A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system.
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).
It was discovered that SnakeYAML did not limit the maximal nested depth
for collections when parsing YAML data. If a user or automated system were
tricked into opening a specially crafted YAML file, an attacker could
possibly use this issue to cause applications using SnakeYAML to crash,
resulting in a denial of service. (CVE-2022-25857, CVE-2022-38749,
CVE-2022-38750)
It was discovered that SnakeYAML did not limit the maximal data matched
with regular expressions when parsing YAML data. If a user or automated
system were tricked into opening a specially crafted YAML file, an
attacker could possibly use this issue to cause applications using
SnakeYAML to crash, resulting in a denial of service. (CVE-2022-38751)
A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability.
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611.
A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 3e693197bd69b7173cc16d8d2e0a7d501a2a0b06. It is recommended to upgrade the affected component. The identifier VDB-222609 was assigned to this vulnerability.
FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities catalog on March 7, 2023. The catalog lists vulnerabilities that are being actively exploited in the wild.Why is this Significant?This is significant because CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) are on the CISA’s Known Exploited Vulnerabilities Catalog which are being actively exploited in the wild. As such, patches should be applied to the vulnerabilities as soon as possible.What is CVE-2022-28810?CVE-2022-28810 is a Remote Code Execution (RCE) vulnerability in Zoho ManageEngine ADSelfService Plus. A remote attacker may be able to exploit this to execute arbitrary remote code within the context of the application, via a malicious HTTP request.The vulnerability is rated “high” by Zoho and affects builds 6121 and below.What is CVE-2022-33891?CVE-2022-33891 is a Command Injection Vulnerability in Apache Software Foundation Spark. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation of this vulnerability can result in the execution of arbitrary commands in the security context of the user running the vulnerable server.The vulnerability is rated “important” by Apache and affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.What is CVE-2022-35914?CVE-2022-35914 a code injection vulnerability in GLPI-Project GLPI. The vulnerability is due to improper validation of user configuration data sent to the endpoint htmLawedTest.php. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution in the security context of the web server process.Have the Vendors Released a Patch for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914?Yes. Patches for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914 are available.What is the Status of Protection?FortiGuard Labs has the following IPS protection in place for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914:Zoho.ManageEngine.ADSelfService.Plus.Custom.Script.Execution (CVE-2022-28810)Apache.Spark.getUnixGroups.Command.Injection (CVE-2022-33891)GLPI-Project.GLPI.htmLawedTest.php.Code.Injection (CVE-2022-35914)
