Apple Security Advisory

Safari 16 Security Content iOS 16 Security Content macOS Monterey 12.6 Security Content macOS Big Sur 11.7 Security Content iOS 15.7 and iPadOS 15.7 Security Content

National Cyber Awareness System

CISA Releases Eleven Industrial Control Systems Advisories CISA Adds Six Known Exploited Vulnerabilities to Catalog CISA and NSA Publish Open Radio Access Network Security Considerations CISA Adds Two Known Exploited Vulnerabilities to Catalog Iranian Islamic Revolutionary Guard Corps Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations Adobe Releases Security Updates for Multiple Products Microsoft Releases September 2022 Security Updates CISA Releases Five Industrial Control Systems Advisories Apple Releases Security Updates for Multiple Products

Adobe Security Bulletins and Advisories

Security updates available for Adobe Photoshop | APSB21-28 APSB22-52 Security updates available for Adobe Experience Manager | APSB21-15 APSB22-40 Security Updates Available for Adobe Bridge | APSB21-23 APSB22-49 Security Update Available for Adobe InDesign | APSB20-66 APSB22-50 Security Update Available for Adobe InCopy | APSB21-05 APSB22-53 Security Updates Available for Adobe Animate | APSB21-21 APSB22-54

Ubuntu Security Notices

USN-5616-1: Linux kernel (Intel IoTG) vulnerabilities USN-5615-1: SQLite vulnerabilities USN-5614-1: Wayland vulnerability USN-5613-1: Vim vulnerabilities USN-5612-1: Intel Microcode vulnerability USN-5606-2: poppler regression USN-5611-1: WebKitGTK vulnerability USN-5610-1: rust-regex vulnerability USN-5583-2: systemd regression USN-5609-1: .NET 6 vulnerability USN-5608-1: DPDK vulnerability USN-5607-1: GDK-PixBuf vulnerability USN-5606-1: poppler vulnerability USN-5523-2: LibTIFF vulnerabilities

Red Hat Security Advisory

(RHSA-2022:6527) Moderate: OpenShift Virtualization 4.11.0 RPMs security and bug fix update (RHSA-2022:6541) Moderate: php:7.4 security update (RHSA-2022:6542) Moderate: php:7.4 security update (RHSA-2022:6540) Moderate: webkit2gtk3 security update (RHSA-2022:6539) Moderate: .NET 6.0 security and bugfix update (RHSA-2022:6308) Important: OpenShift Container Platform 4.8.49 security update (RHSA-2022:6526) Important: OpenShift Virtualization 4.11.0 Images security and bug fix update (RHSA-2022:6523) Moderate: .NET Core 3.1 security and bugfix update (RHSA-2022:6522) Moderate: .NET Core 3.1 on RHEL 7 security and bugfix update (RHSA-2022:6521) Moderate: .NET 6.0 security and bugfix update (RHSA-2022:6520) Moderate: .NET 6.0 on RHEL 7 security and bugfix update (RHSA-2022:6518) Moderate: rh-mysql80-mysql security, bug fix, and enhancement update (RHSA-2022:6517) Important: Release of containers for OSP 16.2.z director operator tech preview (RHSA-2022:6507) Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes (RHSA-2022:6506) Moderate: openvswitch2.16 security update (RHSA-2022:6505) Moderate: openvswitch2.15 security update (RHSA-2022:6504) Moderate: openvswitch2.17 security update (RHSA-2022:6503) Moderate: openvswitch2.17 security update (RHSA-2022:6502) Moderate: openvswitch2.13 security update (RHSA-2022:6322) Moderate: OpenShift Container Platform 4.7.59 bug fix and security update (RHSA-2022:6450) Moderate: ruby:3.0 security, bug fix, and enhancement update (RHSA-2022:6460) Moderate: kernel security, bug fix, and enhancement update (RHSA-2022:6463) Moderate: gnupg2 security update (RHSA-2022:6457) Moderate: python3 security update (RHSA-2022:6449) Moderate: nodejs:16 security and bug fix update (RHSA-2022:6443) Moderate: mariadb:10.3 security and bug fix update (RHSA-2022:6447) Moderate: ruby:2.7 security, bug fix, and enhancement update (RHSA-2022:6448) Moderate: nodejs:14 security and bug fix update (RHSA-2022:6437) Moderate: kernel-rt security and bug fix update (RHSA-2022:6439) Moderate: booth security update (RHSA-2022:6432) Important: kernel security and bug fix update (RHSA-2022:6430) Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update (RHSA-2022:6429) Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update (RHSA-2022:6427) Critical: Red Hat Advanced Cluster Management 2.6.1 security fix and bug fix (RHSA-2022:6424) Critical: Multicluster Engine for Kubernetes 2.1.1 security update and bug fixes (RHSA-2022:6422) Critical: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes (RHSA-2022:6317) Important: OpenShift Container Platform 4.9.48 bug fix and security update (RHSA-2022:6318) Moderate: OpenShift Container Platform 4.9.48 extras security update

