This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2023-26083
Vendor: Arm
Product: Mali Graphics Processing Unit (GPU)
Added: 2023-04-07
Due Date: 2023-04-28
Description:
Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-27926
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Added: 2023-04-03
Due Date: 2023-04-24
Description:
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-3163
Vendor: Microsoft
Product: Internet Explorer
Added: 2023-03-30
Due Date: 2023-04-20
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2017-7494
Vendor: Samba
Product: Samba
Added: 2023-03-30
Due Date: 2023-04-20
Description:
Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-42948
Vendor: Fortra
Product: Cobalt Strike
Added: 2023-03-30
Due Date: 2023-04-20
Description:
Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-39197
Vendor: Fortra
Product: Cobalt Strike
Added: 2023-03-30
Due Date: 2023-04-20
Description:
Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-30900
Vendor: Apple
Product: iOS, iPadOS, and macOS
Added: 2023-03-30
Due Date: 2023-04-20
Description:
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-38181
Vendor: Arm
Product: Mali Graphics Processing Unit (GPU)
Added: 2023-03-30
Due Date: 2023-04-20
Description:
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-0266
Vendor: Linux
Product: Kernel
Added: 2023-03-30
Due Date: 2023-04-20
Description:
Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-3038
Vendor: Google
Product: Chromium Network Service
Added: 2023-03-30
Due Date: 2023-04-20
Description:
Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-22706
Vendor: Arm
Product: Mali Graphics Processing Unit (GPU)
Added: 2023-03-30
Due Date: 2023-04-20
Description:
Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-26360
Vendor: Adobe
Product: ColdFusion
Added: 2023-03-15
Due Date: 2023-04-05
Description:
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-23397
Vendor: Microsoft
Product: Office
Added: 2023-03-14
Due Date: 2023-04-04
Description:
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-24880
Vendor: Microsoft
Product: Windows
Added: 2023-03-14
Due Date: 2023-04-04
Description:
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-41328
Vendor: Fortinet
Product: FortiOS
Added: 2023-03-14
Due Date: 2023-04-04
Description:
Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.
Required Action:
Apply updates per vendor instructions.
CWEs: