diff --git a/crawler/src/main/java/edu/rit/se/nvip/crawler/htmlparser/CyberArkRootParser.java b/crawler/src/main/java/edu/rit/se/nvip/crawler/htmlparser/CyberArkRootParser.java index 6b5f0ce5f..ba6a04e33 100644 --- a/crawler/src/main/java/edu/rit/se/nvip/crawler/htmlparser/CyberArkRootParser.java +++ b/crawler/src/main/java/edu/rit/se/nvip/crawler/htmlparser/CyberArkRootParser.java @@ -28,16 +28,17 @@ public CyberArkRootParser() { * is inside that cell * @return - text inside cell */ - private String getCellValue(Element row, String colIdentifier) { + private String getCellValue(Element row, int colIndex) { // each cell contains a span that references the column it is in - Element cell = row.children().select("td:contains(" + colIdentifier + ")").first(); + Element cell = row.children().get(colIndex); if (cell == null) return ""; - String cellText = cell.text(); - String[] valueSplit = cellText.split(colIdentifier); - // 1 or less in split means there is no value inside this table cell - if (valueSplit.length > 1) - return valueSplit[1].trim(); - return ""; + return cell.text(); +// String cellText = cell.text(); +// String[] valueSplit = cellText.split(colIdentifier); +// // 1 or less in split means there is no value inside this table cell +// if (valueSplit.length > 1) +// return valueSplit[1].trim(); +// return ""; } /** @@ -61,17 +62,24 @@ public List parseWebPage(String sSourceURL, String sCVEContent Element tableBody = table.children().select("tbody").first(); if (tableBody == null) return vulnList; Elements rows = tableBody.children(); - + int i = 0; for (Element row : rows) { + i++; // get CVE ID from row - String cveId = getCellValue(row, "CVE:"); + String cveId = getCellValue(row, 2); + + // if the cve id is invalid, don't use + if (getCVEs(cveId).isEmpty()) { + continue; + } + // get date from row - String date = getCellValue(row, "Date:"); + String date = getCellValue(row, 8); // have our description be a combination of // Vendor, Product, and CWE columns - String vendor = getCellValue(row, "Vendor:"); - String product = getCellValue(row, "Product:"); - String cwe = getCellValue(row, "Vulnerability Type / CWE:"); + String vendor = getCellValue(row, 3); + String product = getCellValue(row, 4); + String cwe = getCellValue(row, 5); String description = vendor + " " + product + " " + cwe; vulnList.add(new RawVulnerability( diff --git a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/CyberArkParserTest.java b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/CyberArkParserTest.java index 1e182b843..74c7ed580 100644 --- a/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/CyberArkParserTest.java +++ b/crawler/src/test/java/edu/rit/se/nvip/crawler/htmlparser/CyberArkParserTest.java @@ -18,7 +18,7 @@ public void testCyberArkRootParser() { "https://labs.cyberark.com/cyberark-labs-security-advisories/", html ); - assertEquals(132, list.size()); + assertEquals(129, list.size()); RawVulnerability vuln = getVulnerability(list, "CVE-2022-23774"); assertNotNull(vuln); assertTrue(vuln.getDescription().contains("Docker")); diff --git a/crawler/src/test/resources/test-cyberark.html b/crawler/src/test/resources/test-cyberark.html index 3f204f33a..e7ff58eb2 100644 --- a/crawler/src/test/resources/test-cyberark.html +++ b/crawler/src/test/resources/test-cyberark.html @@ -1,102 +1,108 @@ - - - - - - - + + - - + + + + + + + + + + })(window,document.documentElement,'async-hide','dataLayer',4000, + {'GTM-5SFWTH':true}); - + - CyberArk Labs Security Advisories - CyberArk Labs - - - - - - - - - - - - +CyberArk Labs Security Advisories - CyberArk Labs + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + - + - - - - - -
- - -
-
-
- -
-
-
-
-
-
-
-

CYBERARK LABS SECURITY ADVISORIES

-

The following is a list of CVEs that were discovered by CyberArk Labs research group.

-
-
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
YearIDCVEVendorProductVulnerability Type / CWEResearcherRead MoreDate
2022 23774 CVE-2022-23774 Docker Docker Desktop Design Flaw – Arbitrary Write Eviatar Gerzi 25-Jan-22
2022 25365 CVE-2022-25365 Docker Docker Desktop Design Flaw – Privilege Escalation Eviatar Gerzi 02-Feb-22
2022 25637 CVE-2022-25637 Razer Razer Synapse 3 Design Flaw – Privilege Escalation Omer Tsarfati 17-Feb-22
2022 37326 CVE-2022-37326 Docker Docker Desktop Design Flaw – Arbitrary R/W/D & PrivEsc Eviatar Gerzi 07-Mar-22
2022 38730 CVE-2022-38730 Docker Docker Desktop Design Flaw – Arbitrary Write Eviatar Gerzi 07-Mar-22
2022 28547 CVE-2022-28547 LiquidPixels LiquiFire OS 4.9.0 Command Injection – RCE Niv Levy 30-Mar-22
2022 22774 CVE-2022-22774 TIBCO Managed File Transfer Command Center XXE – Arbitrary File Read / SSRF Niv Levy 10-May-22
2022 29021 CVE-2022-29021 OpenRazer OpenRazer CWE-120 Classic Buffer Overflow. DOS & PrivEsc Tal Lossos 20-May-22
2022 29022 CVE-2022-29022 OpenRazer OpenRazer CWE-120 Classic Buffer Overflow. DOS & PrivEsc Tal Lossos 20-May-22
2022 29023 CVE-2022-29023 OpenRazer OpenRazer CWE-120 Classic Buffer Overflow. DOS & PrivEsc Tal Lossos 20-May-22
2022 31647 CVE-2022-31647 Docker Docker Desktop Design Flaw – Arbitrary Delete Eviatar Gerzi 25-May-22
2022 34292 CVE-2022-34292 Docker Docker Desktop Design Flaw – Arbitrary Write Eviatar Gerzi 25-May-22
2022 30346 CVE-2022-30346 MSI MSI Center DOS / Privilege Escalation Omer Tsarfati 26-May-22
2021 44903 CVE-2022-44903 EVGA NUREGx64.sys DOS / Privilege Escalation Omer Tsarfati 11-May-22
2022 31615 CVE-2022-31615 Nvidia open-gpu-kernel-modules DOS Tal Lossos 02-Aug-22
2022 34682 CVE-2022-34682 Nvidia open-gpu-kernel-modules DOS Tal Lossos 02-Aug-22
2022 122 CVE-2022-0122 Linux Kernel – NVME nvmet Pre-Auth / Remote DOS Tal Lossos 02-Aug-22
2022 4842 CVE-2022-4842 Linux Kernel – NTFS ntfs3 DOS Alon Zahavi / Tal Lossos 29-Dec-22
2022 36119 CVE-2022-36119 Blue Prism RPA Platform 6.0-7.01 Insecure Deserialization – RCE Nethanel Coppenhagen / Nimrod Stoler 12-Aug-22
2022 36120 CVE-2022-36120 Blue Prism RPA Platform 6.0-7.01 SQL Injection – RCE Nethanel Coppenhagen / Nimrod Stoler 12-Aug-22
2022 36121 CVE-2022-36120 Blue Prism RPA Platform 6.0-7.01 Command Injection – RCE Nimrod Stoler 12-Aug-22
2022 36662 CVE-2022-36662 Blue Prism RPA Platform 6.0-7.01 Information Disclosure – Stealing Platform’s Master Encryption Keys Nimrod Stoler 12-Aug-22
2022 36117 CVE-2022-36117 Blue Prism RPA Platform 6.0-7.01 Credential Theft Nimrod Stoler 12-Aug-22
2022 36118 CVE-2022-36118 Blue Prism RPA Platform 6.0-7.01 Design Flaw – Privilege Escalation Nimrod Stoler 12-Aug-22
2022 36115 CVE-2022-36115 Blue Prism RPA Platform 6.0-7.01 Design Flaw – Write Malicous code into BO processes and expose credentials. Nimrod Stoler 12-Aug-22
2022 36116 CVE-2022-36116 Blue Prism RPA Platform 6.0-7.01 Design Flaw – Privilege Escalation Nimrod Stoler 12-Aug-22
2022 31020 CVE-2022-31020 Hyperledge Indy Command Injection – RCE Shaked Reiner 02-Oct-22
2021 3847 CVE-2021-3847 Linux Overlay FS EoP Alon Zahavi https://www.openwall.com/lists/oss-security/2021/10/14/3 14-Oct-21
2021 37326 CVE-2021-37326 Netsarang Xshell Exposure of Resource to Wrong Sphere Eviatar Gerzi 6-Oct-21
2021 40332 CVE-2021-40332 Realtek RTSPtr.sys (Driver) Privilege Escalation Eran Shimony,
- Mark Cherp		 https://cve.report/CVE-2021-40332 31-Aug-21
2021 40328 CVE-2021-40328 Realtek RTSPtr.sys (Driver) DOS Eran Shimony,
- Mark Cherp		 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40328 30-Aug-21
2021 0160 CVE-2021-0160 Intel Eran Shimony https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0160 10-Aug-21
