Security Vulnerabilities - Known exploited
CVE-2022-41223
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.
Known exploited
CVSS Score
6.8
EPSS Score
0.038
Published
2022-11-22
CVE-2022-40765
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
Known exploited
CVSS Score
6.8
EPSS Score
0.023
Published
2022-11-22
CVE-2022-23748
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
Known exploited
CVSS Score
7.8
EPSS Score
0.222
Published
2022-11-17
CVE-2022-41125
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.005
Published
2022-11-09
CVE-2022-41128
Windows Scripting Languages Remote Code Execution Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.712
Published
2022-11-09
CVE-2022-41091
Windows Mark of the Web Security Feature Bypass Vulnerability
Known exploited
CVSS Score
5.4
EPSS Score
0.062
Published
2022-11-09
CVE-2022-41073
Windows Print Spooler Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.007
Published
2022-11-09
CVE-2022-41080
Microsoft Exchange Server Elevation of Privilege Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.937
Published
2022-11-09
CVE-2022-41049
Windows Mark of the Web Security Feature Bypass Vulnerability
Known exploited
CVSS Score
5.4
EPSS Score
0.286
Published
2022-11-09
CVE-2022-31199
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.
Known exploited
CVSS Score
9.8
EPSS Score
0.063
Published
2022-11-08