Security Vulnerabilities - Known exploited
CVE-2023-28206
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Known exploited
CVSS Score
8.6
EPSS Score
0.248
Published
2023-04-10
CVE-2023-26083
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Known exploited
CVSS Score
3.3
EPSS Score
0.005
Published
2023-04-06
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2023-04-04
CVE-2022-43939
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
Known exploited
CVSS Score
8.6
EPSS Score
0.875
Published
2023-04-03
CVE-2022-43769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
Known exploited
CVSS Score
8.8
EPSS Score
0.938
Published
2023-04-03
CVE-2023-20963
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
Known exploited
CVSS Score
7.8
EPSS Score
0.037
Published
2023-03-24
CVE-2022-42948
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
Known exploited
CVSS Score
9.8
EPSS Score
0.121
Published
2023-03-24
CVE-2023-26359
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Known exploited
CVSS Score
9.8
EPSS Score
0.878
Published
2023-03-23
CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Known exploited
CVSS Score
8.6
EPSS Score
0.943
Published
2023-03-23
CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Known exploited
CVSS Score
7.8
EPSS Score
0.48
Published
2023-03-22