Daily Vulnerability Trends: Thu Dec 22 2022

trend 20
Daily Vulnerability Trends (sourced from VulnMon)
CVE NAMECVE Description
CVE-2020-6418Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-33621The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVE-2022-4415 No description provided
CVE-2022-42710 No description provided
CVE-2021-28655The improper Input Validation vulnerability in “”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
CVE-2022-38065A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.
CVE-2022-22583A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.
CVE-2022-27518Unauthenticated remote arbitrary code execution
CVE-2021-43444 No description provided
CVE-2017-11882Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11884.
CVE-2022-4543 No description provided
CVE-2022-37967Windows Kerberos Elevation of Privilege Vulnerability.
CVE-2022-41082Microsoft Exchange Server Remote Code Execution Vulnerability.
CVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability.
CVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.