Zero Day Vulnerabilities in Year 2022 – A Review
Share this:
This year 2022, a total of 50+ security vulnerabilities have been exploited as unpatched zero-days in the wild, according to an stats. It affected a wide range of platforms, including Apple iOS, Atlassian Confluence, Chromium, Google Pixel, Windows.
In this post , all Zero Days are detailed out in OEM wise alphabetical order.
OEM Wise Zero Days Summary List
| OEM | Zero Days Count |
| Microsoft | 15 |
| Apple | 10 |
| Google Chrome | 9 |
| Sophos | 2 |
| Mozilla | 2 |
| WordPress | 2 |
| TrendMicro | 2 |
| FortiOS | 1 |
| Photo Station | 1 |
| Citrix | 1 |
| Spring Framework | 1 |
| Crypto Application Server (CAS) | 1 |
| Cisco | 1 |
| MiVoice Connect | 1 |
| Zimbra | 1 |
| bingo!CMS | 1 |
| Atlassian | 1 |
| Adobe | 1 |
| Grand Total | 53 |
Advertisements
Severity Wise Zero Days List
| Severity | Zero Days Count |
| Critical | 16 |
| High | 28 |
| Medium | 9 |
| Grand Total | 53 |
Advertisements
OEM Wise Zero Days Detailed List
Apple
| CVE ID | Title | Vulnerability Type | Description | CVSS Score | Severity | Disclosed | Patch released |
| CVE-2022-22587 | Multiple vulnerabilities in Apple iOS and iPadOS | Buffer overflow | The vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger buffer overflow and execute arbitrary code with kernel privileges. | 9.8 | Critical | 26-01-2022 | 26-01-2022 |
| CVE-2022-22620 | Remote code execution in Apple iOS and iPadOS | Use-after-free | The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system. | 8.8 | High | 10-02-2022 | 10-02-2022 |
| CVE-2022-22674 | Multiple vulnerabilities in Apple macOS Monterey | Out-of-bounds read | The vulnerability exists due to a boundary condition within Intel Graphics Driver. A local user can trigger an out-of-bounds read error and read contents of kernel memory. | 5.5 | Medium | 31-03-2022 | 31-03-2022 |
| CVE-2022-22675 | Multiple vulnerabilities in Apple macOS Monterey | Out-of-bounds write | The vulnerability exists due to a boundary error within the AppleAVD subsystem. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with kernel privileges. | 7.8 | High | 31-03-2022 | 31-03-2022 |
| CVE-2022-32893 | Multiple vulnerabilities in Apple macOS Monterey | Out-of-bounds write | The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system. | 8.8 | High | 17-08-2022 | 17-08-2022 |
| CVE-2022-32894 | Multiple vulnerabilities in Apple macOS Monterey | Out-of-bounds write | The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code on the system with kernel privileges. | 7.8 | High | 17-08-2022 | 17-08-2022 |
| CVE-2022-32917 | Multiple vulnerabilities in Apple macOS Monterey | Buffer overflow | The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges. | 7.8 | High | 12-09-2022 | 12-09-2022 |
| CVE-2022-42827 | Multiple vulnerabilities in Apple iOS 16 and iPadOS 16 | Out-of-bounds write | The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges. | 7.8 | High | 24-10-2022 | 24-10-2022 |
| CVE-2022-42856 | Remote code execution in Apple iOS | Type Confusion | The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system. | 8.8 | High | 13-12-2022 | 30-11-2022 |
| CVE-2022-22594 | A cross-origin issue in the IndexDB API was addressed with improved input validation. | Permissive cross-domain policy with untrusted domains | A website may be able to track sensitive user information. This affects some unknown processing of the component WebKit Storage. The manipulation with an unknown input leads to a permissive cross-domain policy with untrusted domains vulnerability. | 6.5 | Medium | 26-01-2022 | 26-01-2022 |
Advertisements
Google Chrome
| CVE ID | Title | Vulnerability Type | Description | CVSS Score | Severity | Disclosed | Patch released |
| CVE-2022-0609 | Multiple vulnerabilities in Google Chrome | Use-after-free | The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. | 8.8 | High | 14-02-2022 | 14-02-2022 |
| CVE-2022-1096 | Remote code execution in Google Chrome | Type Confusion | The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system. | 8.8 | High | 25-03-2022 | 25-03-2022 |
| CVE-2022-1364 | Remote code execution in Google Chrome | Type Confusion | The vulnerability exists due to a type confusion error in V8 engine in Google Chrome. A remote attacker can trick the victim to visit a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system. | 8.8 | High | 14-04-2022 | 14-04-2022 |
| CVE-2022-2294 | Remote code execution in Google Chrome | Heap-based buffer overflow | The vulnerability exists due to a boundary error within WebRTC implementation. A remote attacker can trick the victim ti visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system. | 8.8 | High | 24-06-2022 | Not Patcher |
| CVE-2022-2856 | Multiple vulnerabilities in Google Chrome | Input validation error | The vulnerability exists due to improper input validation in Intents component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system. | 6.5 | Medium | 16-08-2022 | 16-08-2022 |
| CVE-2022-3075 | Remote code execution in Google Chrome | Input validation error | The vulnerability exists due to insufficient validation of user-supplied input within the Mojo component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system. | 9.6 | Critical | 03-09-2022 | 03-09-2022 |
| CVE-2022-3723 | Remote code execution in Google Chrome | Type Confusion | The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system. | 8.8 | High | 27-10-2022 | 27-10-2022 |
| CVE-2022-4135 | Remote code execution in Google Chrome | Heap-based buffer overflow | The vulnerability exists due to a boundary error when processing untrusted HTML content in GPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system. | 9.6 | Critical | 24-11-2022 | 24-11-2022 |
| CVE-2022-4262 | Remote code execution in Google Chrome | Type Confusion | The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system. | 8.8 | High | 03-12-2022 | 03-12-2022 |
Advertisements
Microsoft
| CVE ID | Title | Vulnerability Type | Description | CVSS Score | Severity | Disclosed | Patch released |
| CVE-2022-21882 | Multiple vulnerabilities in Microsoft Win32k | Buffer overflow | The vulnerability exists due to a boundary error within the Win32k.sys driver. A local user can run a specially crafted program to trigger a buffer overflow and execute arbitrary code on the system with elevated privileges. | 7.8 | High | 11-01-2022 | 11-01-2022 |
| CVE-2022-24521 | Privilege escalation in Microsoft Windows common log file system driver | Buffer overflow | The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges. | 7.8 | High | 12-04-2022 | 12-04-2022 |
| CVE-2022-26925 | Spoofing attack in Microsoft Windows LSA | Man-in-the-Middle (MitM) attack | The vulnerability exists within the Windows LSA service. A remote attacker can call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. As a result, an attacker can obtain credentials and compromise the affected system via the NTLM Relay Attack. | 5.9 | Medium | 10-05-2022 | 10-05-2022 |
| CVE-2022-30190 | Remote code execution in Microsoft Windows | OS Command Injection | The vulnerability exists due to improper input validation when processing URL within the Microsoft Windows Support Diagnostic Tool (MSDT). A remote unauthenticated attacker can trick the victim to open a specially crafted file, which calls the ms-msdt tool and execute arbitrary OS commands on the target system. | 7.8 | High | 27-05-2022 | 14-06-2022 |
| CVE-2022-22047 | Privilege escalation in Microsoft Windows CSRSS | Buffer overflow | The vulnerability exists due to a boundary error within the Microsoft Windows Client/Server Runtime Subsystem (CSRSS). A local user can run a specially crafted program to execute arbitrary code with SYSTEM privileges. | 7.8 | High | 12-07-2022 | 12-07-2022 |
| CVE-2022-34713 | Remote code execution in Microsoft Windows Support Diagnostic Tool (MSDT) | Buffer overflow | The vulnerability exists due to a boundary error in Windows Support Diagnostic Tool (MSDT) when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system. | 7.8 | High | 09-08-2022 | 09-08-2022 |
| CVE-2022-37969 | Privilege escalation in Microsoft Windows common log file system driver | Buffer overflow | The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local unprivileged user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges. | 7.8 | High | 13-09-2022 | 13-09-2022 |
| CVE-2022-41040 | Remote code execution in Microsoft Exchange Server | Server-Side Request Forgery (SSRF) | The vulnerability exists due to insufficient validation of user-supplied input within the Exchange OWA Autodiscover service.. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. | 8.8 | High | 30-09-2022 | 08-11-2022 |
| CVE-2022-41082 | Remote code execution in Microsoft Exchange Server | Deserialization of Untrusted Data | The vulnerability exists due to insecure input validation when processing serialized data. A remote user with access to PowerShell Remoting on vulnerable Exchange systems can pass specially crafted data to the application and execute arbitrary code on the target system. | 8.8 | High | 30-09-2022 | 08-11-2022 |