2021 34466 CVE-2021-34466 Microsoft Windows Hello Security Feature Bypass Vulnerability Omer Tsarfati https://www.cyberark.com/resources/threat-research-blog/bypassing-windows-hello-without-masks-or-plastic-surgery 13-Jul-21
2021 32460 CVE-2021-32460 Trend Micro Antivirus SYMBOLIC LINK Mark Cherp
- Eran.Shimony		 https://helpcenter.trendmicro.com/en-us/article/TMKA-10336 26-May-21
2021 32198 CVE-2021-32198 EmTec Innovative Software ZOC Terminal for Windows and MacOS DOS Eviatar Gerzi 3-May-21
2021 0120 CVE-2021-0120 Microsft vid.sys (Driver) DOS Eran Shimony,
- Mark Cherp		 https://cve.report/CVE-2021-0120 23-Mar-21
2021 42095 CVE-2021-42095 Netsarang Xshell DOS Eviatar Gerzi 14-Mar-21
2021 40147 CVE-2021-40147 EmTec Innovative Software ZOC Terminal for Windows and MacOS Command Injection Eviatar Gerzi 14-Mar-21
2021 31701 CVE-2021-31701 Thomas Wolff MinTTY Improper Handling of Exceptional Conditions Eviatar Gerzi 11-Mar-21
2021 4717 CVE-2021-4717 IBM Modeler subscription EoP Ido Hoorvitch https://www.ibm.com/support/pages/node/6427901 9-Mar-21
2021 28847 CVE-2021-28847 William Taur Mobatek MobaXterm DOS Eviatar Gerzi 26-Feb-21
2021 26928 CVE-2021-26928 Tigera Calico Project Design Flaw Nir Chako https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2 15-Feb-21
2021 28848 CVE-2021-28848 Thomas Wolff MinTTY DOS Eviatar Gerzi 10-Feb-21
2021 33500 CVE-2021-33500 Simon Tatham PuTTY DOS Eviatar Gerzi https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26940 8-Feb-21
2021 26940 CVE-2021-26940 Simon Tatham PuTTY DOS Eviatar Gerzi https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26940 8-Feb-21
2021 1704 CVE-2021-1704 Microsoft Hyper V Null Pointer Dereferencing Eran.Shimony https://msrc.microsoft.com/update-guide/vulnerability/ CVE-2021-1704 12-Jan-21
2020 28349 CVE-2020-28349 Chirpstack Network Server INACCURATE DEDUPLICATION Emmanuel Ouanounou
2020 27534 CVE-2020-27534 Docker Desktop Community LPE & DoS Eviatar Gerzi
2020 27352 CVE-2020-27352 Canonical Ubuntu Linux RCE on Host over Default Docker container Gilad Reti,
- Nimrod Stoler
2020 12335 CVE-2020-12335 Intel Processor Identification SYMBOLIC LINK Eran.Shimony 10-Nov-20
2020 3991 CVE-2020-3991 Vmware Horizon Client SYMBOLIC LINK Eran.Shimony 15-Oct-20
2020 25046 CVE-2020-25046 Kaspersky KAV BINARY SWAPPING Eran.Shimony 18-Aug-20
2020 25045 CVE-2020-25045 Kaspersky KSC Web Console DLL HIJACKING Eran.Shimony 18-Aug-20
2020 25044 CVE-2020-25044 Kaspersky KART DLL HIJACKING Eran.Shimony 18-Aug-20
2020 25043 CVE-2020-25043 Kaspersky VPN SYMBOLIC LINK Eran.Shimony 18-Aug-20
2020 7310 CVE-2020-7310 McAffe Many Products SYMBOLIC LINK Eran.Shimony 12-Aug-20
2020 22460 CVE-2020-22460 Intel Bios Update DLL HIJACKING Eran.Shimony
2020 15534 CVE-2020-15534 Pulse Secure Pulse Secure client LPE & DoS Eviatar Gerzi
2020 15523 CVE-2020-15523 Python \ DUO Python 3.10,
- Python 3.9,
- Python 3.8,
- Python 3.7,
- Python 3.6,
- Python 3.5		 Python DLL Loading Local Privilege Escalation(??) Eran.Shimony,
- Ido Hoorvitch
2020 8759 CVE-2020-8759 Intel SSD Data Center Tool SYMBOLIC LINK Eran.Shimony 11-Aug-20
2020 15523 CVE-2020-15523 Python Cpython DLL HIJACKING Eran.Shimony 14-Jul-20
2020 9200 CVE-2020-9200 Huawei HiSuite DLL HIJACKING Eran.Shimony 1-Jul-20
2020 14212 CVE-2020-14212 FFmpeg FFmpeg BUFFER OVERFLOW Assaf Sion 21-Jun-20
2020 13903 CVE-2020-13903 Avira Free AV Installer SYMBOLIC LINK Eran.Shimony 7-Jun-20
2020 13813 CVE-2020-13813 Foxit PDF Reader DLL HIJACKING Eran.Shimony 7-Jun-20
2020 5357 CVE-2020-5357 Dell Firmware Update SYMBOLIC LINK Eran.Shimony 2-Jun-20
2020 1817 CVE-2020-1817 Huawei PC Manager SYMBOLIC LINK Eran.Shimony 29-Apr-20
2020 7250 CVE-2020-7250 McAffe Many Products SYMBOLIC LINK Eran.Shimony 14-Apr-20
2020 1885 CVE-2020-1885 Facebook OVRRedit.exe SYMBOLIC LINK Eran.Shimony 9-Apr-20
2020 9290 CVE-2020-9290 Fortient VPN Installer SYMBOLIC LINK Eran.Shimony 11-Mar-20
2020 7482 CVE-2020-7482 Schneider Electric Andover Continuum XSS Niv Levy 10-Mar-20
2020 7481 CVE-2020-7481 Schneider Electric Andover Continuum XSS Niv Levy 10-Mar-20
2020 7482 CVE-2020-7482 Schneider Electric Andover Continuum XSS Niv Levy 10-Mar-20
2020 7480 CVE-2020-7480 Schneider Electric Andover Continuum XXE Niv Levy 10-Mar-20
2020 8959 CVE-2020-8959 Western Digital WesternDigitalSSDDashboardSetup.exe DLL HIJACKING Eran.Shimony 10-Feb-20
2020 8242 CVE-2020-8242 Pulse Secure Pulse Secure client LPE & DoS Eviatar Gerzi
2020 7808 CVE-2020-7808 LG SmartShare DLL HIJACKING Eran.Shimony
2020 7807 CVE-2020-7807 LG IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver DLL HIJACKING Eran.Shimony
2020 7806 CVE-2020-7806 LG LGPCSuite DLL HIJACKING Eran.Shimony
2020 6015 CVE-2020-6015 CheckPoint VPN installer EoP Ido Hoorvitch
2020 5962 CVE-2020-5962 Nvidia Nvidia Quardo Driver Eop and DoS Eviatar Gerzi
2020 5324 CVE-2020-5324 Dell Firmware Update Utility SYMBOLIC LINK Eran.Shimony 18-Feb-20
2020 5316 CVE-2020-5316 Dell Support Assist SYMBOLIC LINK Eran.Shimony 10-Feb-20
2020 3427 CVE-2020-3427 DUO SECURITY Duo Authentication for Windows Logon and RDP EoP Ido Hoorvitch
2020 1986 CVE-2020-1986 Palo Alto Secdo Symbolic Link Eviatar Gerzi
2020 1985 CVE-2020-1985 Palo Alto Secdo DoS Eviatar Gerzi
2020 1984 CVE-2020-1984 Palo Alto Secdo Command Execution and DoS Eviatar Gerzi
2020 1317 CVE-2020-1317 Microsoft Svchost Group Policy SYMBOLIC LINK Eran.Shimony 9-Jun-20
2020 1194 CVE-2020-1194 Microsoft Tracing Machanism SYMBOLIC LINK Eran.Shimony 9-Jun-20
2020 0635 CVE-2020-0635 Microsoft Still Image Acquisition Events SYMBOLIC LINK Eran.Shimony 14-Jan-20
2020 0565 CVE-2020-0565 Intel Graphics Driver DLL HIJACKING Eran.Shimony 10-Mar-20
2019 1003004 CVE-2019-1003004 CloudBees Jenkins Privilege Escalation Nimrod.Stoler
2019 19548 CVE-2019-19548 Symantec Norton Power Eraser DLL HIJACKING Eran.Shimony 14-Jan-20
2019 19689 CVE-2019-19689 TrendMicro HouseCallforHomeNetworks.exe 2 DLL HIJACKING Eran.Shimony 18-Dec-19
2019 19689 CVE-2019-19689 TrendMicro HouseCallforHomeNetworks.exe DLL HIJACKING Eran.Shimony 18-Dec-19
2019 19688 CVE-2019-19688 TrendMicro HouseCallforHomeNetworks.exe DLL HIJACKING Eran.Shimony 18-Dec-19
2019 17546 CVE-2019-17546 Intel SSD Toolbox, Rapid Storage, ChipSet SYMBOLIC LINK Eran.Shimony 12-Dec-19
2019 16283 CVE-2019-16283 HP Don’tRemeber.exe DLL HIJACKING Eran.Shimony 17-Jan-20
2019 14597 CVE-2019-14597 Intel Intel Services SYMBOLIC LINK Eran.Shimony 12-Dec-19
2019 3749 CVE-2019-3749 Dell Command Line Update SYMBOLIC LINK Eran.Shimony 3-Dec-19
2019 3750 CVE-2019-3750 Dell Command Line Update SYMBOLIC LINK Eran.Shimony 3-Dec-19
2019 8463 CVE-2019-8463 Checkpoint VPN SYMBOLIC LINK Eran.Shimony 2-Dec-19
2019 14736 SVE-2019-14736 Samsung SideSync SYMBOLIC LINK Eran.Shimony 30-Nov-19
2019 11152 CVE-2019-11152 Intel WIFI Driver DLL HIJACKING Eran.Shimony 2-Nov-19
2019 8071 CVE-2019-8071 Adobe Adobe Update Service SYMBOLIC LINK Eran.Shimony 15-Oct-19
2019 3745 CVE-2019-3745 Dell DDSSetup.exe Driver DLL HIJACKING Eran.Shimony 2-Oct-19
2019 3745 CVE-2019-3745 Dell DellFlashUtil.exe DLL HIJACKING Eran.Shimony 2-Oct-19
2019 3726 CVE-2019-3726 Dell DPMS DLL HIJACKING Eran.Shimony 2-Oct-19
2019 3726 CVE-2019-3726 Dell Communications Driver DLL HIJACKING Eran.Shimony 2-Oct-19
2019 3726 CVE-2019-3726 Dell Chipset Drive,Broadcom Netlink Driver DLL HIJACKING Eran.Shimony 2-Oct-19
2019 16191 CVE-2019-16191 Samsung SAMSUNG USB Driver DLL HIJACKING Eran.Shimony 9-Sep-19
2019 15269 SVE-2019-15269 Samsung SAMSUNG USB Driver DLL HIJACKING Eran.Shimony
2019 14596 CVE-2019-14596 Intel GFX Radeon DLL HIJACKING Eran.Shimony 14-Jan-20
2019 11189 CVE-2019-11189 Intel Intel Support Assist SYMBOLIC LINK Eran.Shimony
2019 8236 CVE-2019-8236 Adobe Creative Cloud SYMBOLIC LINK Eran.Shimony 15-Sep-19
2019 11146 CVE-2019-11146 Intel Intel Support Assist DLL HIJACKING SYMBOLIC LINK Eran.Shimony 13-Aug-19
2019 7957 CVE-2019-7957 Adobe Flash Installer SYMBOLIC LINK Eran.Shimony 13-Aug-19
2019 6196 CVE-2019-6196 Lenovo Solid State Drive Firmware Update DLL HIJACKING Eran.Shimony 2-Dec-20
2019 6176 CVE-2019-6176 Lenovo ThinkPad DLL HIJACKING Eran.Shimony 14-Jan-20
2019 6175 CVE-2019-6175 Lenovo Update Service (2) SYMBOLIC LINK Eran.Shimony 24-Sep-19
2019 6173 CVE-2019-6173 Lenovo NVM DLL HIJACKING Eran.Shimony 14-Jan-20
2019 6163 CVE-2019-6163 Lenovo Update Service SYMBOLIC LINK Eran.Shimony 26-Jun-19
2019 5245 CVE-2019-5245 Huawei HiSuite DLL HIJACKING Eran.Shimony 12-Jun-19
2019 1161 CVE-2019-1161 Microsoft MpSigStub, Windows Defender SYMBOLIC LINK Eran.Shimony 13-Aug-19
2019 1142 CVE-2019-1142 Microsoft Dot-Net SYMBOLIC LINK Eran.Shimony 9-Jul-19
2019 1105 CVE-2019-1105 Microsoft Outlook for Android XSS or ida 20-Jun-19
2018 1999043 CVE-2018-1999043 CloudBees Jenkins DoS – Jenkins master crash Nimrod.Stoler
2018 1999004 CVE-2018-1999004 CloudBees Jenkins Privilege Escalation Nimrod.Stoler
2018 1999003 CVE-2018-1999003 CloudBees Jenkins Privilege Escalation Nimrod.Stoler
2018 1999001 CVE-2018-1999001 CloudBees Jenkins Privilege Escalation which leads to RCE on all Jenkins infrasrtucture Nimrod.Stoler
2018 1000863 CVE-2018-1000863 CloudBees Jenkins DoS Nimrod.Stoler
2018 17246 CVE-2018-17246 Elastic Kibana LFI Nethanel Coppenhagen 7-Nov-18
-
-
-
-
- + + + + -// document ready - }); - -
-
-
-
-
-
-
-
+
-
-
-
-
- +
+ + +
+
+
+
+
+
+
+
+
+
+
+

CYBERARK LABS SECURITY ADVISORIES

+

The following is a list of CVEs that were discovered by CyberArk Labs research group.

+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
YearIDCVEVendorProductVulnerability Type / CWEResearcherRead MoreDate
202231020CVE-2022-31020HyperledgeIndyCommand Injection – RCEShaked Reiner02-Oct-22
202236116CVE-2022-36116Blue PrismRPA Platform 6.0-7.01Design Flaw – Privilege EscalationNimrod Stoler12-Aug-22
202236115CVE-2022-36115Blue PrismRPA Platform 6.0-7.01Design Flaw – Write Malicous code into BO processes and expose credentials.Nimrod Stoler12-Aug-22
202236118CVE-2022-36118Blue PrismRPA Platform 6.0-7.01Design Flaw – Privilege EscalationNimrod Stoler12-Aug-22
202236117CVE-2022-36117Blue PrismRPA Platform 6.0-7.01Credential TheftNimrod Stoler12-Aug-22
202236662CVE-2022-36662Blue PrismRPA Platform 6.0-7.01Information Disclosure – Stealing Platform’s Master Encryption KeysNimrod Stoler12-Aug-22
202236121CVE-2022-36120Blue PrismRPA Platform 6.0-7.01Command Injection – RCENimrod Stoler12-Aug-22
202236120CVE-2022-36120Blue PrismRPA Platform 6.0-7.01SQL Injection – RCENethanel Coppenhagen / Nimrod Stoler12-Aug-22
20224842CVE-2022-4842Linux Kernel – NTFSntfs3DOSAlon Zahavi / Tal Lossos29-Dec-22
2022122CVE-2022-0122Linux Kernel – NVMEnvmetPre-Auth / Remote DOSTal Lossos02-Aug-22
202234682CVE-2022-34682Nvidiaopen-gpu-kernel-modulesDOSTal Lossos02-Aug-22
202231615CVE-2022-31615Nvidiaopen-gpu-kernel-modulesDOSTal Lossos02-Aug-22
202144903CVE-2022-44903EVGANUREGx64.sysDOS / Privilege EscalationOmer Tsarfati11-May-22
202230346CVE-2022-30346MSIMSI CenterDOS / Privilege EscalationOmer Tsarfati26-May-22
202234292CVE-2022-34292DockerDocker DesktopDesign Flaw – Arbitrary WriteEviatar Gerzi25-May-22
202231647CVE-2022-31647DockerDocker DesktopDesign Flaw – Arbitrary DeleteEviatar Gerzi25-May-22
202229023CVE-2022-29023OpenRazerOpenRazerCWE-120 Classic Buffer Overflow. DOS & PrivEscTal Lossos20-May-22
202229022CVE-2022-29022OpenRazerOpenRazerCWE-120 Classic Buffer Overflow. DOS & PrivEscTal Lossos20-May-22
202229021CVE-2022-29021OpenRazerOpenRazerCWE-120 Classic Buffer Overflow. DOS & PrivEscTal Lossos20-May-22
202222774CVE-2022-22774TIBCOManaged File Transfer Command CenterXXE – Arbitrary File Read / SSRFNiv Levy10-May-22
202228547CVE-2022-28547LiquidPixelsLiquiFire OS 4.9.0Command Injection – RCENiv Levy30-Mar-22
202238730CVE-2022-38730DockerDocker DesktopDesign Flaw – Arbitrary WriteEviatar Gerzi07-Mar-22
202237326CVE-2022-37326DockerDocker DesktopDesign Flaw – Arbitrary R/W/D & PrivEscEviatar Gerzi07-Mar-22
202225637CVE-2022-25637RazerRazer Synapse 3Design Flaw – Privilege EscalationOmer Tsarfati17-Feb-22
202225365CVE-2022-25365DockerDocker DesktopDesign Flaw – Privilege EscalationEviatar Gerzi02-Feb-22
202223774CVE-2022-23774DockerDocker DesktopDesign Flaw – Arbitrary WriteEviatar Gerzi25-Jan-22
20213847CVE-2021-3847LinuxOverlay FSEoPAlon Zahavihttps://www.openwall.com/lists/oss-security/2021/10/14/314-Oct-21
202137326CVE-2021-37326NetsarangXshellExposure of Resource to Wrong SphereEviatar Gerzi6-Oct-21
202140332CVE-2021-40332RealtekRTSPtr.sys (Driver)Privilege EscalationEran Shimony,
+Mark Cherp		https://cve.report/CVE-2021-4033231-Aug-21
202140328CVE-2021-40328RealtekRTSPtr.sys (Driver)DOSEran Shimony,
+Mark Cherp		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4032830-Aug-21
20210160CVE-2021-0160IntelEran Shimonyhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-016010-Aug-21
202134466CVE-2021-34466MicrosoftWindows HelloSecurity Feature Bypass VulnerabilityOmer Tsarfatihttps://www.cyberark.com/resources/threat-research-blog/bypassing-windows-hello-without-masks-or-plastic-surgery13-Jul-21
202132460CVE-2021-32460Trend MicroAntivirusSYMBOLIC LINKMark Cherp
+Eran.Shimony		https://helpcenter.trendmicro.com/en-us/article/TMKA-1033626-May-21
202132198CVE-2021-32198EmTec Innovative SoftwareZOC Terminal for Windows and MacOSDOSEviatar Gerzi3-May-21
20210120CVE-2021-0120Microsftvid.sys (Driver)DOSEran Shimony,
+Mark Cherp		https://cve.report/CVE-2021-012023-Mar-21
202142095CVE-2021-42095NetsarangXshellDOSEviatar Gerzi14-Mar-21
202140147CVE-2021-40147EmTec Innovative SoftwareZOC Terminal for Windows and MacOSCommand InjectionEviatar Gerzi14-Mar-21
202131701CVE-2021-31701Thomas WolffMinTTYImproper Handling of Exceptional ConditionsEviatar Gerzi11-Mar-21
20214717CVE-2021-4717IBMModeler subscriptionEoPIdo Hoorvitchhttps://www.ibm.com/support/pages/node/64279019-Mar-21
202128847CVE-2021-28847William Taur MobatekMobaXtermDOSEviatar Gerzi26-Feb-21
202126928CVE-2021-26928TigeraCalico ProjectDesign FlawNir Chakohttps://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-215-Feb-21
202128848CVE-2021-28848Thomas WolffMinTTYDOSEviatar Gerzi10-Feb-21
202133500CVE-2021-33500Simon TathamPuTTYDOSEviatar Gerzihttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-269408-Feb-21
202126940CVE-2021-26940Simon TathamPuTTYDOSEviatar Gerzihttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-269408-Feb-21
20211704CVE-2021-1704MicrosoftHyper VNull Pointer DereferencingEran.Shimonyhttps://msrc.microsoft.com/update-guide/vulnerability/ CVE-2021-170412-Jan-21
202028349CVE-2020-28349ChirpstackNetwork ServerINACCURATE DEDUPLICATIONEmmanuel Ouanounou
202027534CVE-2020-27534DockerDesktop CommunityLPE & DoSEviatar Gerzi
202027352CVE-2020-27352CanonicalUbuntu LinuxRCE on Host over Default Docker containerGilad Reti,
+Nimrod Stoler
202012335CVE-2020-12335IntelProcessor IdentificationSYMBOLIC LINKEran.Shimony10-Nov-20
20203991CVE-2020-3991VmwareHorizon ClientSYMBOLIC LINKEran.Shimony15-Oct-20
202025046CVE-2020-25046KasperskyKAVBINARY SWAPPINGEran.Shimony18-Aug-20
202025045CVE-2020-25045KasperskyKSC Web ConsoleDLL HIJACKINGEran.Shimony18-Aug-20
202025044CVE-2020-25044KasperskyKARTDLL HIJACKINGEran.Shimony18-Aug-20
202025043CVE-2020-25043KasperskyVPNSYMBOLIC LINKEran.Shimony18-Aug-20
20207310CVE-2020-7310McAffeMany ProductsSYMBOLIC LINKEran.Shimony12-Aug-20
202022460CVE-2020-22460IntelBios UpdateDLL HIJACKINGEran.Shimony
202015534CVE-2020-15534Pulse SecurePulse Secure clientLPE & DoSEviatar Gerzi
202015523CVE-2020-15523Python \ DUOPython 3.10,
+Python 3.9,
+Python 3.8,
+Python 3.7,
+Python 3.6,
+Python 3.5		Python DLL Loading Local Privilege Escalation(??)Eran.Shimony,
+Ido Hoorvitch
20208759CVE-2020-8759IntelSSD Data Center ToolSYMBOLIC LINKEran.Shimony11-Aug-20
202015523CVE-2020-15523PythonCpythonDLL HIJACKINGEran.Shimony14-Jul-20
20209200CVE-2020-9200HuaweiHiSuiteDLL HIJACKINGEran.Shimony1-Jul-20
202014212CVE-2020-14212FFmpegFFmpegBUFFER OVERFLOWAssaf Sion21-Jun-20
202013903CVE-2020-13903AviraFree AV InstallerSYMBOLIC LINKEran.Shimony7-Jun-20
202013813CVE-2020-13813FoxitPDF ReaderDLL HIJACKINGEran.Shimony7-Jun-20
20205357CVE-2020-5357DellFirmware UpdateSYMBOLIC LINKEran.Shimony2-Jun-20
20201817CVE-2020-1817HuaweiPC ManagerSYMBOLIC LINKEran.Shimony29-Apr-20
20207250CVE-2020-7250McAffeMany ProductsSYMBOLIC LINKEran.Shimony14-Apr-20
20201885CVE-2020-1885FacebookOVRRedit.exeSYMBOLIC LINKEran.Shimony9-Apr-20
20209290CVE-2020-9290FortientVPN InstallerSYMBOLIC LINKEran.Shimony11-Mar-20
20207482CVE-2020-7482Schneider ElectricAndover ContinuumXSSNiv Levy10-Mar-20
20207481CVE-2020-7481Schneider ElectricAndover ContinuumXSSNiv Levy10-Mar-20
20207482CVE-2020-7482Schneider ElectricAndover ContinuumXSSNiv Levy10-Mar-20
20207480CVE-2020-7480Schneider ElectricAndover ContinuumXXENiv Levy10-Mar-20
20208959CVE-2020-8959Western DigitalWesternDigitalSSDDashboardSetup.exeDLL HIJACKINGEran.Shimony10-Feb-20
20208242CVE-2020-8242Pulse SecurePulse Secure clientLPE & DoSEviatar Gerzi
20207808CVE-2020-7808LGSmartShareDLL HIJACKINGEran.Shimony
20207807CVE-2020-7807LGIPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_DriverDLL HIJACKINGEran.Shimony
20207806CVE-2020-7806LGLGPCSuiteDLL HIJACKINGEran.Shimony
20206015CVE-2020-6015CheckPointVPN installerEoPIdo Hoorvitch
20205962CVE-2020-5962NvidiaNvidia Quardo DriverEop and DoSEviatar Gerzi
20205324CVE-2020-5324DellFirmware Update UtilitySYMBOLIC LINKEran.Shimony18-Feb-20
20205316CVE-2020-5316DellSupport AssistSYMBOLIC LINKEran.Shimony10-Feb-20
20203427CVE-2020-3427DUO SECURITYDuo Authentication for Windows Logon and RDPEoPIdo Hoorvitch
20201986CVE-2020-1986Palo AltoSecdoSymbolic LinkEviatar Gerzi
20201985CVE-2020-1985Palo AltoSecdoDoSEviatar Gerzi
20201984CVE-2020-1984Palo AltoSecdoCommand Execution and DoSEviatar Gerzi
20201317CVE-2020-1317MicrosoftSvchost Group PolicySYMBOLIC LINKEran.Shimony9-Jun-20
20201194CVE-2020-1194MicrosoftTracing MachanismSYMBOLIC LINKEran.Shimony9-Jun-20
20200635CVE-2020-0635MicrosoftStill Image Acquisition EventsSYMBOLIC LINKEran.Shimony14-Jan-20
20200565CVE-2020-0565IntelGraphics DriverDLL HIJACKINGEran.Shimony10-Mar-20
20191003004CVE-2019-1003004CloudBeesJenkinsPrivilege EscalationNimrod.Stoler
201919548CVE-2019-19548SymantecNorton Power EraserDLL HIJACKINGEran.Shimony14-Jan-20
201919689CVE-2019-19689TrendMicroHouseCallforHomeNetworks.exe 2DLL HIJACKINGEran.Shimony18-Dec-19
201919689CVE-2019-19689TrendMicroHouseCallforHomeNetworks.exeDLL HIJACKINGEran.Shimony18-Dec-19
201919688CVE-2019-19688TrendMicroHouseCallforHomeNetworks.exeDLL HIJACKINGEran.Shimony18-Dec-19
201917546CVE-2019-17546IntelSSD Toolbox, Rapid Storage, ChipSetSYMBOLIC LINKEran.Shimony12-Dec-19
201916283CVE-2019-16283HPDon’tRemeber.exeDLL HIJACKINGEran.Shimony17-Jan-20
201914597CVE-2019-14597IntelIntel ServicesSYMBOLIC LINKEran.Shimony12-Dec-19
