CISA Known Exploited Vulnerabilities

Description:

The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.

Description:

Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Description:

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

Description:

Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.

Description:

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.

Description:

Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.

Description:

A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.

Description:

Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.

Description:

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

Description:

SAP NetWeaver contains a vulnerability that allows unrestricted file upload.

Description:

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Description:

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.

Description:

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.

Description:

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.

Description:

QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.