Security Vulnerabilities - Known exploited
CVE-2023-41763
Skype for Business Elevation of Privilege Vulnerability
Known exploited
CVSS Score
5.3
EPSS Score
0.165
Published
2023-10-10
CVE-2023-36584
Windows Mark of the Web Security Feature Bypass Vulnerability
Known exploited
CVSS Score
5.4
EPSS Score
0.154
Published
2023-10-10
CVE-2023-36563
Microsoft WordPad Information Disclosure Vulnerability
Known exploited
CVSS Score
6.5
EPSS Score
0.025
Published
2023-10-10
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Known exploited
CVSS Score
7.5
EPSS Score
0.944
Published
2023-10-10
CVE-2023-4966
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Known exploited
CVSS Score
9.4
EPSS Score
0.943
Published
2023-10-10
CVE-2023-42824
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.
Known exploited
CVSS Score
7.8
EPSS Score
0.01
Published
2023-10-04
CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Known exploited
CVSS Score
10.0
EPSS Score
0.943
Published
2023-10-04
CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.743
Published
2023-10-03
CVE-2023-4211
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
Known exploited
CVSS Score
5.5
EPSS Score
0.002
Published
2023-10-01
CVE-2023-5217
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.037
Published
2023-09-28