Security Vulnerabilities - CVEs Published In September 2022
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-09-26
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-09-26
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-26
CVE-2022-41352
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
Known exploited
CVSS Score
9.8
EPSS Score
0.815
Published
2022-09-26
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-25
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
CVSS Score
7.5
EPSS Score
0.701
Published
2022-09-25
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-25
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-09-24
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.
CVSS Score
9.4
EPSS Score
0.032
Published
2022-09-24
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-09-24