an FIM (‘File Integrity Monitoring”)[1]. Upon a file change, an action can be triggered. Nice, but what if you would like a quick solution but agentless? (In the scope of an incident, for example)

There is a well-known suite of API calls on Linux that track filesystem changes: inotify[2]. Around the API, a set of tools are available, like “inotifywatch” that generates an event when a file is “accessed”

Read the full diary entry:

https://isc.sans.edu/diary/Linux+File+System+Monitoring+Actions/29362/

Internet Storm Center Entries

OTHER INTERNET STORM CENTER ENTRIES

Exchange OWASSRF Exploited for Remote Code Execution (2022-12-22)

https://isc.sans.edu/diary/Exchange+OWASSRF+Exploited+for+Remote+Code+Execution/29374/


Can you please tell me what time it is? Adventures with public NTP servers. (2022-12-21)

https://isc.sans.edu/diary/Can+you+please+tell+me+what+time+it+is+Adventures+with+public+NTP+servers/29368/


Hunting for Mastodon Servers (2022-12-19)

https://isc.sans.edu/diary/Hunting+for+Mastodon+Servers/29358/


CyberChef & Entropy (2022-12-17)

https://isc.sans.edu/diary/CyberChef+Entropy/29352/


VMware Security Updates (2022-12-16)

https://isc.sans.edu/diary/VMware+Security+Updates/29350/


Google ads lead to fake software pages pushing IcedID (Bokbot) (2022-12-15)

https://isc.sans.edu/diary/Google+ads+lead+to+fake+software+pages+pushing+IcedID+Bokbot/29344/

Recent CVEs

RECENT CVEs

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.



CVE-2022-31705 - VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

CVSS Score: 8.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31705

ISC Podcast: https://isc.sans.edu/podcastdetail.html?id=8292

NVD References: https://www.vmware.com/security/advisories/VMSA-2022-0033.html


CVE-2022-31702 - vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31702

NVD References: https://www.vmware.com/security/advisories/VMSA-2022-0031.html


CVE-2022-27518 - Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

** KEV since 2022-12-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-27518

NVD References: https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518


CVE-2022-44698 - Windows SmartScreen Security Feature Bypass Vulnerability

CVSS Score: 5.4

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C

** KEV since 2022-12-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-44698

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698


CVE-2022-42856 - A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.

CVSS Score: 8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

** KEV since 2022-12-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-42856

NVD References:

- https://seclists.org/fulldisclosure/2022/Dec/21

- https://seclists.org/fulldisclosure/2022/Dec/22

- https://seclists.org/fulldisclosure/2022/Dec/23

- https://seclists.org/fulldisclosure/2022/Dec/26

- https://seclists.org/fulldisclosure/2022/Dec/28

- https://support.apple.com/en-us/HT213516

- https://support.apple.com/en-us/HT213531

- https://support.apple.com/en-us/HT213532

- https://support.apple.com/en-us/HT213535

- https://support.apple.com/en-us/HT213537


CVE-2022-42837 - An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-42837

NVD References:

- https://seclists.org/fulldisclosure/2022/Dec/20

- https://seclists.org/fulldisclosure/2022/Dec/21

- https://seclists.org/fulldisclosure/2022/Dec/23

- https://support.apple.com/en-us/HT213530

- https://support.apple.com/en-us/HT213531

- https://support.apple.com/en-us/HT213532

- https://support.apple.com/en-us/HT213536


CVE-2022-42842 - The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.

CVSS Score: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-42842

NVD References:

- https://seclists.org/fulldisclosure/2022/Dec/20

- https://seclists.org/fulldisclosure/2022/Dec/23

- https://seclists.org/fulldisclosure/2022/Dec/24

- https://seclists.org/fulldisclosure/2022/Dec/25

- https://seclists.org/fulldisclosure/2022/Dec/26

- https://support.apple.com/en-us/HT213530

- https://support.apple.com/en-us/HT213532

- https://support.apple.com/en-us/HT213533

- https://support.apple.com/en-us/HT213534

- https://support.apple.com/en-us/HT213535

- https://support.apple.com/en-us/HT213536


CVE-2022-41271 - An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection

CVSS Score: 9.4

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-41271

NVD References:

- https://accounts.sap.com/saml2/idp/sso

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html


CVE-2022-4446 - PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4446

NVD References:

- https://github.com/tsolucio/corebos/commit/8035e725ecb397348bd50545e90975b699e4f9f2

- https://huntr.dev/bounties/718f1be6-3834-4ef2-8134-907a52009894/


CVE-2022-20472 - In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239210579

CVE-2022-20473 - In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-20472

NVD References: https://source.android.com/docs/security/bulletin/2022-12-01


CVE-2022-43724 - A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

CVE-2022-46353 - A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-43724

NVD References:

- https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf

- https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf


CVE-2022-46364 - A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46364

NVD References: https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2


CVE-2022-4454 - A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4454

NVD References:

- https://github.com/m0ver/bible-online/commit/6ef0aabfb2d4ccd53fcaa9707781303af357410e

- https://vuldb.com/?id.215444


CVE-2022-45005 - IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-45005

NVD References: https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/ip-com/6_ping_cmdi.md


CVE-2022-46404 - A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46404

NVD References:

- https://networks.unify.com/security/advisories/OBSO-2211-02.pdf

- https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html


CVE-2022-2757 - Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.

CVSS Score: 9.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-2757

NVD References: https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-04


CVE-2022-41653 - Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-41653

NVD References: https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-02


CVE-2022-24377 - The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-24377

NVD References:

- https://github.com/Soontao/cycle-import-check/commit/1ca97b59df7e9c704471fcb4cf042ce76d7c9890

- https://security.snyk.io/vuln/SNYK-JS-CYCLEIMPORTCHECK-3157955


CVE-2022-4493 - A vulnerability classified as critical was found in scifio. Affected by this vulnerability is the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is fcb0dbca0ec72b22fe0c9ddc8abc9cb188a0ff31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215803.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4493

NVD References:

- https://github.com/scifio/scifio/commit/fcb0dbca0ec72b22fe0c9ddc8abc9cb188a0ff31

- https://vuldb.com/?id.215803

'

CVE-2022-4494 - A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer. Affected by this issue is the function extractZip of the file src/main/java/bspkrs/mmv/RemoteZipHandler.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The name of the patch is 6e602746c96b4756c271d080dae7d22ad804a1bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215804.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4494

NVD References:

- https://github.com/bspkrs/MCPMappingViewer/commit/6e602746c96b4756c271d080dae7d22ad804a1bd

- https://vuldb.com/?id.215804


CVE-2022-31358 - A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.

CVSS Score: 9.0

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31358

NVD References:

- https://proxmox.com/en/

- https://git.proxmox.com/?p=pve-http-server.git;a=commitdiff;h=00661f1223b7c0afffa64e1d91f5e018b985f762

- https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/

- https://www.proxmox.com/en/


CVE-2022-44832 - D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-44832

NVD References:

- https://github.com/flamingo1616/iot_vuln/blob/main/D-Link/DIR-3040/6.md

- https://www.dlink.com/en/security-bulletin


CVE-2022-46609 - Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46609

NVD References:

- https://github.com/herry-zhang/Python3-RESTfulAPI/

- https://github.com/herry-zhang/Python3-RESTfulAPI/blob/1c2081dca357685b3180b9baeb7e761e9a10ca99/SECURITY.md

- https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99

- https://mirrors.neusoft.edu.cn/pypi/web/simple/request/


CVE-2022-46996 - vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46996

NVD References:

- https://github.com/SHenry07/vSphere_selfuse/

- https://github.com/SHenry07/vSphere_selfuse/issues/39

- https://mirrors.neusoft.edu.cn/pypi/web/simple/request/


CVE-2022-46997 - Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46997

NVD References:

- https://github.com/Viralmaniar/Passhunt/

- https://github.com/Viralmaniar/Passhunt/issues/14

- https://mirrors.neusoft.edu.cn/pypi/web/simple/request/


CVE-2022-46071 - There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.

