Rezilion Research Rounds Up 2022 Vulnerabilities

Ofri Ouzan December 19, 2022

2 minute read

Rezilion’s research team offers a 2022 vulnerabilities recap and takes a look at the headline-making vulnerabilities discovered in the last year.

Read the recap in this report and find out about the status of the following vulnerabilities, as well as the date on which each was published, exploitation details, as well as mitigation and remediation advice.

The 2022 vulnerabilities recap includes the following vulnerabilities:

Pwnkit – CVE-2021-4034, a privilege escalation vulnerability in the pkexec file of the Linux Policykit package.

Dirty Pipe – CVE-2022-0847 – a serious Privilege Escalation vulnerability that utilizes the PIPE mechanism in Linux to write to a privileged existing page cache.

Spring4Shell – CVE-2022-22965 – a zero-day Remote Code Execution (RCE) vulnerability caused by an error in the mechanism that uses client-provided data to update the properties of an object in the Spring MVC or Spring WebFlux application.

NimbusPWN -CVE-2022-29799 (Path Traversal) and CVE-2022-29800 (Time of Check Time of Use) – vulnerabilities that can be chained together in order to escalate privileges by utilizing a flow in the networkd-dispatcher in Linux kernel.

Dirty Cred – two CVEs: CVE-2021-4154 and CVE-2022-2588.

ProxyNotShell – CVE-2022–41040 and CVE-2022–41082 – a Remote Code Execution (RCE) vulnerability.

Text4Shell or ACT4Shell – CVE-2022-42889 – a Critical Remote Code Execution (RCE) vulnerability that abuses the Apache Commons Text interpolation functionality in String Substitution

Spooky SSL – CVE-2022-3603 and CVE-2022-3786.

Read the 2022 recap report here and protect your organization in 2023.