Snapshot
March 24, 2023 - March 31, 2023
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2021-30900 | Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges. | HIGH | Apple | March 30, 2023 |
| CVE-2022-38181 | Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information. | HIGH | Arm | March 30, 2023 |
| CVE-2022-22706 | Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages. | HIGH | Arm | March 30, 2023 |
| CVE-2022-42948 | Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution. | CRITICAL | Fortra | March 30, 2023 |
| CVE-2022-39197 | Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely. | MEDIUM | Fortra | March 30, 2023 |
| CVE-2022-3038 | Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. | HIGH | March 30, 2023 | |
| CVE-2023-0266 | Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user. | HIGH | Linux | March 30, 2023 |
| CVE-2014-1776 | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user. | HIGH | Microsoft | March 30, 2023 |
| CVE-2013-3163 | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. | HIGH | Microsoft | March 30, 2023 |
| CVE-2017-7494 | Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it. | CRITICAL | Samba | March 30, 2023 |
Newswires |
||||
|
10-Year-Old Windows Vulnerability Exploited in 3CX Attack
A 10-year-old Windows vulnerability, CVE-2013-3900, continues to be exploited in attacks, making it appear that executables are legitimately signed. |
March 31, 2023 |
|||
|
Russian Hackers Exploit Zimbra Flaw to Access NATO Emails
A Russian hacking group known as TA473, or 'Winter Vivern,' has been exploiting vulnerabilities in unpatched Zimbra endpoints to access the emails of NATO officials, governments, military personnel, and diplomats since February 2023. |
March 30, 2023 |
|||
|
Microsoft Fixes 'Hazardous' RCE Vulnerability in Azure Cloud Service
Microsoft has recently patched a critical remote code execution (RCE) vulnerability in its Azure Service Fabric component. |
March 30, 2023 |
|||
|
Malware Botnets Actively Exploit Realtek and Cacti Vulnerabilities
Multiple malware botnets have been actively targeting Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware. |
March 30, 2023 |
|||
|
Critical IBM File Transfer Bug Targeted by Cybercriminals: Patch Urgently Required
A critical bug in IBM's Aspera Faspex file transfer stack, tracked as CVE-2022-47986, is catching the attention of cybercriminals, including ransomware gangs, as organizations fail to patch. |
March 29, 2023 |
|||
|
Google TAG Exposes Exploit Chains Used to Install Commercial Spyware
Google's Threat Analysis Group (TAG) has shared information about two distinct, highly targeted campaigns that employed multiple zero-day and n-day exploits against Android, iOS, and Chrome devices. |
March 29, 2023 |
|||
|
Crown Resorts Investigates Cl0p Ransomware Group's Data Theft Claims
Australian casino giant Crown Resorts has confirmed that the Cl0p ransomware group contacted them to claim the theft of data as part of the GoAnywhere attack. |
March 29, 2023 |
|||
|
ChatGPT Data Breach Confirmed Amid Vulnerable Component Exploitation Warning
OpenAI has confirmed a data breach involving its ChatGPT chatbot, which was caused by a bug in the Redis-py open source library. |
March 28, 2023 |
|||
|
Apple Addresses Actively Exploited WebKit Zero-Day for Older iPhones and iPads
Apple has recently released security updates aimed at addressing an actively exploited zero-day bug for older iPhones and iPads. |
March 27, 2023 |
|||
|
Microsoft Issues Emergency Update for Windows Snipping Tool Flaw
Microsoft has released an emergency security update for the Windows 10 and Windows 11 Snipping Tool to fix the Acropalypse privacy vulnerability, which is now tracked as CVE-2023-28303. |
March 25, 2023 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2023-23397 (6) | Microsoft Outlook Elevation of Privilege Vulnerability | CRITICAL | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2022-4135 (7) | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the render... | CRITICAL | Microsoft, Google |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2022-42856 (10) | A type confusion issue was addressed with improved state handling. | HIGH | Apple |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2023-23529 (9) | A type confusion issue was addressed with improved checks. | HIGH | Apple |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2022-38181 (7) | The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. | HIGH | Arm |
CISA Known Exploited |
| CVE-2022-3723 (6) | Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption... | HIGH |
CISA Known Exploited Actively Exploited Remote Code Execution |
|
| CVE-2021-30900 (7) | An out-of-bounds write issue was addressed with improved bounds checking. | HIGH | Apple |
CISA Known Exploited |
| CVE-2023-0669 (6) | Fortra GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due ... | HIGH | Fortra |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
| CVE-2023-23383 (5) | Service Fabric Explorer Spoofing Vulnerability | MEDIUM | Microsoft |
Actively Exploited Remote Code Execution |
CISA Known Exploited Vulnerabilities
CISA added 10 vulnerabilities to the known exploited vulnerabilities list.
Apple — iOS, iPadOS, and macOS |
|
CVE-2021-30900 / Added: March 30, 2023 |
|
HIGH CVSS 7.80 |
|
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges. |
|
Headlines
|
Arm — Mali Graphics Processing Unit (GPU) |
|
CVE-2022-38181 / Added: March 30, 2023 |
|
HIGH CVSS 8.80 |
|
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information. |
|
Headlines
|
Arm — Mali Graphics Processing Unit (GPU) |
|
CVE-2022-22706 / Added: March 30, 2023 |
|
HIGH CVSS 7.80 |
|
Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages. |
|
Headlines
|
Fortra — Cobalt Strike |
|
CVE-2022-42948 / Added: March 30, 2023 |
|
CRITICAL CVSS 9.80 |
|
Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution. |
|
Headlines |
Fortra — Cobalt Strike |
|
CVE-2022-39197 / Added: March 30, 2023 |
|
MEDIUM CVSS 6.10 |
|
Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely. |
|
Headlines |
Google — Chrome |
|
CVE-2022-3038 / Added: March 30, 2023 |
|
HIGH CVSS 8.80 |
|
Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. |
|
Headlines
|
Linux — Kernel |
|
CVE-2023-0266 / Added: March 30, 2023 |
|
HIGH CVSS 7.80 |
|
Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user. |
|
Headlines
|
Microsoft — Internet Explorer |
|
CVE-2014-1776 / Added: March 30, 2023 |
|
HIGH CVSS 10.00 |
|
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user. |
Microsoft — Internet Explorer |
|
CVE-2013-3163 / Added: March 30, 2023 |
|
HIGH CVSS 9.30 |
|
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. |
Samba — Samba |
|
CVE-2017-7494 / Added: March 30, 2023 |
|
CRITICAL CVSS 9.80 |
|
Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it. |
|
Headlines |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-23397 |
|
CRITICAL CVSS 9.80 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: March 14, 2023 |
|
Microsoft Outlook Elevation of Privilege Vulnerability |
|
Vendor Impacted: Microsoft |
|
Products Impacted: 365 Apps, Outlook, Office |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2022-4135 |
|
CRITICAL CVSS 9.60 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: Nov. 25, 2022 |
|
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
Vendors Impacted: Microsoft, Google |
|
Products Impacted: Edge, Chromium, Edge Chromium |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2022-42856 |
|
HIGH CVSS 8.80 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: Dec. 15, 2022 |
|
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. |
|
Vendor Impacted: Apple |
|
Products Impacted: Macos, Ios, Iphone Os, Safari, Ipados, Tvos |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-23529 |
|
HIGH CVSS 8.80 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: Feb. 27, 2023 |
|
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
|
Vendor Impacted: Apple |
|
Products Impacted: Macos, Iphone Os, Multiple Products, Safari, Ipados |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2022-38181 |
|
HIGH CVSS 8.80 |
|
CISA Known Exploited |
|
Published: Oct. 25, 2022 |
|
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0. |
|
Vendor Impacted: Arm |
|
Products Impacted: Mali Graphics Processing Unit (Gpu), Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver, Midguard Gpu Kernel Driver |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2022-3723 |
|
HIGH CVSS 8.80 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: Nov. 1, 2022 |
|
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
Vendor Impacted: Google |
|
Product Impacted: Chromium V8 Engine |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2021-30900 |
|
HIGH CVSS 7.80 |
|
CISA Known Exploited |
|
Published: Aug. 24, 2021 |
|
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges. |
|
Vendor Impacted: Apple |
|
Products Impacted: Macos, Ios, Ipados, And Macos, Iphone Os, Ipados, Ipad Os |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-0669 |
|
HIGH CVSS 7.20 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
|
Published: Feb. 6, 2023 |
|
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. |
|
Vendor Impacted: Fortra |
|
Products Impacted: Goanywhere Mft, Goanywhere Managed File Transfer |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-23383 |
|
MEDIUM CVSS 5.40 |
|
Actively Exploited Remote Code Execution |
|
Published: March 14, 2023 |
|
Service Fabric Explorer Spoofing Vulnerability |
|
Vendor Impacted: Microsoft |
|
Product Impacted: Azure Service Fabric |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
