CYBERARK LABS SECURITY ADVISORIES

The following is a list of CVEs that were discovered by CyberArk Labs research group.

Year ID CVE Vendor Product Vulnerability Type / CWE Researcher Read More Date
2022 31020 CVE-2022-31020 Hyperledge Indy Command Injection – RCE Shaked Reiner 02-Oct-22
2022 36116 CVE-2022-36116 Blue Prism RPA Platform 6.0-7.01 Design Flaw – Privilege Escalation Nimrod Stoler 12-Aug-22
2022 36115 CVE-2022-36115 Blue Prism RPA Platform 6.0-7.01 Design Flaw – Write Malicous code into BO processes and expose credentials. Nimrod Stoler 12-Aug-22
2022 36118 CVE-2022-36118 Blue Prism RPA Platform 6.0-7.01 Design Flaw – Privilege Escalation Nimrod Stoler 12-Aug-22
2022 36117 CVE-2022-36117 Blue Prism RPA Platform 6.0-7.01 Credential Theft Nimrod Stoler 12-Aug-22
2022 36662 CVE-2022-36662 Blue Prism RPA Platform 6.0-7.01 Information Disclosure – Stealing Platform’s Master Encryption Keys Nimrod Stoler 12-Aug-22
2022 36121 CVE-2022-36120 Blue Prism RPA Platform 6.0-7.01 Command Injection – RCE Nimrod Stoler 12-Aug-22
2022 36120 CVE-2022-36120 Blue Prism RPA Platform 6.0-7.01 SQL Injection – RCE Nethanel Coppenhagen / Nimrod Stoler 12-Aug-22
2022 4842 CVE-2022-4842 Linux Kernel – NTFS ntfs3 DOS Alon Zahavi / Tal Lossos 29-Dec-22
2022 122 CVE-2022-0122 Linux Kernel – NVME nvmet Pre-Auth / Remote DOS Tal Lossos 02-Aug-22
2022 34682 CVE-2022-34682 Nvidia open-gpu-kernel-modules DOS Tal Lossos 02-Aug-22
2022 31615 CVE-2022-31615 Nvidia open-gpu-kernel-modules DOS Tal Lossos 02-Aug-22
2021 44903 CVE-2022-44903 EVGA NUREGx64.sys DOS / Privilege Escalation Omer Tsarfati 11-May-22
2022 30346 CVE-2022-30346 MSI MSI Center DOS / Privilege Escalation Omer Tsarfati 26-May-22
2022 34292 CVE-2022-34292 Docker Docker Desktop Design Flaw – Arbitrary Write Eviatar Gerzi 25-May-22
2022 31647 CVE-2022-31647 Docker Docker Desktop Design Flaw – Arbitrary Delete Eviatar Gerzi 25-May-22
2022 29023 CVE-2022-29023 OpenRazer OpenRazer CWE-120 Classic Buffer Overflow. DOS & PrivEsc Tal Lossos 20-May-22
2022 29022 CVE-2022-29022 OpenRazer OpenRazer CWE-120 Classic Buffer Overflow. DOS & PrivEsc Tal Lossos 20-May-22
2022 29021 CVE-2022-29021 OpenRazer OpenRazer CWE-120 Classic Buffer Overflow. DOS & PrivEsc Tal Lossos 20-May-22
2022 22774 CVE-2022-22774 TIBCO Managed File Transfer Command Center XXE – Arbitrary File Read / SSRF Niv Levy 10-May-22
2022 28547 CVE-2022-28547 LiquidPixels LiquiFire OS 4.9.0 Command Injection – RCE Niv Levy 30-Mar-22
2022 38730 CVE-2022-38730 Docker Docker Desktop Design Flaw – Arbitrary Write Eviatar Gerzi 07-Mar-22
2022 37326 CVE-2022-37326 Docker Docker Desktop Design Flaw – Arbitrary R/W/D & PrivEsc Eviatar Gerzi 07-Mar-22
2022 25637 CVE-2022-25637 Razer Razer Synapse 3 Design Flaw – Privilege Escalation Omer Tsarfati 17-Feb-22
2022 25365 CVE-2022-25365 Docker Docker Desktop Design Flaw – Privilege Escalation Eviatar Gerzi 02-Feb-22
2022 23774 CVE-2022-23774 Docker Docker Desktop Design Flaw – Arbitrary Write Eviatar Gerzi 25-Jan-22
2021 3847 CVE-2021-3847 Linux Overlay FS EoP Alon Zahavi https://www.openwall.com/lists/oss-security/2021/10/14/3 14-Oct-21
2021 37326 CVE-2021-37326 Netsarang Xshell Exposure of Resource to Wrong Sphere Eviatar Gerzi 6-Oct-21
2021 40332 CVE-2021-40332 Realtek RTSPtr.sys (Driver) Privilege Escalation Eran Shimony,
Mark Cherp
https://cve.report/CVE-2021-40332 31-Aug-21
2021 40328 CVE-2021-40328 Realtek RTSPtr.sys (Driver) DOS Eran Shimony,
Mark Cherp
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40328 30-Aug-21
2021 0160 CVE-2021-0160 Intel Eran Shimony https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0160 10-Aug-21
2021 34466 CVE-2021-34466 Microsoft Windows Hello Security Feature Bypass Vulnerability Omer Tsarfati https://www.cyberark.com/resources/threat-research-blog/bypassing-windows-hello-without-masks-or-plastic-surgery 13-Jul-21
2021 32460 CVE-2021-32460 Trend Micro Antivirus SYMBOLIC LINK Mark Cherp
Eran.Shimony
https://helpcenter.trendmicro.com/en-us/article/TMKA-10336 26-May-21
2021 32198 CVE-2021-32198 EmTec Innovative Software ZOC Terminal for Windows and MacOS DOS Eviatar Gerzi 3-May-21
2021 0120 CVE-2021-0120 Microsft vid.sys (Driver) DOS Eran Shimony,
Mark Cherp
https://cve.report/CVE-2021-0120 23-Mar-21
2021 42095 CVE-2021-42095 Netsarang Xshell DOS Eviatar Gerzi 14-Mar-21
2021 40147 CVE-2021-40147 EmTec Innovative Software ZOC Terminal for Windows and MacOS Command Injection Eviatar Gerzi 14-Mar-21
2021 31701 CVE-2021-31701 Thomas Wolff MinTTY Improper Handling of Exceptional Conditions Eviatar Gerzi 11-Mar-21
2021 4717 CVE-2021-4717 IBM Modeler subscription EoP Ido Hoorvitch https://www.ibm.com/support/pages/node/6427901 9-Mar-21
2021 28847 CVE-2021-28847 William Taur Mobatek MobaXterm DOS Eviatar Gerzi 26-Feb-21
2021 26928 CVE-2021-26928 Tigera Calico Project Design Flaw Nir Chako https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2 15-Feb-21
2021 28848 CVE-2021-28848 Thomas Wolff MinTTY DOS Eviatar Gerzi 10-Feb-21
2021 33500 CVE-2021-33500 Simon Tatham PuTTY DOS Eviatar Gerzi https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26940 8-Feb-21
2021 26940 CVE-2021-26940 Simon Tatham PuTTY DOS Eviatar Gerzi https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26940 8-Feb-21
2021 1704 CVE-2021-1704 Microsoft Hyper V Null Pointer Dereferencing Eran.Shimony https://msrc.microsoft.com/update-guide/vulnerability/ CVE-2021-1704 12-Jan-21
2020 28349 CVE-2020-28349 Chirpstack Network Server INACCURATE DEDUPLICATION Emmanuel Ouanounou
2020 27534 CVE-2020-27534 Docker Desktop Community LPE & DoS Eviatar Gerzi
2020 27352 CVE-2020-27352 Canonical Ubuntu Linux RCE on Host over Default Docker container Gilad Reti,
Nimrod Stoler
2020 12335 CVE-2020-12335 Intel Processor Identification SYMBOLIC LINK Eran.Shimony 10-Nov-20
2020 3991 CVE-2020-3991 Vmware Horizon Client SYMBOLIC LINK Eran.Shimony 15-Oct-20
2020 25046 CVE-2020-25046 Kaspersky KAV BINARY SWAPPING Eran.Shimony 18-Aug-20
2020 25045 CVE-2020-25045 Kaspersky KSC Web Console DLL HIJACKING Eran.Shimony 18-Aug-20
2020 25044 CVE-2020-25044 Kaspersky KART DLL HIJACKING Eran.Shimony 18-Aug-20
2020 25043 CVE-2020-25043 Kaspersky VPN SYMBOLIC LINK Eran.Shimony 18-Aug-20
2020 7310 CVE-2020-7310 McAffe Many Products SYMBOLIC LINK Eran.Shimony 12-Aug-20
2020 22460 CVE-2020-22460 Intel Bios Update DLL HIJACKING Eran.Shimony
2020 15534 CVE-2020-15534 Pulse Secure Pulse Secure client LPE & DoS Eviatar Gerzi
2020 15523 CVE-2020-15523 Python \ DUO Python 3.10,
Python 3.9,
Python 3.8,
Python 3.7,
Python 3.6,
Python 3.5
Python DLL Loading Local Privilege Escalation(??) Eran.Shimony,
Ido Hoorvitch
2020 8759 CVE-2020-8759 Intel SSD Data Center Tool SYMBOLIC LINK Eran.Shimony 11-Aug-20
2020 15523 CVE-2020-15523 Python Cpython DLL HIJACKING Eran.Shimony 14-Jul-20
2020 9200 CVE-2020-9200 Huawei HiSuite DLL HIJACKING Eran.Shimony 1-Jul-20
2020 14212 CVE-2020-14212 FFmpeg FFmpeg BUFFER OVERFLOW Assaf Sion 21-Jun-20
2020 13903 CVE-2020-13903 Avira Free AV Installer SYMBOLIC LINK Eran.Shimony 7-Jun-20
2020 13813 CVE-2020-13813 Foxit PDF Reader DLL HIJACKING Eran.Shimony 7-Jun-20
2020 5357 CVE-2020-5357 Dell Firmware Update SYMBOLIC LINK Eran.Shimony 2-Jun-20
2020 1817 CVE-2020-1817 Huawei PC Manager SYMBOLIC LINK Eran.Shimony 29-Apr-20
2020 7250 CVE-2020-7250 McAffe Many Products SYMBOLIC LINK Eran.Shimony 14-Apr-20
2020 1885 CVE-2020-1885 Facebook OVRRedit.exe SYMBOLIC LINK Eran.Shimony 9-Apr-20
2020 9290 CVE-2020-9290 Fortient VPN Installer SYMBOLIC LINK Eran.Shimony 11-Mar-20
2020 7482 CVE-2020-7482 Schneider Electric Andover Continuum XSS Niv Levy 10-Mar-20
2020 7481 CVE-2020-7481 Schneider Electric Andover Continuum XSS Niv Levy 10-Mar-20
2020 7482 CVE-2020-7482 Schneider Electric Andover Continuum XSS Niv Levy 10-Mar-20
2020 7480 CVE-2020-7480 Schneider Electric Andover Continuum XXE Niv Levy 10-Mar-20
2020 8959 CVE-2020-8959 Western Digital WesternDigitalSSDDashboardSetup.exe DLL HIJACKING Eran.Shimony 10-Feb-20
2020 8242 CVE-2020-8242 Pulse Secure Pulse Secure client LPE & DoS Eviatar Gerzi
2020 7808 CVE-2020-7808 LG SmartShare DLL HIJACKING Eran.Shimony
2020 7807 CVE-2020-7807 LG IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver DLL HIJACKING Eran.Shimony
2020 7806 CVE-2020-7806 LG LGPCSuite DLL HIJACKING Eran.Shimony
2020 6015 CVE-2020-6015 CheckPoint VPN installer EoP Ido Hoorvitch
2020 5962 CVE-2020-5962 Nvidia Nvidia Quardo Driver Eop and DoS Eviatar Gerzi
2020 5324 CVE-2020-5324 Dell Firmware Update Utility SYMBOLIC LINK Eran.Shimony 18-Feb-20
2020 5316 CVE-2020-5316 Dell Support Assist SYMBOLIC LINK Eran.Shimony 10-Feb-20
2020 3427 CVE-2020-3427 DUO SECURITY Duo Authentication for Windows Logon and RDP EoP Ido Hoorvitch
2020 1986 CVE-2020-1986 Palo Alto Secdo Symbolic Link Eviatar Gerzi
2020 1985 CVE-2020-1985 Palo Alto Secdo DoS Eviatar Gerzi
2020 1984 CVE-2020-1984 Palo Alto Secdo Command Execution and DoS Eviatar Gerzi
2020 1317 CVE-2020-1317 Microsoft Svchost Group Policy SYMBOLIC LINK Eran.Shimony 9-Jun-20
2020 1194 CVE-2020-1194 Microsoft Tracing Machanism SYMBOLIC LINK Eran.Shimony 9-Jun-20
2020 0635 CVE-2020-0635 Microsoft Still Image Acquisition Events SYMBOLIC LINK Eran.Shimony 14-Jan-20
2020 0565 CVE-2020-0565 Intel Graphics Driver DLL HIJACKING Eran.Shimony 10-Mar-20
2019 1003004 CVE-2019-1003004 CloudBees Jenkins Privilege Escalation Nimrod.Stoler
2019 19548 CVE-2019-19548 Symantec Norton Power Eraser DLL HIJACKING Eran.Shimony 14-Jan-20
2019 19689 CVE-2019-19689 TrendMicro HouseCallforHomeNetworks.exe 2 DLL HIJACKING Eran.Shimony 18-Dec-19
2019 19689 CVE-2019-19689 TrendMicro HouseCallforHomeNetworks.exe DLL HIJACKING Eran.Shimony 18-Dec-19
2019 19688 CVE-2019-19688 TrendMicro HouseCallforHomeNetworks.exe DLL HIJACKING Eran.Shimony 18-Dec-19
2019 17546 CVE-2019-17546 Intel SSD Toolbox, Rapid Storage, ChipSet SYMBOLIC LINK Eran.Shimony 12-Dec-19
2019 16283 CVE-2019-16283 HP Don’tRemeber.exe DLL HIJACKING Eran.Shimony 17-Jan-20
2019 14597 CVE-2019-14597 Intel Intel Services SYMBOLIC LINK Eran.Shimony 12-Dec-19
2019 3749 CVE-2019-3749 Dell Command Line Update SYMBOLIC LINK Eran.Shimony 3-Dec-19
2019 3750 CVE-2019-3750 Dell Command Line Update SYMBOLIC LINK Eran.Shimony 3-Dec-19
2019 8463 CVE-2019-8463 Checkpoint VPN SYMBOLIC LINK Eran.Shimony 2-Dec-19
2019 14736 SVE-2019-14736 Samsung SideSync SYMBOLIC LINK Eran.Shimony 30-Nov-19
2019 11152 CVE-2019-11152 Intel WIFI Driver DLL HIJACKING Eran.Shimony 2-Nov-19
2019 8071 CVE-2019-8071 Adobe Adobe Update Service SYMBOLIC LINK Eran.Shimony 15-Oct-19
2019 3745 CVE-2019-3745 Dell DDSSetup.exe Driver DLL HIJACKING Eran.Shimony 2-Oct-19
2019 3745 CVE-2019-3745 Dell DellFlashUtil.exe DLL HIJACKING Eran.Shimony 2-Oct-19
2019 3726 CVE-2019-3726 Dell DPMS DLL HIJACKING Eran.Shimony 2-Oct-19
2019 3726 CVE-2019-3726 Dell Communications Driver DLL HIJACKING Eran.Shimony 2-Oct-19
2019 3726 CVE-2019-3726 Dell Chipset Drive,Broadcom Netlink Driver DLL HIJACKING Eran.Shimony 2-Oct-19
2019 16191 CVE-2019-16191 Samsung SAMSUNG USB Driver DLL HIJACKING Eran.Shimony 9-Sep-19
2019 15269 SVE-2019-15269 Samsung SAMSUNG USB Driver DLL HIJACKING Eran.Shimony
2019 14596 CVE-2019-14596 Intel GFX Radeon DLL HIJACKING Eran.Shimony 14-Jan-20
2019 11189 CVE-2019-11189 Intel Intel Support Assist SYMBOLIC LINK Eran.Shimony
2019 8236 CVE-2019-8236 Adobe Creative Cloud SYMBOLIC LINK Eran.Shimony 15-Sep-19
2019 11146 CVE-2019-11146 Intel Intel Support Assist DLL HIJACKING SYMBOLIC LINK Eran.Shimony 13-Aug-19
2019 7957 CVE-2019-7957 Adobe Flash Installer SYMBOLIC LINK Eran.Shimony 13-Aug-19
2019 6196 CVE-2019-6196 Lenovo Solid State Drive Firmware Update DLL HIJACKING Eran.Shimony 2-Dec-20
2019 6176 CVE-2019-6176 Lenovo ThinkPad DLL HIJACKING Eran.Shimony 14-Jan-20
2019 6175 CVE-2019-6175 Lenovo Update Service (2) SYMBOLIC LINK Eran.Shimony 24-Sep-19
2019 6173 CVE-2019-6173 Lenovo NVM DLL HIJACKING Eran.Shimony 14-Jan-20
2019 6163 CVE-2019-6163 Lenovo Update Service SYMBOLIC LINK Eran.Shimony 26-Jun-19
2019 5245 CVE-2019-5245 Huawei HiSuite DLL HIJACKING Eran.Shimony 12-Jun-19
2019 1161 CVE-2019-1161 Microsoft MpSigStub, Windows Defender SYMBOLIC LINK Eran.Shimony 13-Aug-19
2019 1142 CVE-2019-1142 Microsoft Dot-Net SYMBOLIC LINK Eran.Shimony 9-Jul-19
2019 1105 CVE-2019-1105 Microsoft Outlook for Android XSS or ida 20-Jun-19
2018 1999043 CVE-2018-1999043 CloudBees Jenkins DoS – Jenkins master crash Nimrod.Stoler
2018 1999004 CVE-2018-1999004 CloudBees Jenkins Privilege Escalation Nimrod.Stoler
2018 1999003 CVE-2018-1999003 CloudBees Jenkins Privilege Escalation Nimrod.Stoler
2018 1999001 CVE-2018-1999001 CloudBees Jenkins Privilege Escalation which leads to RCE on all Jenkins infrasrtucture Nimrod.Stoler
2018 1000863 CVE-2018-1000863 CloudBees Jenkins DoS Nimrod.Stoler
2018 17246 CVE-2018-17246 Elastic Kibana LFI Nethanel Coppenhagen 7-Nov-18