cisa-known-exploited-vulns icon indicating copy to clipboard operation
cisa-known-exploited-vulns copied to clipboard

Published 20 hours ago verified publisher icon hrbrmstr

KEV Release: 2022-06-27

Open hrbrmstr opened this issue 3 years ago • 0 comments

KEV Release: 2022-06-27

8 CVEs in this release.

  • CVE-2022-29499: Remote (Mitel:MiVoice Connect) Mitel MiVoice Connect Data Validation Vulnerability :: The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.

    Additional Information

    • CVSS 9.8
    • Severity: CRITICAL
    • Attack Vector: NETWORK
    • Attack Complexity: LOW
    • Privileges Required: NONE
    • User Interaction: NONE
    • Impact: 5.9
    • CWE: CWE-20
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    • EPSS: 0.011560000 / 0.592760000
    • In The Wild: https://inthewild.io/vuln/CVE-2022-29499

  • CVE-2021-30533: Local/Adjacent (Google:Chromium) Google Chromium Security Bypass Vulnerability :: Insufficient policy enforcement in the PopupBlocker for Chromium allows an attacker to remotely bypass security mechanisms. This vulnerability impacts web browsers using Chromium such as Chrome and Edge.

    Additional Information

    • CVSS 6.5
    • Severity: MEDIUM
    • Attack Vector: NETWORK
    • Attack Complexity: LOW
    • Privileges Required: NONE
    • User Interaction: REQUIRED
    • Impact: 3.6
    • CWE: CWE-863
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
    • EPSS: 0.012130000 / 0.649110000
    • In The Wild: https://inthewild.io/vuln/CVE-2021-30533

  • CVE-2021-4034: Local/Adjacent (Red Hat:Polkit) Red Hat Polkit Out-of-Bounds Read and Write Vulnerability :: The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability which allows for privilege escalation with administrative rights.

    Additional Information

    • CVSS 7.8
    • Severity: HIGH
    • Attack Vector: LOCAL
    • Attack Complexity: LOW
    • Privileges Required: LOW
    • User Interaction: NONE
    • Impact: 5.9
    • CWE: CWE-787
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    • EPSS: 0.089540000 / 0.936360000
    • In The Wild: https://inthewild.io/vuln/CVE-2021-4034

  • CVE-2021-30983: Local/Adjacent (Apple:iOS and iPadOS) Apple iOS and iPadOS Buffer Overflow Vulnerability :: Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.

    Additional Information

    • CVSS 7.8
    • Severity: HIGH
    • Attack Vector: LOCAL
    • Attack Complexity: LOW
    • Privileges Required: NONE
    • User Interaction: REQUIRED
    • Impact: 5.9
    • CWE: CWE-120
    • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    • EPSS: 0.010360000 / 0.403640000
    • In The Wild: https://inthewild.io/vuln/CVE-2021-30983

  • CVE-2020-3837: Local/Adjacent (Apple:Multiple Products) Apple Multiple Products Memory Corruption Vulnerability :: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.

    Additional Information

    • CVSS 7.8
    • Severity: HIGH
    • Attack Vector: LOCAL
    • Attack Complexity: LOW
    • Privileges Required: NONE
    • User Interaction: REQUIRED
    • Impact: 5.9
    • CWE: CWE-787
    • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    • EPSS: 0.027880000 / 0.818190000
    • In The Wild: https://inthewild.io/vuln/CVE-2020-3837

  • CVE-2020-9907: Local/Adjacent (Apple:Multiple Products) Apple Multiple Products Memory Corruption Vulnerability :: Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.

    Additional Information

    • CVSS 7.8
    • Severity: HIGH
    • Attack Vector: LOCAL
    • Attack Complexity: LOW
    • Privileges Required: NONE
    • User Interaction: REQUIRED
    • Impact: 5.9
    • CWE: CWE-787
    • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    • EPSS: 0.010050000 / 0.355540000
    • In The Wild: https://inthewild.io/vuln/CVE-2020-9907

  • CVE-2019-8605: Local/Adjacent (Apple:Multiple Products) Apple Multiple Products Use-After-Free Vulnerability :: A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.

    Additional Information

    • CVSS 7.8
    • Severity: HIGH
    • Attack Vector: LOCAL
    • Attack Complexity: LOW
    • Privileges Required: NONE
    • User Interaction: REQUIRED
    • Impact: 5.9
    • CWE: CWE-416
    • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    • EPSS: 0.026290000 / 0.808320000
    • In The Wild: https://inthewild.io/vuln/CVE-2019-8605

  • CVE-2018-4344: Local/Adjacent (Apple:Multiple Products) Apple Multiple Products Memory Corruption Vulnerability :: Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.

    Additional Information

    • CVSS 7.8
    • Severity: HIGH
    • Attack Vector: LOCAL
    • Attack Complexity: LOW
    • Privileges Required: NONE
    • User Interaction: REQUIRED
    • Impact: 5.9
    • CWE: CWE-119
    • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    • EPSS: 0.010180000 / 0.379860000
    • In The Wild: https://inthewild.io/vuln/CVE-2018-4344

hrbrmstr avatar Jul 04 '22 18:07 hrbrmstr