Daily Vulnerability Trends: Tue Dec 20 2022

trend 17
Daily Vulnerability Trends (sourced from VulnMon)
CVE NAMECVE Description
CVE-2022-4543 No description provided
CVE-2022-45141 No description provided
CVE-2022-37966Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
CVE-2022-46908SQLite through 3.40.0, when relying on –safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
CVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability.
CVE-2022-27518Unauthenticated remote arbitrary code execution
CVE-2022-26501Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
CVE-2022-47518An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
CVE-2022-26500Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
CVE-2022-42821A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.
CVE-2022-41082Microsoft Exchange Server Remote Code Execution Vulnerability.
CVE-2022-47521An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.
CVE-2022-47519An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.
CVE-2022-46689A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
CVE-2021-4045TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
CVE-2022-42475 No description provided
CVE-2022-23093 No description provided
CVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.
CVE-2022-38023Netlogon RPC Elevation of Privilege Vulnerability.
CVE-2022-37967Windows Kerberos Elevation of Privilege Vulnerability.
CVE Name, Links and Descriptions


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit