CVE-2022-0011
published 2022-02-10CVE-2022-0011: PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules)…
PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.65%
46.6th percentile
PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk. For example: example.com will match example.com.website.test example.com.* will match example.com.website.test example.com.^ will match example.com.test You should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards. PAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 10.0 < 10.0.8 | 10.0.8 |
| palo_alto_networks | pan-os | >= 10.1 < 10.1.3 | 10.1.3 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.21 | 8.1.21 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.12 | 9.1.12 |
| palo_alto_networks | prisma_access | — | — |
| palo_alto_networks | prisma_access | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | >= 10.0.0 < 10.0.8 | 10.0.8 |
| paloaltonetworks | pan-os | >= 10.1.0 < 10.1.3 | 10.1.3 |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.21 | 8.1.21 |
| paloaltonetworks | pan-os | 9.0.0 – 9.0.15 | — |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.12 | 9.1.12 |
| paloaltonetworks | prisma_access | — | — |
| paloaltonetworks | prisma_access | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pc4w-x9p8-64j7: PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on yo
ghsa_unreviewed·2022-02-11
CVE-2022-0011 [MEDIUM] CWE-436 GHSA-pc4w-x9p8-64j7: PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on yo
PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk. For example: example.com will match
Red Hat
kernel: mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
vendor_redhat·2025-02-26·CVSS 5.5
CVE-2022-49198 [MEDIUM] CWE-416 kernel: mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
kernel: mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
In the Linux kernel, the following vulnerability has been resolved:
mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
Got crash when doing pressure test of mptcp:
dst_release: dst:ffffa06ce6e5c058 refcnt:-1
kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
BUG: unable to handle kernel paging request at ffffa06ce6e5c058
PGD 190a01067 P4D 190a01067 PUD 43fffb067 PMD 22e403063 PTE 8000000226e5c063
Oops: 0011 [#1] SMP PTI
CPU: 7 PID: 7823 Comm: kworker/7:0 Kdump: loaded Tainted: G E
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.2.1 04/01/2014
Call Trace:
? skb_release_head_state+0x68/0x100
? skb_release_all+0xe/0x30
? kfree_skb+0x32/0xa0
? mptcp
VMware
VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.
vendor_vmware·2022-04-06·CVSS 9.8
CVE-2022-22954 [CRITICAL] VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.
VMSA-2022-0011: VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CVEs: CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961
Affected products: VMware Aria, VMware Cloud Foundation, VMware Identity Manager, VMware Workspace ONE, VMware vRealize
Palo Alto
PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering
vendor_paloalto·2022-02-09·CVSS 6.5
CVE-2022-0011 [MEDIUM] CWE-436 PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering
PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering
PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile.
When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more UR
Suricata
ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)
suricata·2022-04-08·CVSS 9.8
CVE-2022-22954 [CRITICAL] ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)
ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)"; flow:established,to_server; http.uri; content:"/catalog-portal/"; http.request_body; content:"%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22"; nocase; fast_pattern; content:"%6e%65%77%28%29"; nocase; within:200; reference:url,www.vmware.com/security/advisories/VMSA-2022-0011.html; reference:cve,2022-22954; classtype:attempted-admin; sid:2035876; rev:2; metadata:affected_product VMware, attack_target Server, created_at 2022_04_08, cve CVE_2022_22954, deployment Perimeter, deployment Internal, deployment SSLDecrypt, co
Suricata
ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)
suricata·2022-04-08·CVSS 9.8
CVE-2022-22954 [CRITICAL] ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)
ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)"; flow:established,to_server; http.uri; content:"/catalog-portal/"; http.request_body; content:"|24 7b 22|freemarker|2e|template|2e|utility|2e|Execute|22|"; nocase; fast_pattern; content:"new|28 29 28|"; nocase; within:200; reference:url,www.vmware.com/security/advisories/VMSA-2022-0011.html; reference:cve,2022-22954; classtype:attempted-admin; sid:2035875; rev:2; metadata:affected_product VMware, attack_target Server, created_at 2022_04_08, cve CVE_2022_22954, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag CISA_KEV, tag
Suricata
ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)
suricata·2022-04-08·CVSS 9.8
CVE-2022-22954 [CRITICAL] ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)
ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)"; flow:established,to_server; http.uri; content:"/catalog-portal/"; content:"|24 7b 22|freemarker|2e|template|2e|utility|2e|Execute|22|"; distance:0; nocase; fast_pattern; content:"new|28 29 28|"; nocase; within:200; reference:url,www.vmware.com/security/advisories/VMSA-2022-0011.html; reference:cve,2022-22954; classtype:attempted-admin; sid:2035874; rev:2; metadata:affected_product VMware, attack_target Server, created_at 2022_04_08, cve CVE_2022_22954, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence Medium, signature_severity Major, t
Bugzilla
CVE-2022-50624 kernel: net: netsec: fix error handling in netsec_register_mdio()
bugzilla·2025-12-08
CVE-2022-50624 CVE-2022-50624 kernel: net: netsec: fix error handling in netsec_register_mdio()
CVE-2022-50624 kernel: net: netsec: fix error handling in netsec_register_mdio()
In the Linux kernel, the following vulnerability has been resolved:
net: netsec: fix error handling in netsec_register_mdio()
If phy_device_register() fails, phy_device_free() need be called to
put refcount, so memory of phy device and device name can be freed
in callback function.
If get_phy_device() fails, mdiobus_unregister() need be called,
or it will cause warning in mdiobus_free() and kobject is leaked.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025120853-CVE-2022-50624-0011@gregkh/T
Bugzilla
CVE-2022-49198 kernel: mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
bugzilla·2025-02-26·CVSS 5.5
CVE-2022-49198 [MEDIUM] CVE-2022-49198 kernel: mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
CVE-2022-49198 kernel: mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
In the Linux kernel, the following vulnerability has been resolved:
mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
Got crash when doing pressure test of mptcp:
dst_release: dst:ffffa06ce6e5c058 refcnt:-1
kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
BUG: unable to handle kernel paging request at ffffa06ce6e5c058
PGD 190a01067 P4D 190a01067 PUD 43fffb067 PMD 22e403063 PTE 8000000226e5c063
Oops: 0011 [#1] SMP PTI
CPU: 7 PID: 7823 Comm: kworker/7:0 Kdump: loaded Tainted: G E
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.2.1 04/01/2014
Call Trace:
? skb_release_head_state+0x68/0x100
? skb_release_all+0xe/0x30
? kfree_skb
2022-02-10
Published