CYBERARK LABS SECURITY ADVISORIES
The following is a list of CVEs that were discovered by CyberArk Labs research group.
| Year | ID | CVE | Vendor | Product | Vulnerability Type / CWE | Researcher | Read More | Date |
|---|---|---|---|---|---|---|---|---|
| 2022 | 31020 | CVE-2022-31020 | Hyperledge | Indy | Command Injection – RCE | Shaked Reiner | 02-Oct-22 | |
| 2022 | 36116 | CVE-2022-36116 | Blue Prism | RPA Platform 6.0-7.01 | Design Flaw – Privilege Escalation | Nimrod Stoler | 12-Aug-22 | |
| 2022 | 36115 | CVE-2022-36115 | Blue Prism | RPA Platform 6.0-7.01 | Design Flaw – Write Malicous code into BO processes and expose credentials. | Nimrod Stoler | 12-Aug-22 | |
| 2022 | 36118 | CVE-2022-36118 | Blue Prism | RPA Platform 6.0-7.01 | Design Flaw – Privilege Escalation | Nimrod Stoler | 12-Aug-22 | |
| 2022 | 36117 | CVE-2022-36117 | Blue Prism | RPA Platform 6.0-7.01 | Credential Theft | Nimrod Stoler | 12-Aug-22 | |
| 2022 | 36662 | CVE-2022-36662 | Blue Prism | RPA Platform 6.0-7.01 | Information Disclosure – Stealing Platform’s Master Encryption Keys | Nimrod Stoler | 12-Aug-22 | |
| 2022 | 36121 | CVE-2022-36120 | Blue Prism | RPA Platform 6.0-7.01 | Command Injection – RCE | Nimrod Stoler | 12-Aug-22 | |
| 2022 | 36120 | CVE-2022-36120 | Blue Prism | RPA Platform 6.0-7.01 | SQL Injection – RCE | Nethanel Coppenhagen / Nimrod Stoler | 12-Aug-22 | |
| 2022 | 4842 | CVE-2022-4842 | Linux Kernel – NTFS | ntfs3 | DOS | Alon Zahavi / Tal Lossos | 29-Dec-22 | |
| 2022 | 122 | CVE-2022-0122 | Linux Kernel – NVME | nvmet | Pre-Auth / Remote DOS | Tal Lossos | 02-Aug-22 | |
| 2022 | 34682 | CVE-2022-34682 | Nvidia | open-gpu-kernel-modules | DOS | Tal Lossos | 02-Aug-22 | |
| 2022 | 31615 | CVE-2022-31615 | Nvidia | open-gpu-kernel-modules | DOS | Tal Lossos | 02-Aug-22 | |
| 2021 | 44903 | CVE-2022-44903 | EVGA | NUREGx64.sys | DOS / Privilege Escalation | Omer Tsarfati | 11-May-22 | |
| 2022 | 30346 | CVE-2022-30346 | MSI | MSI Center | DOS / Privilege Escalation | Omer Tsarfati | 26-May-22 | |
| 2022 | 34292 | CVE-2022-34292 | Docker | Docker Desktop | Design Flaw – Arbitrary Write | Eviatar Gerzi | 25-May-22 | |
| 2022 | 31647 | CVE-2022-31647 | Docker | Docker Desktop | Design Flaw – Arbitrary Delete | Eviatar Gerzi | 25-May-22 | |
| 2022 | 29023 | CVE-2022-29023 | OpenRazer | OpenRazer | CWE-120 Classic Buffer Overflow. DOS & PrivEsc | Tal Lossos | 20-May-22 | |
| 2022 | 29022 | CVE-2022-29022 | OpenRazer | OpenRazer | CWE-120 Classic Buffer Overflow. DOS & PrivEsc | Tal Lossos | 20-May-22 | |
| 2022 | 29021 | CVE-2022-29021 | OpenRazer | OpenRazer | CWE-120 Classic Buffer Overflow. DOS & PrivEsc | Tal Lossos | 20-May-22 | |
| 2022 | 22774 | CVE-2022-22774 | TIBCO | Managed File Transfer Command Center | XXE – Arbitrary File Read / SSRF | Niv Levy | 10-May-22 | |
| 2022 | 28547 | CVE-2022-28547 | LiquidPixels | LiquiFire OS 4.9.0 | Command Injection – RCE | Niv Levy | 30-Mar-22 | |
| 2022 | 38730 | CVE-2022-38730 | Docker | Docker Desktop | Design Flaw – Arbitrary Write | Eviatar Gerzi | 07-Mar-22 | |
| 2022 | 37326 | CVE-2022-37326 | Docker | Docker Desktop | Design Flaw – Arbitrary R/W/D & PrivEsc | Eviatar Gerzi | 07-Mar-22 | |
| 2022 | 25637 | CVE-2022-25637 | Razer | Razer Synapse 3 | Design Flaw – Privilege Escalation | Omer Tsarfati | 17-Feb-22 | |
| 2022 | 25365 | CVE-2022-25365 | Docker | Docker Desktop | Design Flaw – Privilege Escalation | Eviatar Gerzi | 02-Feb-22 | |
| 2022 | 23774 | CVE-2022-23774 | Docker | Docker Desktop | Design Flaw – Arbitrary Write | Eviatar Gerzi | 25-Jan-22 | |
| 2021 | 3847 | CVE-2021-3847 | Linux | Overlay FS | EoP | Alon Zahavi | https://www.openwall.com/lists/oss-security/2021/10/14/3 | 14-Oct-21 |
| 2021 | 37326 | CVE-2021-37326 | Netsarang | Xshell | Exposure of Resource to Wrong Sphere | Eviatar Gerzi | 6-Oct-21 | |
| 2021 | 40332 | CVE-2021-40332 | Realtek | RTSPtr.sys (Driver) | Privilege Escalation | Eran Shimony, Mark Cherp |
https://cve.report/CVE-2021-40332 | 31-Aug-21 |
| 2021 | 40328 | CVE-2021-40328 | Realtek | RTSPtr.sys (Driver) | DOS | Eran Shimony, Mark Cherp |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40328 | 30-Aug-21 |
| 2021 | 0160 | CVE-2021-0160 | Intel | Eran Shimony | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0160 | 10-Aug-21 | ||
| 2021 | 34466 | CVE-2021-34466 | Microsoft | Windows Hello | Security Feature Bypass Vulnerability | Omer Tsarfati | https://www.cyberark.com/resources/threat-research-blog/bypassing-windows-hello-without-masks-or-plastic-surgery | 13-Jul-21 |
| 2021 | 32460 | CVE-2021-32460 | Trend Micro | Antivirus | SYMBOLIC LINK | Mark Cherp Eran.Shimony |
https://helpcenter.trendmicro.com/en-us/article/TMKA-10336 | 26-May-21 |
| 2021 | 32198 | CVE-2021-32198 | EmTec Innovative Software | ZOC Terminal for Windows and MacOS | DOS | Eviatar Gerzi | 3-May-21 | |
| 2021 | 0120 | CVE-2021-0120 | Microsft | vid.sys (Driver) | DOS | Eran Shimony, Mark Cherp |
https://cve.report/CVE-2021-0120 | 23-Mar-21 |
| 2021 | 42095 | CVE-2021-42095 | Netsarang | Xshell | DOS | Eviatar Gerzi | 14-Mar-21 | |
| 2021 | 40147 | CVE-2021-40147 | EmTec Innovative Software | ZOC Terminal for Windows and MacOS | Command Injection | Eviatar Gerzi | 14-Mar-21 | |
| 2021 | 31701 | CVE-2021-31701 | Thomas Wolff | MinTTY | Improper Handling of Exceptional Conditions | Eviatar Gerzi | 11-Mar-21 | |
| 2021 | 4717 | CVE-2021-4717 | IBM | Modeler subscription | EoP | Ido Hoorvitch | https://www.ibm.com/support/pages/node/6427901 | 9-Mar-21 |
| 2021 | 28847 | CVE-2021-28847 | William Taur Mobatek | MobaXterm | DOS | Eviatar Gerzi | 26-Feb-21 | |
| 2021 | 26928 | CVE-2021-26928 | Tigera | Calico Project | Design Flaw | Nir Chako | https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2 | 15-Feb-21 |
| 2021 | 28848 | CVE-2021-28848 | Thomas Wolff | MinTTY | DOS | Eviatar Gerzi | 10-Feb-21 | |
| 2021 | 33500 | CVE-2021-33500 | Simon Tatham | PuTTY | DOS | Eviatar Gerzi | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26940 | 8-Feb-21 |
| 2021 | 26940 | CVE-2021-26940 | Simon Tatham | PuTTY | DOS | Eviatar Gerzi | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26940 | 8-Feb-21 |
| 2021 | 1704 | CVE-2021-1704 | Microsoft | Hyper V | Null Pointer Dereferencing | Eran.Shimony | https://msrc.microsoft.com/update-guide/vulnerability/ CVE-2021-1704 | 12-Jan-21 |
| 2020 | 28349 | CVE-2020-28349 | Chirpstack | Network Server | INACCURATE DEDUPLICATION | Emmanuel Ouanounou | ||
| 2020 | 27534 | CVE-2020-27534 | Docker | Desktop Community | LPE & DoS | Eviatar Gerzi | ||
| 2020 | 27352 | CVE-2020-27352 | Canonical | Ubuntu Linux | RCE on Host over Default Docker container | Gilad Reti, Nimrod Stoler |
||
| 2020 | 12335 | CVE-2020-12335 | Intel | Processor Identification | SYMBOLIC LINK | Eran.Shimony | 10-Nov-20 | |
| 2020 | 3991 | CVE-2020-3991 | Vmware | Horizon Client | SYMBOLIC LINK | Eran.Shimony | 15-Oct-20 | |
| 2020 | 25046 | CVE-2020-25046 | Kaspersky | KAV | BINARY SWAPPING | Eran.Shimony | 18-Aug-20 | |
| 2020 | 25045 | CVE-2020-25045 | Kaspersky | KSC Web Console | DLL HIJACKING | Eran.Shimony | 18-Aug-20 | |
| 2020 | 25044 | CVE-2020-25044 | Kaspersky | KART | DLL HIJACKING | Eran.Shimony | 18-Aug-20 | |
| 2020 | 25043 | CVE-2020-25043 | Kaspersky | VPN | SYMBOLIC LINK | Eran.Shimony | 18-Aug-20 | |
| 2020 | 7310 | CVE-2020-7310 | McAffe | Many Products | SYMBOLIC LINK | Eran.Shimony | 12-Aug-20 | |
| 2020 | 22460 | CVE-2020-22460 | Intel | Bios Update | DLL HIJACKING | Eran.Shimony | ||
| 2020 | 15534 | CVE-2020-15534 | Pulse Secure | Pulse Secure client | LPE & DoS | Eviatar Gerzi | ||
| 2020 | 15523 | CVE-2020-15523 | Python \ DUO | Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5 |
Python DLL Loading Local Privilege Escalation(??) | Eran.Shimony, Ido Hoorvitch |
||
| 2020 | 8759 | CVE-2020-8759 | Intel | SSD Data Center Tool | SYMBOLIC LINK | Eran.Shimony | 11-Aug-20 | |
| 2020 | 15523 | CVE-2020-15523 | Python | Cpython | DLL HIJACKING | Eran.Shimony | 14-Jul-20 | |
| 2020 | 9200 | CVE-2020-9200 | Huawei | HiSuite | DLL HIJACKING | Eran.Shimony | 1-Jul-20 | |
| 2020 | 14212 | CVE-2020-14212 | FFmpeg | FFmpeg | BUFFER OVERFLOW | Assaf Sion | 21-Jun-20 | |
| 2020 | 13903 | CVE-2020-13903 | Avira | Free AV Installer | SYMBOLIC LINK | Eran.Shimony | 7-Jun-20 | |
| 2020 | 13813 | CVE-2020-13813 | Foxit | PDF Reader | DLL HIJACKING | Eran.Shimony | 7-Jun-20 | |
| 2020 | 5357 | CVE-2020-5357 | Dell | Firmware Update | SYMBOLIC LINK | Eran.Shimony | 2-Jun-20 | |
| 2020 | 1817 | CVE-2020-1817 | Huawei | PC Manager | SYMBOLIC LINK | Eran.Shimony | 29-Apr-20 | |
| 2020 | 7250 | CVE-2020-7250 | McAffe | Many Products | SYMBOLIC LINK | Eran.Shimony | 14-Apr-20 | |
| 2020 | 1885 | CVE-2020-1885 | OVRRedit.exe | SYMBOLIC LINK | Eran.Shimony | 9-Apr-20 | ||
| 2020 | 9290 | CVE-2020-9290 | Fortient | VPN Installer | SYMBOLIC LINK | Eran.Shimony | 11-Mar-20 | |
| 2020 | 7482 | CVE-2020-7482 | Schneider Electric | Andover Continuum | XSS | Niv Levy | 10-Mar-20 | |
| 2020 | 7481 | CVE-2020-7481 | Schneider Electric | Andover Continuum | XSS | Niv Levy | 10-Mar-20 | |
| 2020 | 7482 | CVE-2020-7482 | Schneider Electric | Andover Continuum | XSS | Niv Levy | 10-Mar-20 | |
| 2020 | 7480 | CVE-2020-7480 | Schneider Electric | Andover Continuum | XXE | Niv Levy | 10-Mar-20 | |
| 2020 | 8959 | CVE-2020-8959 | Western Digital | WesternDigitalSSDDashboardSetup.exe | DLL HIJACKING | Eran.Shimony | 10-Feb-20 | |
| 2020 | 8242 | CVE-2020-8242 | Pulse Secure | Pulse Secure client | LPE & DoS | Eviatar Gerzi | ||
| 2020 | 7808 | CVE-2020-7808 | LG | SmartShare | DLL HIJACKING | Eran.Shimony | ||
| 2020 | 7807 | CVE-2020-7807 | LG | IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver | DLL HIJACKING | Eran.Shimony | ||
| 2020 | 7806 | CVE-2020-7806 | LG | LGPCSuite | DLL HIJACKING | Eran.Shimony | ||
| 2020 | 6015 | CVE-2020-6015 | CheckPoint | VPN installer | EoP | Ido Hoorvitch | ||
| 2020 | 5962 | CVE-2020-5962 | Nvidia | Nvidia Quardo Driver | Eop and DoS | Eviatar Gerzi | ||
| 2020 | 5324 | CVE-2020-5324 | Dell | Firmware Update Utility | SYMBOLIC LINK | Eran.Shimony | 18-Feb-20 | |
| 2020 | 5316 | CVE-2020-5316 | Dell | Support Assist | SYMBOLIC LINK | Eran.Shimony | 10-Feb-20 | |
| 2020 | 3427 | CVE-2020-3427 | DUO SECURITY | Duo Authentication for Windows Logon and RDP | EoP | Ido Hoorvitch | ||
| 2020 | 1986 | CVE-2020-1986 | Palo Alto | Secdo | Symbolic Link | Eviatar Gerzi | ||
| 2020 | 1985 | CVE-2020-1985 | Palo Alto | Secdo | DoS | Eviatar Gerzi | ||
| 2020 | 1984 | CVE-2020-1984 | Palo Alto | Secdo | Command Execution and DoS | Eviatar Gerzi | ||
| 2020 | 1317 | CVE-2020-1317 | Microsoft | Svchost Group Policy | SYMBOLIC LINK | Eran.Shimony | 9-Jun-20 | |
| 2020 | 1194 | CVE-2020-1194 | Microsoft | Tracing Machanism | SYMBOLIC LINK | Eran.Shimony | 9-Jun-20 | |
| 2020 | 0635 | CVE-2020-0635 | Microsoft | Still Image Acquisition Events | SYMBOLIC LINK | Eran.Shimony | 14-Jan-20 | |
| 2020 | 0565 | CVE-2020-0565 | Intel | Graphics Driver | DLL HIJACKING | Eran.Shimony | 10-Mar-20 | |
| 2019 | 1003004 | CVE-2019-1003004 | CloudBees | Jenkins | Privilege Escalation | Nimrod.Stoler | ||
| 2019 | 19548 | CVE-2019-19548 | Symantec | Norton Power Eraser | DLL HIJACKING | Eran.Shimony | 14-Jan-20 | |
| 2019 | 19689 | CVE-2019-19689 | TrendMicro | HouseCallforHomeNetworks.exe 2 | DLL HIJACKING | Eran.Shimony | 18-Dec-19 | |
| 2019 | 19689 | CVE-2019-19689 | TrendMicro | HouseCallforHomeNetworks.exe | DLL HIJACKING | Eran.Shimony | 18-Dec-19 | |
| 2019 | 19688 | CVE-2019-19688 | TrendMicro | HouseCallforHomeNetworks.exe | DLL HIJACKING | Eran.Shimony | 18-Dec-19 | |
| 2019 | 17546 | CVE-2019-17546 | Intel | SSD Toolbox, Rapid Storage, ChipSet | SYMBOLIC LINK | Eran.Shimony | 12-Dec-19 | |
| 2019 | 16283 | CVE-2019-16283 | HP | Don’tRemeber.exe | DLL HIJACKING | Eran.Shimony | 17-Jan-20 | |
| 2019 | 14597 | CVE-2019-14597 | Intel | Intel Services | SYMBOLIC LINK | Eran.Shimony | 12-Dec-19 | |
| 2019 | 3749 | CVE-2019-3749 | Dell | Command Line Update | SYMBOLIC LINK | Eran.Shimony | 3-Dec-19 | |
| 2019 | 3750 | CVE-2019-3750 | Dell | Command Line Update | SYMBOLIC LINK | Eran.Shimony | 3-Dec-19 | |
| 2019 | 8463 | CVE-2019-8463 | Checkpoint | VPN | SYMBOLIC LINK | Eran.Shimony | 2-Dec-19 | |
| 2019 | 14736 | SVE-2019-14736 | Samsung | SideSync | SYMBOLIC LINK | Eran.Shimony | 30-Nov-19 | |
| 2019 | 11152 | CVE-2019-11152 | Intel | WIFI Driver | DLL HIJACKING | Eran.Shimony | 2-Nov-19 | |
| 2019 | 8071 | CVE-2019-8071 | Adobe | Adobe Update Service | SYMBOLIC LINK | Eran.Shimony | 15-Oct-19 | |
| 2019 | 3745 | CVE-2019-3745 | Dell | DDSSetup.exe Driver | DLL HIJACKING | Eran.Shimony | 2-Oct-19 | |
| 2019 | 3745 | CVE-2019-3745 | Dell | DellFlashUtil.exe | DLL HIJACKING | Eran.Shimony | 2-Oct-19 | |
| 2019 | 3726 | CVE-2019-3726 | Dell | DPMS | DLL HIJACKING | Eran.Shimony | 2-Oct-19 | |
| 2019 | 3726 | CVE-2019-3726 | Dell | Communications Driver | DLL HIJACKING | Eran.Shimony | 2-Oct-19 | |
| 2019 | 3726 | CVE-2019-3726 | Dell | Chipset Drive,Broadcom Netlink Driver | DLL HIJACKING | Eran.Shimony | 2-Oct-19 | |
| 2019 | 16191 | CVE-2019-16191 | Samsung | SAMSUNG USB Driver | DLL HIJACKING | Eran.Shimony | 9-Sep-19 | |
| 2019 | 15269 | SVE-2019-15269 | Samsung | SAMSUNG USB Driver | DLL HIJACKING | Eran.Shimony | ||
| 2019 | 14596 | CVE-2019-14596 | Intel | GFX Radeon | DLL HIJACKING | Eran.Shimony | 14-Jan-20 | |
| 2019 | 11189 | CVE-2019-11189 | Intel | Intel Support Assist | SYMBOLIC LINK | Eran.Shimony | ||
| 2019 | 8236 | CVE-2019-8236 | Adobe | Creative Cloud | SYMBOLIC LINK | Eran.Shimony | 15-Sep-19 | |
| 2019 | 11146 | CVE-2019-11146 | Intel | Intel Support Assist | DLL HIJACKING SYMBOLIC LINK | Eran.Shimony | 13-Aug-19 | |
| 2019 | 7957 | CVE-2019-7957 | Adobe | Flash Installer | SYMBOLIC LINK | Eran.Shimony | 13-Aug-19 | |
| 2019 | 6196 | CVE-2019-6196 | Lenovo | Solid State Drive Firmware Update | DLL HIJACKING | Eran.Shimony | 2-Dec-20 | |
| 2019 | 6176 | CVE-2019-6176 | Lenovo | ThinkPad | DLL HIJACKING | Eran.Shimony | 14-Jan-20 | |
| 2019 | 6175 | CVE-2019-6175 | Lenovo | Update Service (2) | SYMBOLIC LINK | Eran.Shimony | 24-Sep-19 | |
| 2019 | 6173 | CVE-2019-6173 | Lenovo | NVM | DLL HIJACKING | Eran.Shimony | 14-Jan-20 | |
| 2019 | 6163 | CVE-2019-6163 | Lenovo | Update Service | SYMBOLIC LINK | Eran.Shimony | 26-Jun-19 | |
| 2019 | 5245 | CVE-2019-5245 | Huawei | HiSuite | DLL HIJACKING | Eran.Shimony | 12-Jun-19 | |
| 2019 | 1161 | CVE-2019-1161 | Microsoft | MpSigStub, Windows Defender | SYMBOLIC LINK | Eran.Shimony | 13-Aug-19 | |
| 2019 | 1142 | CVE-2019-1142 | Microsoft | Dot-Net | SYMBOLIC LINK | Eran.Shimony | 9-Jul-19 | |
| 2019 | 1105 | CVE-2019-1105 | Microsoft | Outlook for Android | XSS | or ida | 20-Jun-19 | |
| 2018 | 1999043 | CVE-2018-1999043 | CloudBees | Jenkins | DoS – Jenkins master crash | Nimrod.Stoler | ||
| 2018 | 1999004 | CVE-2018-1999004 | CloudBees | Jenkins | Privilege Escalation | Nimrod.Stoler | ||
| 2018 | 1999003 | CVE-2018-1999003 | CloudBees | Jenkins | Privilege Escalation | Nimrod.Stoler | ||
| 2018 | 1999001 | CVE-2018-1999001 | CloudBees | Jenkins | Privilege Escalation which leads to RCE on all Jenkins infrasrtucture | Nimrod.Stoler | ||
| 2018 | 1000863 | CVE-2018-1000863 | CloudBees | Jenkins | DoS | Nimrod.Stoler | ||
| 2018 | 17246 | CVE-2018-17246 | Elastic | Kibana | LFI | Nethanel Coppenhagen | 7-Nov-18 |