20193749CVE-2019-3749DellCommand Line UpdateSYMBOLIC LINKEran.Shimony3-Dec-19
20193750CVE-2019-3750DellCommand Line UpdateSYMBOLIC LINKEran.Shimony3-Dec-19
20198463CVE-2019-8463CheckpointVPNSYMBOLIC LINKEran.Shimony2-Dec-19
201914736SVE-2019-14736SamsungSideSyncSYMBOLIC LINKEran.Shimony30-Nov-19
201911152CVE-2019-11152IntelWIFI DriverDLL HIJACKINGEran.Shimony2-Nov-19
20198071CVE-2019-8071AdobeAdobe Update ServiceSYMBOLIC LINKEran.Shimony15-Oct-19
20193745CVE-2019-3745DellDDSSetup.exe DriverDLL HIJACKINGEran.Shimony2-Oct-19
20193745CVE-2019-3745DellDellFlashUtil.exeDLL HIJACKINGEran.Shimony2-Oct-19
20193726CVE-2019-3726DellDPMSDLL HIJACKINGEran.Shimony2-Oct-19
20193726CVE-2019-3726DellCommunications DriverDLL HIJACKINGEran.Shimony2-Oct-19
20193726CVE-2019-3726DellChipset Drive,Broadcom Netlink DriverDLL HIJACKINGEran.Shimony2-Oct-19
201916191CVE-2019-16191SamsungSAMSUNG USB DriverDLL HIJACKINGEran.Shimony9-Sep-19
201915269SVE-2019-15269SamsungSAMSUNG USB DriverDLL HIJACKINGEran.Shimony
201914596CVE-2019-14596IntelGFX RadeonDLL HIJACKINGEran.Shimony14-Jan-20
201911189CVE-2019-11189IntelIntel Support AssistSYMBOLIC LINKEran.Shimony
20198236CVE-2019-8236AdobeCreative CloudSYMBOLIC LINKEran.Shimony15-Sep-19
201911146CVE-2019-11146IntelIntel Support AssistDLL HIJACKING SYMBOLIC LINKEran.Shimony13-Aug-19
20197957CVE-2019-7957AdobeFlash InstallerSYMBOLIC LINKEran.Shimony13-Aug-19
20196196CVE-2019-6196LenovoSolid State Drive Firmware UpdateDLL HIJACKINGEran.Shimony2-Dec-20
20196176CVE-2019-6176LenovoThinkPadDLL HIJACKINGEran.Shimony14-Jan-20
20196175CVE-2019-6175LenovoUpdate Service (2)SYMBOLIC LINKEran.Shimony24-Sep-19
20196173CVE-2019-6173LenovoNVMDLL HIJACKINGEran.Shimony14-Jan-20
20196163CVE-2019-6163LenovoUpdate ServiceSYMBOLIC LINKEran.Shimony26-Jun-19
20195245CVE-2019-5245HuaweiHiSuiteDLL HIJACKINGEran.Shimony12-Jun-19
20191161CVE-2019-1161MicrosoftMpSigStub, Windows DefenderSYMBOLIC LINKEran.Shimony13-Aug-19
20191142CVE-2019-1142MicrosoftDot-NetSYMBOLIC LINKEran.Shimony9-Jul-19
20191105CVE-2019-1105MicrosoftOutlook for AndroidXSSor ida20-Jun-19
20181999043CVE-2018-1999043CloudBeesJenkinsDoS – Jenkins master crashNimrod.Stoler
20181999004CVE-2018-1999004CloudBeesJenkinsPrivilege EscalationNimrod.Stoler
20181999003CVE-2018-1999003CloudBeesJenkinsPrivilege EscalationNimrod.Stoler
20181999001CVE-2018-1999001CloudBeesJenkinsPrivilege Escalation which leads to RCE on all Jenkins infrasrtuctureNimrod.Stoler
20181000863CVE-2018-1000863CloudBeesJenkinsDoSNimrod.Stoler
201817246CVE-2018-17246ElasticKibanaLFINethanel Coppenhagen7-Nov-18
+
+
+
+
+ + + jQuery('.table-responsive-stack').find("th").each(function (i) { + + jQuery('.table-responsive-stack td:nth-child(' + (i + 1) + ')').prepend(''+ jQuery(this).text() + ': '); + jQuery('.table-responsive-stack-thead').hide(); + }); + +jQuery( '.table-responsive-stack' ).each(function() { + var thCount = jQuery(this).find("th").length; + var rowGrow = 100 / thCount + '%'; + //console.log(rowGrow); + jQuery(this).find("th, td").css('flex-basis', rowGrow); +}); + +function flexTable(){ + if (jQuery(window).width() <= 768) { + + jQuery(".table-responsive-stack").each(function (i) { + jQuery(this).find(".table-responsive-stack-thead").show(); + jQuery(this).find('thead').hide(); + }); + + + // window is less than 768px + } else { + + + jQuery(".table-responsive-stack").each(function (i) { + jQuery(this).find(".table-responsive-stack-thead").hide(); + jQuery(this).find('thead').show(); + }); + + -
+ } +// flextable +} + +flexTable(); + +window.onresize = function(event) { + flexTable(); +}; + + + + - - + +// document ready +}); +
- - - - - - - - - \ No newline at end of file +
+
+
+
+
+
+
+
+
+
+
+
+ +
+ + + + +