Security Vulnerabilities - Known exploited
CVE-2022-38181
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.
Known exploited
CVSS Score
8.8
EPSS Score
0.245
Published
2022-10-25
CVE-2016-20017
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
Known exploited
CVSS Score
9.8
EPSS Score
0.934
Published
2022-10-19
CVE-2022-21587
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2022-10-18
CVE-2022-40684
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2022-10-18
CVE-2022-41033
Windows COM+ Event System Service Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.01
Published
2022-10-11
CVE-2022-38028
Windows Print Spooler Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.05
Published
2022-10-11
CVE-2022-41040
Microsoft Exchange Server Elevation of Privilege Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.942
Published
2022-10-03
CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
8.0
EPSS Score
0.917
Published
2022-10-03
CVE-2022-3075
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Known exploited
CVSS Score
9.6
EPSS Score
0.03
Published
2022-09-26
CVE-2022-2856
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
Known exploited
CVSS Score
6.5
EPSS Score
0.051
Published
2022-09-26