| CVE-2022-41033 | Privilege escalation in Microsoft Windows COM+ Event System Service | Buffer overflow | The vulnerability exists due to a boundary error within the Windows COM+ Event System Service. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges. | 7.8 | High | 11-10-2022 | 11-10-2022 |
| CVE-2022-41091 | Multiple vulnerabilities in Microsoft Windows Mark of the Web | Security features bypass | The vulnerability exists due to security features bypass in Windows Mark of the Web functionality. A remote attacker can trick a victim to open a specially crafted file and bypass Protected View in Microsoft Office, as demonstrated using a specially crafted ZIP archive. | 5.4 | Medium | 08-11-2022 | 08-11-2022 |
| CVE-2022-41125 | Privilege escalation in Microsoft Windows CNG Key Isolation Service | Buffer overflow | The vulnerability exists due to a boundary error within the Windows CNG Key Isolation Service. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges. | 7.8 | High | 08-11-2022 | 08-11-2022 |
| CVE-2022-41128 | Remote code execution in Microsoft Windows Scripting Languages | Buffer overflow | The vulnerability exists due to a boundary error when processing HTML content within the JScript9 engine. A remote attacker can trick the victim into visiting a malicious website, trigger memory corruption and execute arbitrary code on the target system. | 8.8 | High | 08-11-2022 | 08-11-2022 |
| CVE-2022-41073 | Privilege escalation in Microsoft Windows Print Spooler service | Buffer overflow | The vulnerability exists due to a boundary error within the Windows Print Spooler. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges. | 7.8 | High | 08-11-2022 | 08-11-2022 |
| CVE-2022-44698 | SmartScreen MOTW bypass in Microsoft Windows | Security features bypass | The vulnerability exists due to an error in Windows SmartScreen. A remote attacker can bypass Mark of the Web (MOTW) defenses and potentially compromise the affected system. | 5.4 | Medium | 13-12-2022 | 13-12-2022 |
Advertisements
Other OEM’s
| OEM | CVE ID | Title | Vulnerability Type | Description | CVSS Score | Severity | Disclosed | Patch released |
| Zimbra | CVE-2022-24682 | Cross-site scripting in Zimbra | Cross-site scripting | The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website. | 6.1 | Medium | 03-02-2022 | 04-02-2022 |
| Adobe | CVE-2022-24086 | Remote code execution in Magento | OS Command Injection | The vulnerability exists due to improper input validation. A remote unauthenticated attacker can send a specially crafted HTTP POST request to the application and execute arbitrary OS commands on the target system. | 9.8 | Critical | 13-02-2022 | 13-02-2022 |
| Mozilla | CVE-2022-26486 | Remote code execution in Mozilla Firefox | Use-after-free | The vulnerability exists due to a use-after-free error when processing messages in the WebGPU IPC framework. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system. | 6.5 | Medium | 05-03-2022 | 05-03-2022 |
| Mozilla | CVE-2022-26485 | Remote code execution in Mozilla Firefox | Use-after-free | The vulnerability exists due to a use-after-free error when processing XSLT parameter. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system. | 8.6 | High | 05-03-2022 | 05-03-2022 |
| Sophos | CVE-2022-1040 | Remote code execution in Sophos Firewall | Input validation error | The vulnerability exists due to insufficient validation of user-supplied input in the User Portal and Webadmin. A remote attacker can send specially crafted requests to the web interface and execute arbitrary code on the system. | 9.8 | Critical | 25-03-2022 | 25-03-2022 |
| TrendMicro | CVE-2022-26871 | Remote code execution in Trend Micro Apex Central | Arbitrary file upload | The vulnerability exists due to improper access restrictions in the Trend Micro Apex Central management console. A remote non-authenticated attacker can upload arbitrary file to the system and execute it. | 9.8 | Critical | 29-03-2022 | 29-03-2022 |
| Spring Framework | CVE-2022-22965 | Remote code execution in Spring Framework | Code Injection | The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted HTTP request to the affected application and execute arbitrary code on the target system. | 9.8 | Critical | 29-03-2022 | 31-03-2022 |