CVE-2022-46072 - Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46071

NVD References:

- https://www.youtube.com/watch?v=5wit1Arzwxs

- https://www.youtube.com/watch?v=jBAVUSzBL_M


CVE-2022-46255 - An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46255

NVD References: https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1


CVE-2022-38488 - logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-38488

NVD References:

- https://archive.ph/PecmD

- https://archive.ph/VlGDa

- https://blog.logrocket.com/implement-oauth-2-0-node-js/

- https://github.com/secoats/cve/tree/master/CVE-2022-38488_sqli_logrocket-oauth2-example


CVE-2022-47406 - An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

CVSS Score: 9.8

CVE-2022-47408 - An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.

CVSS Score: 9.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD:

- https://nvd.nist.gov/vuln/detail/CVE-2022-47406

- https://nvd.nist.gov/vuln/detail/CVE-2022-47408

NVD References:

- https://typo3.org/security/advisory/typo3-ext-sa-2022-016

- https://typo3.org/security/advisory/typo3-ext-sa-2022-017


CVE-2021-33420 - A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-33420

NVD References:

- https://advisory.checkmarx.net/advisory/CX-2021-4787/

- https://github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b

- https://github.com/inikulin/replicator/issues/16

- https://github.com/inikulin/replicator/pull/17


CVE-2021-4226 - RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4226

NVD References: https://wpscan.com/vulnerability/c0ed80c8-ebbf-4ed9-b02f-31660097c352


CVE-2022-44236 - Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-44236

NVD References: https://github.com/liong007/Zed-3/issues/2


CVE-2022-44588 - Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-44588

NVD References: https://patchstack.com/database/vulnerability/cryptocurrency-widgets-pack/wordpress-cryptocurrency-widgets-pack-plugin-1-8-1-sql-injection-sqli-vulnerability?_s_id=cve


CVE-2021-4245 - A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4245

NVD References:

- https://github.com/chbrown/rfc6902/commit/c006ce9faa43d31edb34924f1df7b79c137096cf

- https://github.com/chbrown/rfc6902/pull/76

- https://vuldb.com/?id.215883


CVE-2022-46631 - TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.

CVE-2022-46634 - TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46631

NVD References:

- https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6

- https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7


CVE-2022-40004 - Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log.

CVSS Score: 9.6

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-40004

NVD References: https://gist.github.com/s3d113/bba63da007fcbe243615dd2a81690ffb


CVE-2022-45969 - Alist v3.4.0 is vulnerable to Directory Traversal,

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-45969

NVD References: https://github.com/alist-org/alist/issues/2449


CVE-2022-46393 - An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46393

NVD References:

- https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

- https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0

- https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/


CVE-2022-47377 - Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal).

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-47377

NVD References: https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/


CVE-2022-44750 - IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754.

CVE-2022-44752 - IBM Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.

CVE-2022-44754 - IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-44750

NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151


CVE-2022-44751 - IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755.

CVE-2022-44753 - IBM Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.

CVE-2022-44755 - IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-44751

NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260


CVE-2022-28173 - The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

CVSS Score: 9.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-28173

NVD References: https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/


CVE-2022-25893 - The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-25893

NVD References:

- https://github.com/patriksimek/vm2/issues/444

- https://github.com/patriksimek/vm2/pull/445

- https://github.com/patriksimek/vm2/pull/445/commits/3a9876482be487b78a90ac459675da7f83f46d69

- https://security.snyk.io/vuln/SNYK-JS-VM2-2990237

Prevalent Malware Files

HOLIDAY HACK CHALLENGE

The annual SANS Holiday Hack Challenge, featuring KringleCon, is a FREE series of super fun, high-quality, hands-on cybersecurity challenges for all skill levels. This unique experience includes real-world challenges and a quirky holiday-themed storyline where you get to save the holiday season from a cyber-attack. You can create your customized avatar and partner with teammates, friends, and players from around the globe in this one-of-a-kind shared virtual experience.

https://www.sans.org/mlp/holiday-hack-challenge/