Security Vulnerabilities - Known exploited
CVE-2023-23529
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Known exploited
CVSS Score
8.8
EPSS Score
0.001
Published
2023-02-27
CVE-2022-47986
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2023-02-17
CVE-2023-23752
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Known exploited
CVSS Score
5.3
EPSS Score
0.945
Published
2023-02-16
CVE-2023-21823
Windows Graphics Component Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.032
Published
2023-02-14
CVE-2023-23376
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.188
Published
2023-02-14
CVE-2023-21715
Microsoft Publisher Security Feature Bypass Vulnerability
Known exploited
CVSS Score
7.3
EPSS Score
0.004
Published
2023-02-14
CVE-2023-25717
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2023-02-13
CVE-2022-24990
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Known exploited
CVSS Score
7.5
EPSS Score
0.944
Published
2023-02-07
CVE-2023-0669
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Known exploited
CVSS Score
7.2
EPSS Score
0.944
Published
2023-02-06
CVE-2023-0266
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
Known exploited
CVSS Score
7.9
EPSS Score
0.0
Published
2023-01-30