| Cisco | CVE-2022-20821 | Improper access restrictions in Cisco IOS XR | Improper access control | The vulnerability exists due to unrestricted access to the Redis instance running within the NOSi container, accessible via port 6379/tcp (the health check RPM opens this port by default). A remote non-authenticated attacker can connect to the Redis instance and obtain sensitive information or modify it. | 6.5 | Medium | 20-05-2022 | 20-05-2022 |
| Atlassian | CVE-2022-26134 | Remote code execution in Atlassian Confluence Server | The vulnerability exists due to improper input validation when processing OGNL expressions. A remote non-authenticated attacker can send a specially crafted request to the Confluence Server and execute arbitrary code on the system. | 9.8 | Critical | 03-06-2022 | 03-06-2022 | |
| MiVoice Connect | CVE-2022-29499 | Remote code execution in Mitel MiVoice Connect | OS Command Injection | The vulnerability exists due to improper input validation in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA). A remote unauthenticated attacker can send a specially crafted HTTP GET request to the application and execute arbitrary OS commands on the target system. | 9.8 | Critical | 04-07-2022 | 04-07-2022 |
| Crypto Application Server (CAS) | CWE-284 | Improper access control in General Bytes Crypto Application Server (CAS) | Improper access control | The vulnerability exists due to improper access restrictions to the default installation page. A remote attacker can connect to the default installation URL and create an administrative user account. | #N/A | High | 19-08-2022 | 19-08-2022 |
| Photo Station | CVE-2022-27593 | Remote code execution in Photo Station | Input validation error | The vulnerability exists due to unspecified vulnerability. A remote non-authenticated attacker can send a specially crafted request to the affected system and execute arbitrary code. | 9.1 | Critical | 03-09-2022 | 03-09-2022 |
| WordPress | CVE-2022-31474 | Arbitrary file read in BackupBuddy WordPress plugin | Improper Authorization | The vulnerability exists due to missing authorization for the feature responsible for remote downloading remote backups. A remote non-authenticated attacker can download arbitrary files from the server. | 9.1 | Critical | 06-09-2022 | 06-09-2022 |
| WordPress | CVE-2022-3180 | Remote code execution in WPGateway plugin for WordPress | Improper Authorization | The vulnerability exists due to missing authorization checks. A remote non-authenticated attacker can send a specially crafted request to the affected plugin and add an administrative user account into your WordPress installation. | 9.8 | Critical | 08-09-2022 | Not Patched |
| TrendMicro | CVE-2022-40139 | Multiple vulnerabilities in Trend Micro Apex One | Insufficient verification of data authenticity | The vulnerability exists due to improper input validation within the rollback functionality. A remote authenticated user with access to the administrative console can force the agent into downloading unverified rollback components and compromise the affected system. | 7.2 | High | 13-09-2022 | 13-09-2022 |
| Sophos | CVE-2022-3236 | Remote code execution in Sophos Firewall | Code Injection | The vulnerability exists due to improper input validation in the User Portal and Webadmin interfaces of Sophos Firewall. A remote non-authenticated attacker can send a specially crafted request and execute arbitrary code on the target system. | 9.8 | Critical | 23-09-2022 | 23-09-2022 |
| bingo!CMS | CVE-2022-42458 | Arbitrary file upload in bingo!CMS | Missing Authorization | The vulnerability exists due to missing authorization in the management functionality responsible for file uploads. A remote non-authenticated attacker can upload a malicious file on the server and execute it. | 9.8 | Critical | 11-10-2022 | 11-10-2022 |
| FortiOS | CVE-2022-42475 | Remote code execution in FortiOS sslvpnd | Heap-based buffer overflow | The vulnerability exists due to a boundary error within the sslvpnd daemon. A remote non-authenticated attacker can pass specially crafted data to the SSL-VPN interface, trigger a heap-based buffer overflow and execute arbitrary code on the target system. | 9.8 | Critical | 12-12-2022 | 12-12-2022 |
| Citrix | CVE-2022-27518 | Remote code execution in Citrix ADC and Citrix Gateway | Improper control of a resource through its lifetime | The vulnerability exists due to improper access restrictions in systems configured as a SAML SP or a SAML IdP. A remote non-authenticated attacker can gain unauthorized access to the system | 9.8 | Critical | 13-12-2022 | 13-12-2022 |
This brings end of this Zeroday year in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter
