| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21674 | 0.14 | — | 0.42 | KEV | Jan 10, 2023 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | ||
| CVE-2022-44877 | 0.23 | — | 1.00 | KEV | Jan 5, 2023 | login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. | ||
| CVE-2022-42475 | 0.26 | — | 0.99 | KEV | Jan 2, 2023 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated… | ||
| CVE-2022-26486 | 0.12 | — | 0.02 | KEV | Dec 22, 2022 | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0,… | ||
| CVE-2022-26485 | 0.12 | — | 0.14 | KEV | Dec 22, 2022 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and… | ||
| CVE-2022-42856 | 0.12 | — | 0.09 | KEV | Dec 15, 2022 | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a… | ||
| CVE-2022-27518 | 0.14 | — | 0.07 | KEV | Dec 13, 2022 | Unauthenticated remote arbitrary code execution | ||
| CVE-2022-44698 | 0.23 | — | 0.76 | KEV | Dec 13, 2022 | Windows SmartScreen Security Feature Bypass Vulnerability | ||
| CVE-2022-46169 | 0.23 | — | 1.00 | KEV | Dec 5, 2022 | Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if… | ||
| CVE-2022-4262 | 0.13 | — | 0.16 | KEV | Dec 2, 2022 | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-40799 | 0.17 | — | 0.31 | KEV | Nov 29, 2022 | Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. | ||
| CVE-2022-4135 | 0.05 | — | 0.32 | KEV | Nov 25, 2022 | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-40765 | 0.18 | — | 0.10 | KEV | Nov 22, 2022 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. | ||
| CVE-2022-41223 | 0.18 | — | 0.11 | KEV | Nov 22, 2022 | The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. | ||
| CVE-2022-23748 | 0.13 | — | 0.09 | KEV | Nov 17, 2022 | mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files. | ||
| CVE-2022-41128 | 0.15 | — | 0.25 | KEV | Nov 9, 2022 | Windows Scripting Languages Remote Code Execution Vulnerability | ||
| CVE-2022-41125 | 0.12 | — | 0.03 | KEV | Nov 9, 2022 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | ||
| CVE-2022-41073 | 0.18 | — | 0.02 | KEV | Nov 9, 2022 | Windows Print Spooler Elevation of Privilege Vulnerability | ||
| CVE-2022-41091 | 0.19 | — | 0.02 | KEV | Nov 9, 2022 | Windows Mark of the Web Security Feature Bypass Vulnerability | ||
| CVE-2022-41049 | 0.13 | — | 0.02 | KEV | Nov 9, 2022 | Windows Mark of the Web Security Feature Bypass Vulnerability | ||
| CVE-2022-41080 | 0.26 | — | 0.77 | KEV | Nov 9, 2022 | Microsoft Exchange Server Elevation of Privilege Vulnerability | ||
| CVE-2022-31199 | 0.18 | — | 0.36 | KEV | Nov 8, 2022 | Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by… | ||
| CVE-2022-42827 | 0.12 | — | 0.01 | KEV | Nov 1, 2022 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have… | ||
| CVE-2022-3723 | 0.12 | — | 0.07 | KEV | Nov 1, 2022 | Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-38181 | 0.14 | — | 0.13 | KEV | Oct 25, 2022 | The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0. | ||
| CVE-2016-20017 | 0.22 | — | 0.60 | KEV | Oct 19, 2022 | D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. | ||
| CVE-2022-21587 | 0.29 | — | 0.98 | KEV | Oct 18, 2022 | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to… | ||
| CVE-2022-40684 | 0.29 | — | 1.00 | KEV | Oct 18, 2022 | An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated… | ||
| CVE-2022-38028 | 0.12 | — | 0.15 | KEV | Oct 11, 2022 | Windows Print Spooler Elevation of Privilege Vulnerability | ||
| CVE-2022-41033 | 0.12 | — | 0.02 | KEV | Oct 11, 2022 | Windows COM+ Event System Service Elevation of Privilege Vulnerability | ||
| CVE-2022-41040 | 0.29 | — | 1.00 | KEV | Oct 3, 2022 | Microsoft Exchange Server Elevation of Privilege Vulnerability | ||
| CVE-2022-41082 | 0.28 | — | 1.00 | KEV | Oct 3, 2022 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2022-20775 | 0.12 | — | 0.12 | KEV | Sep 30, 2022 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running… | ||
| CVE-2022-3075 | 0.12 | — | 0.06 | KEV | Sep 26, 2022 | Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2022-3038 | 0.15 | — | 0.25 | KEV | Sep 26, 2022 | Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2022-2856 | 0.12 | — | 0.04 | KEV | Sep 26, 2022 | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. | ||
| CVE-2022-41352 | 0.23 | — | 0.95 | KEV | Sep 26, 2022 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends… | ||
| CVE-2022-3236 | 0.19 | — | 0.99 | KEV | Sep 23, 2022 | A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | ||
| CVE-2022-39197 | 0.14 | — | 0.46 | KEV | Sep 22, 2022 | An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the… | ||
| CVE-2022-32917 | 0.12 | — | 0.06 | KEV | Sep 20, 2022 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have… | ||
| CVE-2022-40139 | 0.13 | — | 0.03 | KEV | Sep 19, 2022 | Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to… | ||
| CVE-2022-35914 | 0.23 | — | 1.00 | KEV | Sep 19, 2022 | /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. | ||
| CVE-2022-37969 | 0.13 | — | 0.28 | KEV | Sep 13, 2022 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2022-27593 | 0.26 | — | 0.88 | KEV | Sep 8, 2022 | An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo… | ||
| CVE-2022-37055 | 0.18 | — | 0.57 | KEV | Aug 28, 2022 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, | ||
| CVE-2022-36537 | — | 0.19 | — | 0.95 | KEV | Aug 26, 2022 | ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. | |
| CVE-2022-36804 | 0.23 | — | 0.99 | KEV | Aug 25, 2022 | Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from… | ||
| CVE-2022-32893 | 0.12 | — | 0.10 | KEV | Aug 24, 2022 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that… | ||
| CVE-2022-32894 | 0.12 | — | 0.03 | KEV | Aug 24, 2022 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have… | ||
| CVE-2022-37042 | 0.29 | — | 0.88 | KEV | Aug 11, 2022 | Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal… |
- risk 0.14cvss —epss 0.42
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
- risk 0.23cvss —epss 1.00
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
- risk 0.26cvss —epss 0.99
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated…
- risk 0.12cvss —epss 0.02
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0,…
- risk 0.12cvss —epss 0.14
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and…
- risk 0.12cvss —epss 0.09
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a…
- risk 0.14cvss —epss 0.07
Unauthenticated remote arbitrary code execution
- risk 0.23cvss —epss 0.76
Windows SmartScreen Security Feature Bypass Vulnerability
- risk 0.23cvss —epss 1.00
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if…
- risk 0.13cvss —epss 0.16
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.17cvss —epss 0.31
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.
- risk 0.05cvss —epss 0.32
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- risk 0.18cvss —epss 0.10
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
- risk 0.18cvss —epss 0.11
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.
- risk 0.13cvss —epss 0.09
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
- risk 0.15cvss —epss 0.25
Windows Scripting Languages Remote Code Execution Vulnerability
- risk 0.12cvss —epss 0.03
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
- risk 0.18cvss —epss 0.02
Windows Print Spooler Elevation of Privilege Vulnerability
- risk 0.19cvss —epss 0.02
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.13cvss —epss 0.02
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.26cvss —epss 0.77
Microsoft Exchange Server Elevation of Privilege Vulnerability
- risk 0.18cvss —epss 0.36
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by…
- risk 0.12cvss —epss 0.01
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have…
- risk 0.12cvss —epss 0.07
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.14cvss —epss 0.13
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.
- risk 0.22cvss —epss 0.60
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
- risk 0.29cvss —epss 0.98
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…
- risk 0.29cvss —epss 1.00
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated…
- risk 0.12cvss —epss 0.15
Windows Print Spooler Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.02
Windows COM+ Event System Service Elevation of Privilege Vulnerability
- risk 0.29cvss —epss 1.00
Microsoft Exchange Server Elevation of Privilege Vulnerability
- risk 0.28cvss —epss 1.00
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.12cvss —epss 0.12
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running…
- risk 0.12cvss —epss 0.06
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- risk 0.15cvss —epss 0.25
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.12cvss —epss 0.04
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
- risk 0.23cvss —epss 0.95
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends…
- risk 0.19cvss —epss 0.99
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
- risk 0.14cvss —epss 0.46
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the…
- risk 0.12cvss —epss 0.06
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have…
- risk 0.13cvss —epss 0.03
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to…
- risk 0.23cvss —epss 1.00
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
- risk 0.13cvss —epss 0.28
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.26cvss —epss 0.88
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo…
- risk 0.18cvss —epss 0.57
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
- risk 0.19cvss —epss 0.95
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
- risk 0.23cvss —epss 0.99
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from…
- risk 0.12cvss —epss 0.10
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that…
- risk 0.12cvss —epss 0.03
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have…
- risk 0.29cvss —epss 0.88
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal…