CVE-2022-2015
published 2022-06-09CVE-2022-2015: Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.61%
44.6th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devise-two-factor | devise-two-factor | >= 0 < 4.0.2 | 4.0.2 |
| diagrams | drawio | < 19.0.2 | 19.0.2 |
| protobuf | >= 0 < 2.6.1-1.3ubuntu0.1~esm2 | 2.6.1-1.3ubuntu0.1~esm2 | |
| jgraph | jgraph_drawio | >= unspecified < 19.0.2 | 19.0.2 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
ghsa7.5HIGH
osv8.8HIGH
cisa9.8CRITICAL
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
protobuf vulnerabilities
osv·2022-12-08·CVSS 8.8
CVE-2015-5237 protobuf vulnerabilities
protobuf vulnerabilities
It was discovered that protobuf did not properly manage memory when serializing
large messages. An attacker could possibly use this issue to cause applications
using protobuf to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2015-5237)
It was discovered that protobuf did not properly manage memory when parsing
specifically crafted messages. An attacker could possibly use this issue to
cause applications using protobuf to crash, resulting in a denial of service.
(CVE-2022-1941)
GHSA
GHSA-6gph-p9m6-46vx: Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19
ghsa_unreviewed·2022-06-10
CVE-2022-2015 [MEDIUM] CWE-79 GHSA-6gph-p9m6-46vx: Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
GHSA
Improper one time password handling in devise-two-factor
ghsa·2022-04-07·CVSS 5.3
CVE-2021-43177 [MEDIUM] Improper one time password handling in devise-two-factor
Improper one time password handling in devise-two-factor
### Impact
As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval.
### Patches
This vulnerability has been patched in version 4.0.2 which was released on March 24th, 2022. Individuals using this package are strongly encouraged to upgrade as soon as possible.
### Credit for discovery
Benoit Côté-Jodoin
Michael Nipper - https://github.com/tinfoil/devise-two-factor/issues/106
GHSA
Deserialization of Untrusted Data in Log4j 1.x
ghsa·2022-01-21·CVSS 7.5
CVE-2022-23302 [HIGH] CWE-502 Deserialization of Untrusted Data in Log4j 1.x
Deserialization of Untrusted Data in Log4j 1.x
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Red Hat
kernel: tee: add overflow check in register_shm_helper()
vendor_redhat·2025-06-18·CVSS 5.5
CVE-2022-50080 [MEDIUM] kernel: tee: add overflow check in register_shm_helper()
kernel: tee: add overflow check in register_shm_helper()
In the Linux kernel, the following vulnerability has been resolved:
tee: add overflow check in register_shm_helper()
With special lengths supplied by user space, register_shm_helper() has
an integer overflow when calculating the number of pages covered by a
supplied user space memory region.
This causes internal_get_user_pages_fast() a helper function of
pin_user_pages_fast() to do a NULL pointer dereference:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
Modules linked in:
CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11
Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
pc : internal_get_user_pages_fast+0x474/0xa80
Call trace:
internal_get_user_pages_fast+0x474/0xa80
p
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
CISA
Microsoft Win32k Privilege Escalation Vulnerability
cisa·2022-05-25·CVSS 8.8
CVE-2015-2360 [HIGH] CWE-119 Microsoft Win32k Privilege Escalation Vulnerability
Vulnerability: Microsoft Win32k Privilege Escalation Vulnerability
Affected: Microsoft Win32k
Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS).
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-2360
Remediation Due Date: 2022-06-15
CISA
Adobe Flash Player ASLR Bypass Vulnerability
cisa·2022-05-25·CVSS 7.8
CVE-2015-0310 [HIGH] CWE-264 Adobe Flash Player ASLR Bypass Vulnerability
Vulnerability: Adobe Flash Player ASLR Bypass Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-0310
Remediation Due Date: 2022-06-15
CISA
D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
cisa·2022-03-25·CVSS 9.8
CVE-2015-1187 [CRITICAL] CWE-287 D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
Vulnerability: D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
Affected: D-Link and TRENDnet Multiple Devices
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-1187
Remediation Due Date: 2022-04-15
CISA
Microsoft ATM Font Driver Privilege Escalation Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2015-2387 [HIGH] CWE-264 Microsoft ATM Font Driver Privilege Escalation Vulnerability
Vulnerability: Microsoft ATM Font Driver Privilege Escalation Vulnerability
Affected: Microsoft ATM Font Driver
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-2387
Remediation Due Date: 2022-03-24
CISA
D-Link DIR-645 Router Remote Code Execution Vulnerability
cisa·2022-02-10·CVSS 9.8
CVE-2015-2051 [CRITICAL] CWE-77 D-Link DIR-645 Router Remote Code Execution Vulnerability
Vulnerability: D-Link DIR-645 Router Remote Code Execution Vulnerability
Affected: D-Link DIR-645 Router
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-2051
Remediation Due Date: 2022-08-10
Suricata
ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932)
suricata·2021-11-17·CVSS 9.8
CVE-2015-2051 [CRITICAL] ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932)
ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932)"; flow:established,to_server; http.uri; content:"/hnap1/"; nocase; http.header; content:"soapaction|3a 20|"; nocase; content:"http|3a 2f 2f|purenetworks|2e|com|2f|hnap1|2f|getdevicesettings"; within:60; fast_pattern; nocase; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,www.exploit-db.com/exploits/37171; reference:cve,2015-2051; reference:cve,2019-10891; reference:cve,
2022-06-09
Published