CVE-2022-22962
https://notcve.org/view.php?id=CVE-2022-22962
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. El agente de VMware Horizon para Linux (anterior a la versión 22.x) contiene una escalada de privilegios local, ya que un usuario puede cambiar la ubicación de la carpeta compartida por defecto debido a un enlace simbólico vulnerable. Una explotación exitosa puede resultar en la vinculación a un archivo propiedad de la raíz • https://www.vmware.com/security/advisories/VMSA-2022-0012.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-22938
https://notcve.org/view.php?id=CVE-2022-22938
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. VMware Workstation (versiones 16.x anteriores a 16.2.2) y Horizon Client para Windows (versiones 5.x anteriores a 5.5.3) contienen una vulnerabilidad de denegación de servicio en el componente Cortado ThinPrint. El problema se presenta en el analizador de fuentes TrueType. • https://www.vmware.com/security/advisories/VMSA-2022-0002.html •
CVE-2021-25933
https://notcve.org/view.php?id=CVE-2021-25933
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `groupName` and `groupComment` parameters. Due to this flaw, an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files which can cause severe damage to the organization using opennms. En OpenNMS Horizon, versiones opennms-1-0-stable hasta opennms-27.1.0-1; OpenNMS Meridian, versiones meridian-foundation-2015.1.0-1 hasta meridian-foundation-2019.1.18-1; versiones meridian-foundation-2020.1.0-1 hasta meridian-foundation-2020.1.6-1, son vulnerables a ataques de tipo Cross-Site Scripting almacenados, ya que la función "validateFormInput()" lleva a cabo validaciones de comprobación inapropiadas en la entrada enviada a los parámetros "groupName" y "groupComment". Debido a este fallo, un atacante autenticado podría inyectar un script arbitrario y engañar a otros usuarios administradores para que descarguen archivos maliciosos que pueden causar daños severos a la organización usando opennms • https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01%2C https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-25931
https://notcve.org/view.php?id=CVE-2021-25931
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at `/opennms/admin/userGroupView/users/updateUser`. This flaw allows assigning `ROLE_ADMIN` security role to a normal user. Using this flaw, an attacker can trick the admin user to assign administrator privileges to a normal user by enticing him to click upon an attacker-controlled website. En OpenNMS Horizon, versiones opennms-1-0-stable hasta opennms-27.1.0-1; OpenNMS Meridian, versiones meridian-foundation-2015.1.0-1 hasta meridian-foundation-2019.1.18-1; versiones meridian-foundation-2020.1.0-1 hasta meridian-foundation-2020.1.6-1, son vulnerables a ataques de tipo CSRF, debido a que no presenta protección de tipo CSRF en el parámetro "/opennms/admin/userGroupView/users/updateUser". Este fallo permite asignar el rol de seguridad "ROLE_ADMIN" a un usuario normal. • https://github.com/OpenNMS/opennms/commit/607151ea8f90212a3fb37c977fa57c7d58d26a84 https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25931 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-25929
https://notcve.org/view.php?id=CVE-2021-25929
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since there is no validation on the input being sent to the `name` parameter in `noticeWizard` endpoint. Due to this flaw an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files. En OpenNMS Horizon, versiones opennms-1-0-stable hasta opennms-27.1.0-1; OpenNMS Meridian, versiones meridian-foundation-2015.1.0-1 hasta meridian-foundation-2019.1.18-1; versiones meridian-foundation-2020.1.0-1 hasta meridian-foundation-2020.1.6-1, son vulnerables a ataque de tipo Cross-Site Scripting almacenado, ya que no presenta comprobación en la entrada que ha sido enviada al parámetro "name" en el endpoint "noticeWizard". Debido a este fallo, un atacante autenticado podría inyectar un script arbitrario y engañar a otros usuarios administradores para que descarguen archivos maliciosos • https://github.com/OpenNMS/opennms/commit/66c1f626bf38a7d1a9530b4d68598269ee5245a2 https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •