April 1, 2023


This year 2022, a total of 50+ security vulnerabilities have been exploited as unpatched zero-days in the wild, according to an stats. It affected a wide range of platforms, including Apple iOS, Atlassian Confluence, Chromium, Google Pixel, Windows.

In this post , all Zero Days are detailed out in OEM wise alphabetical order.


OEM Wise Zero Days Summary List

OEMZero Days Count
Microsoft15
Apple10
Google Chrome9
Sophos2
Mozilla2
WordPress2
TrendMicro2
FortiOS1
Photo Station1
Citrix1
Spring Framework1
Crypto Application Server (CAS)1
Cisco1
MiVoice Connect1
Zimbra1
bingo!CMS1
Atlassian1
Adobe1
Grand Total53
Advertisements

Severity Wise Zero Days List

SeverityZero Days Count
Critical16
High28
Medium9
Grand Total53

Advertisements

OEM Wise Zero Days Detailed List

Apple

CVE  IDTitleVulnerability TypeDescriptionCVSS ScoreSeverityDisclosedPatch released
CVE-2022-22587Multiple vulnerabilities in Apple iOS and iPadOSBuffer overflowThe vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger buffer overflow and execute arbitrary code with kernel privileges.9.8Critical26-01-202226-01-2022
CVE-2022-22620Remote code execution in Apple iOS and iPadOSUse-after-freeThe vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.8.8High10-02-202210-02-2022
CVE-2022-22674Multiple vulnerabilities in Apple macOS MontereyOut-of-bounds readThe vulnerability exists due to a boundary condition within Intel Graphics Driver. A local user can  trigger an out-of-bounds read error and read contents of kernel memory.5.5Medium31-03-202231-03-2022
CVE-2022-22675Multiple vulnerabilities in Apple macOS MontereyOut-of-bounds writeThe vulnerability exists due to a boundary error within the AppleAVD subsystem. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with kernel privileges.7.8High31-03-202231-03-2022
CVE-2022-32893Multiple vulnerabilities in Apple macOS MontereyOut-of-bounds writeThe vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.8.8High17-08-202217-08-2022
CVE-2022-32894Multiple vulnerabilities in Apple macOS MontereyOut-of-bounds writeThe vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code on the system with kernel privileges.7.8High17-08-202217-08-2022
CVE-2022-32917Multiple vulnerabilities in Apple macOS MontereyBuffer overflowThe vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.7.8High12-09-202212-09-2022
CVE-2022-42827Multiple vulnerabilities in Apple iOS 16 and iPadOS 16Out-of-bounds writeThe vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges.7.8High24-10-202224-10-2022
CVE-2022-42856Remote code execution in Apple iOSType ConfusionThe vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a type  confusion error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.8.8High13-12-202230-11-2022
CVE-2022-22594A cross-origin issue in the IndexDB API was addressed with improved input validation.Permissive cross-domain policy with untrusted domainsA website may be able to track sensitive user information. This affects some unknown processing of the component WebKit Storage. The manipulation with an unknown input leads to a permissive cross-domain policy with untrusted domains vulnerability.6.5Medium26-01-202226-01-2022

Advertisements

Google Chrome

CVE  IDTitleVulnerability TypeDescriptionCVSS ScoreSeverityDisclosedPatch released
CVE-2022-0609Multiple vulnerabilities in Google ChromeUse-after-freeThe vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.8.8High14-02-202214-02-2022
CVE-2022-1096Remote code execution in Google ChromeType ConfusionThe vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.8.8High25-03-202225-03-2022
CVE-2022-1364Remote code execution in Google ChromeType ConfusionThe vulnerability exists due to a type confusion error in V8 engine in Google Chrome. A remote attacker can trick the victim to visit a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.8.8High14-04-202214-04-2022
CVE-2022-2294Remote code execution in Google ChromeHeap-based buffer overflowThe vulnerability exists due to a boundary error within WebRTC implementation. A remote attacker can trick the victim ti visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.8.8High24-06-2022Not Patcher
CVE-2022-2856Multiple vulnerabilities in Google ChromeInput validation errorThe vulnerability exists due to improper input validation in Intents component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.6.5Medium16-08-202216-08-2022
CVE-2022-3075Remote code execution in Google ChromeInput validation errorThe vulnerability exists due to insufficient validation of user-supplied input within the Mojo component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.9.6Critical03-09-202203-09-2022
CVE-2022-3723Remote code execution in Google ChromeType ConfusionThe vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.8.8High27-10-202227-10-2022
CVE-2022-4135Remote code execution in Google ChromeHeap-based buffer overflowThe vulnerability exists due to a boundary error when processing untrusted HTML content in GPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.9.6Critical24-11-202224-11-2022
CVE-2022-4262Remote code execution in Google ChromeType ConfusionThe vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.8.8High03-12-202203-12-2022

Advertisements

Microsoft

CVE  IDTitleVulnerability TypeDescriptionCVSS ScoreSeverityDisclosedPatch released
CVE-2022-21882Multiple vulnerabilities in Microsoft Win32kBuffer overflowThe vulnerability exists due to a boundary error within the Win32k.sys driver. A local user can run a specially crafted program to trigger a buffer overflow and execute arbitrary code on the system with elevated privileges.7.8High11-01-202211-01-2022
CVE-2022-24521Privilege escalation in Microsoft Windows common log file system driverBuffer overflowThe vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.7.8High12-04-202212-04-2022
CVE-2022-26925Spoofing attack in Microsoft Windows LSAMan-in-the-Middle (MitM) attackThe vulnerability exists within the Windows LSA service. A remote attacker can call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. As a result, an attacker can obtain credentials and compromise the affected system via the NTLM Relay Attack.5.9Medium10-05-202210-05-2022
CVE-2022-30190Remote code execution in Microsoft WindowsOS Command InjectionThe vulnerability exists due to improper input validation when processing URL within the Microsoft Windows Support Diagnostic Tool (MSDT). A remote unauthenticated attacker can trick the victim to open a specially crafted file, which calls the ms-msdt tool and execute arbitrary OS commands on the target system.7.8High27-05-202214-06-2022
CVE-2022-22047Privilege escalation in Microsoft Windows CSRSSBuffer overflowThe vulnerability exists due to a boundary error within the Microsoft Windows Client/Server Runtime Subsystem (CSRSS). A local user can run a specially crafted program to execute arbitrary code with SYSTEM privileges.7.8High12-07-202212-07-2022
CVE-2022-34713Remote code execution in Microsoft Windows Support Diagnostic Tool (MSDT)Buffer overflowThe vulnerability exists due to a boundary error in Windows Support Diagnostic Tool (MSDT) when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.7.8High09-08-202209-08-2022
CVE-2022-37969Privilege escalation in Microsoft Windows common log file system driverBuffer overflowThe vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local unprivileged user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.7.8High13-09-202213-09-2022
CVE-2022-41040Remote code execution in Microsoft Exchange ServerServer-Side Request Forgery (SSRF)The vulnerability exists due to insufficient validation of user-supplied input within the Exchange OWA  Autodiscover service.. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.8.8High30-09-202208-11-2022
CVE-2022-41082Remote code execution in Microsoft Exchange ServerDeserialization of Untrusted DataThe vulnerability exists due to insecure input validation when processing serialized data. A remote user with access to PowerShell Remoting on vulnerable Exchange systems can pass specially crafted data to the application and execute arbitrary code on the target system.8.8High30-09-202208-11-2022
CVE-2022-41033Privilege escalation in Microsoft Windows COM+ Event System ServiceBuffer overflowThe vulnerability exists due to a boundary error within the Windows COM+ Event System Service. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.7.8High11-10-202211-10-2022
CVE-2022-41091Multiple vulnerabilities in Microsoft Windows Mark of the WebSecurity features bypassThe vulnerability exists due to security features bypass in Windows Mark of the Web functionality. A remote attacker can trick a victim to open a specially crafted file and bypass Protected View in Microsoft Office, as demonstrated using a specially crafted ZIP archive.5.4Medium08-11-202208-11-2022
CVE-2022-41125Privilege escalation in Microsoft Windows CNG Key Isolation ServiceBuffer overflowThe vulnerability exists due to a boundary error within the Windows CNG Key Isolation Service. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.7.8High08-11-202208-11-2022
CVE-2022-41128Remote code execution in Microsoft Windows Scripting LanguagesBuffer overflowThe vulnerability exists due to a boundary error when processing HTML content within the JScript9 engine. A remote attacker can trick the victim into visiting a malicious website, trigger memory corruption and execute arbitrary code on the target system.8.8High08-11-202208-11-2022
CVE-2022-41073Privilege escalation in Microsoft Windows Print Spooler serviceBuffer overflowThe vulnerability exists due to a boundary error within the Windows Print Spooler. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.7.8High08-11-202208-11-2022
CVE-2022-44698SmartScreen MOTW bypass in Microsoft WindowsSecurity features bypassThe vulnerability exists due to an error in Windows SmartScreen. A remote attacker can bypass Mark of the Web (MOTW) defenses and potentially compromise the affected system.5.4Medium13-12-202213-12-2022

Advertisements

Other OEM’s

OEMCVE  IDTitleVulnerability TypeDescriptionCVSS ScoreSeverityDisclosedPatch released
ZimbraCVE-2022-24682Cross-site scripting in ZimbraCross-site scriptingThe vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.6.1Medium03-02-202204-02-2022
AdobeCVE-2022-24086Remote code execution in MagentoOS Command InjectionThe vulnerability exists due to improper input validation. A remote unauthenticated attacker can send  a specially crafted HTTP POST request to the application and execute arbitrary OS commands on the target system.9.8Critical13-02-202213-02-2022
MozillaCVE-2022-26486Remote code execution in Mozilla FirefoxUse-after-freeThe vulnerability exists due to a use-after-free error when processing messages in the WebGPU IPC framework. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.6.5Medium05-03-202205-03-2022
MozillaCVE-2022-26485Remote code execution in Mozilla FirefoxUse-after-freeThe vulnerability exists due to a use-after-free error when processing XSLT parameter. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.8.6High05-03-202205-03-2022
SophosCVE-2022-1040Remote code execution in Sophos FirewallInput validation errorThe vulnerability exists due to insufficient validation of user-supplied input in the User Portal and Webadmin. A remote attacker can send specially crafted requests to the web interface and execute arbitrary code on the system.9.8Critical25-03-202225-03-2022
TrendMicroCVE-2022-26871Remote code execution in Trend Micro Apex CentralArbitrary file uploadThe vulnerability exists due to improper access restrictions in the Trend Micro Apex Central management console. A remote non-authenticated attacker can upload arbitrary file to the system and execute it.9.8Critical29-03-202229-03-2022
Spring FrameworkCVE-2022-22965Remote code execution in Spring FrameworkCode InjectionThe vulnerability exists due to improper input validation. A remote attacker can send a specially crafted HTTP request to the affected application and execute arbitrary code on the target system.9.8Critical29-03-202231-03-2022
CiscoCVE-2022-20821Improper access restrictions in Cisco IOS XRImproper access controlThe vulnerability exists due to unrestricted access to the Redis instance running within the NOSi container, accessible via port 6379/tcp (the health check RPM opens this port by default). A remote non-authenticated attacker can connect to the Redis instance and obtain sensitive information or modify it.6.5Medium20-05-202220-05-2022
AtlassianCVE-2022-26134Remote code execution in Atlassian Confluence Server The vulnerability exists due to improper input validation when processing OGNL expressions. A remote non-authenticated attacker can send a specially crafted request to the Confluence Server and execute arbitrary code on the system.9.8Critical03-06-202203-06-2022
MiVoice ConnectCVE-2022-29499Remote code execution in Mitel MiVoice ConnectOS Command InjectionThe vulnerability exists due to improper input validation in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA). A remote unauthenticated attacker can send a specially crafted HTTP GET request to the application and execute arbitrary OS commands on the target system.9.8Critical04-07-202204-07-2022
Crypto Application Server (CAS)CWE-284Improper access control in General Bytes Crypto Application Server (CAS)Improper access controlThe vulnerability exists due to improper access restrictions to the default installation page. A remote attacker can connect to the default installation URL and create an administrative user account.#N/AHigh19-08-202219-08-2022
Photo StationCVE-2022-27593Remote code execution in Photo StationInput validation errorThe vulnerability exists due to unspecified vulnerability. A remote non-authenticated attacker can send a specially crafted request to the affected system and execute arbitrary code.9.1Critical03-09-202203-09-2022
WordPressCVE-2022-31474Arbitrary file read in BackupBuddy WordPress pluginImproper AuthorizationThe vulnerability exists due to missing authorization for the feature responsible for remote downloading remote backups. A remote non-authenticated attacker can download arbitrary files from the server.9.1Critical06-09-202206-09-2022
WordPressCVE-2022-3180Remote code execution in WPGateway plugin for WordPressImproper AuthorizationThe vulnerability exists due to missing authorization checks. A remote non-authenticated attacker can send a specially crafted request to the affected plugin and add an administrative user account into your WordPress installation.9.8Critical08-09-2022Not Patched
TrendMicroCVE-2022-40139Multiple vulnerabilities in Trend Micro Apex OneInsufficient verification of data authenticityThe vulnerability exists due to improper input validation within the rollback functionality. A remote authenticated user with access to the administrative console can force the agent into downloading unverified rollback components and compromise the affected system.7.2High13-09-202213-09-2022
SophosCVE-2022-3236Remote code execution in Sophos FirewallCode InjectionThe vulnerability exists due to improper input validation in the User Portal and Webadmin interfaces of Sophos Firewall. A remote non-authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.9.8Critical23-09-202223-09-2022
bingo!CMSCVE-2022-42458Arbitrary file upload in bingo!CMSMissing AuthorizationThe vulnerability exists due to missing authorization in the management functionality responsible for file uploads. A remote non-authenticated attacker can upload a malicious file on the server and execute it.9.8Critical11-10-202211-10-2022
FortiOSCVE-2022-42475Remote code execution in FortiOS sslvpndHeap-based buffer overflowThe vulnerability exists due to a boundary error within the sslvpnd daemon. A remote non-authenticated attacker can pass specially crafted data to the SSL-VPN interface, trigger a heap-based buffer overflow and execute arbitrary code on the target system.9.8Critical12-12-202212-12-2022
CitrixCVE-2022-27518Remote code execution in Citrix ADC and Citrix GatewayImproper control of a resource through its lifetimeThe vulnerability exists due to improper access restrictions in systems configured as a SAML SP or a SAML IdP. A remote non-authenticated attacker can gain unauthorized access to the system9.8Critical13-12-202213-12-2022

This brings end of this Zeroday year in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitter

Leave a Reply

%d bloggers like this: