Security Vulnerabilities - Known exploited
CVE-2023-41993
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Known exploited
CVSS Score
8.8
EPSS Score
0.217
Published
2023-09-21
CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Known exploited
CVSS Score
9.8
EPSS Score
0.929
Published
2023-09-19
CVE-2023-41179
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.
Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
Known exploited
CVSS Score
7.2
EPSS Score
0.023
Published
2023-09-19
CVE-2023-38205
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
Known exploited
CVSS Score
7.5
EPSS Score
0.943
Published
2023-09-14
CVE-2023-26369
Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Known exploited
CVSS Score
7.8
EPSS Score
0.006
Published
2023-09-13
CVE-2023-36802
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.773
Published
2023-09-12
CVE-2023-36761
Microsoft Word Information Disclosure Vulnerability
Known exploited
CVSS Score
6.5
EPSS Score
0.073
Published
2023-09-12
CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Known exploited
CVSS Score
8.8
EPSS Score
0.936
Published
2023-09-12
CVE-2023-41990
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
Known exploited
CVSS Score
7.8
EPSS Score
0.027
Published
2023-09-12
CVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Known exploited
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-11