Customer portal
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 26 September 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2022-2568

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with ‘change user’ permissions to modify the account settings of the superuser account and also remove the superuser privileges.

https://nvd.nist.gov/vuln/detail/CVE-2022-2568

 


 

2. CVE-2022-25636

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with ‘change user’ permissions to modify the account settings of the superuser account and also remove the superuser privileges.

https://nvd.nist.gov/vuln/detail/CVE-2022-25636

 


 

3. CVE-2022-2588

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with ‘change user’ permissions to modify the account settings of the superuser account and also remove the superuser privileges.

https://nvd.nist.gov/vuln/detail/CVE-2022-2588

 


 

4. CVE-2022-35085

SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.

https://nvd.nist.gov/vuln/detail/CVE-2022-35085

 


 

5. CVE-2021-44733

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

https://nvd.nist.gov/vuln/detail/CVE-2021-44733

 


 

6. CVE-2022-35896

An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure.

https://nvd.nist.gov/vuln/detail/CVE-2022-35896

 


 

7. CVE-2021-1675

Windows Print Spooler Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-1675

 


 

8. CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

https://nvd.nist.gov/vuln/detail/CVE-2022-29499

 


 

9. CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

https://nvd.nist.gov/vuln/detail/CVE-2022-38177

 


 

10. CVE-2018-9999

In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.

https://nvd.nist.gov/vuln/detail/CVE-2018-9999

 


Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound