Security Vulnerabilities - Known exploited
CVE-2022-31199
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.
Known exploited
CVSS Score
9.8
EPSS Score
0.063
Published
2022-11-08
CVE-2022-3723
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.006
Published
2022-11-01
CVE-2022-42827
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Known exploited
CVSS Score
7.8
EPSS Score
0.004
Published
2022-11-01
CVE-2022-38181
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.
Known exploited
CVSS Score
8.8
EPSS Score
0.206
Published
2022-10-25
CVE-2016-20017
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
Known exploited
CVSS Score
9.8
EPSS Score
0.882
Published
2022-10-19
CVE-2022-21587
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2022-10-18
CVE-2022-40684
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2022-10-18
CVE-2022-41033
Windows COM+ Event System Service Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.002
Published
2022-10-11
CVE-2022-38028
Windows Print Spooler Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.03
Published
2022-10-11
CVE-2022-41040
Microsoft Exchange Server Elevation of Privilege Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.942
Published
2022-10-03