Node.js Security Advisories

September 22nd 2022 Security Releases

Cisco Security Advisory

Cisco IOS XR Software Broadband Network Gateway PPP over Ethernet Denial of Service Vulnerability Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability Cisco Network Convergence System 4000 Series TL1 Denial of Service Vulnerability

Microsoft Security

Chromium: CVE-2022-3200 Heap buffer overflow in Internals Chromium: CVE-2022-3199 Use after free in Frames Chromium: CVE-2022-3198 Use after free in PDF Chromium: CVE-2022-3197 Use after free in PDF Chromium: CVE-2022-3196 Use after free in PDF Chromium: CVE-2022-3195 Out of bounds write in Storage Windows Photo Import API Elevation of Privilege Vulnerability .NET Framework Remote Code Execution Vulnerability Windows Credential Roaming Service Elevation of Privilege Vulnerability Windows Secure Channel Denial of Service Vulnerability Windows Kerberos Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability Windows Kernel Elevation of Privilege Vulnerability .NET Core and Visual Studio Denial of Service Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Kerberos Elevation of Privilege Vulnerability Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Event Tracing Denial of Service Vulnerability Windows Secure Channel Denial of Service Vulnerability Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Windows Graphics Component Information Disclosure Vulnerability HTTP V3 Denial of Service Vulnerability Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Windows Enterprise App Management Service Remote Code Execution Vulnerability Windows TCP/IP Remote Code Execution Vulnerability Windows Distributed File System (DFS) Elevation of Privilege Vulnerability Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability Windows DNS Server Denial of Service Vulnerability Windows ALPC Elevation of Privilege Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability Windows Graphics Component Information Disclosure Vulnerability Windows GDI Elevation of Privilege Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Windows Group Policy Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Fax Service Remote Code Execution Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability Microsoft Office Visio Remote Code Execution Vulnerability Microsoft PowerPoint Remote Code Execution Vulnerability Raw Image Extension Remote Code Execution Vulnerability Microsoft Office Visio Remote Code Execution Vulnerability Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability AV1 Video Extension Remote Code Execution Vulnerability Visual Studio Code Elevation of Privilege Vulnerability

Google Security Advisories

Pixel Update Bulletin—September 2022 | Android Open Source Project Android Security Bulletin—September 2022 | Android Open Source Project

Github Security Advisories

[GHSA-m6vp-8q9j-whx4] TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices` [GHSA-p2xf-8hgm-hpw5] TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal` [GHSA-9942-r22v-78cp] TensorFlow vulnerable to `CHECK` fail in `LRNGrad` [GHSA-wr9v-g9vf-c74v] TensorFlow vulnerable to segfault in `RaggedBincount` [GHSA-9vqj-64pv-w55c] TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank` [GHSA-j43h-pgmg-5hjq] TensorFlow vulnerable to `CHECK` fail in `MaxPool` [GHSA-397c-5g2j-qxpv] TensorFlow vulnerable to segfault in `SparseBincount` [GHSA-vxv8-r8q2-63xw] TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad` [GHSA-v7vw-577f-vp8x] TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6` [GHSA-vgvh-2pf4-jr2x] TensorFlow vulnerable to segfault in `QuantizeDownAndShrinkRange` [GHSA-689c-r7h2-fv9v] TensorFlow vulnerable to segfault in `QuantizedMatMul` [GHSA-4pc4-m9mj-v2r9] TensorFlow vulnerable to segfault in `QuantizedBiasAdd` [GHSA-9fpg-838v-wpv7] TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars` [GHSA-g35r-369w-3fqp] TensorFlow vulnerable to segfault in `QuantizedInstanceNorm` [GHSA-q2c3-jpmc-gfjx] TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput` [GHSA-2475-53vw-vp25] TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad` [GHSA-v6h3-348g-6h5x] TensorFlow vulnerable to segfault in `QuantizedAdd` [GHSA-4w68-4x85-mjj9] TensorFlow vulnerable to segfault in `QuantizedAvgPool` [GHSA-h7ff-cfc9-wmmh] TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient` [GHSA-vm7x-4qhj-rrcq] TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2` [GHSA-qxpx-j395-pw36] TensorFlow vulnerable to segfault in `LowerBound` and `UpperBound` [GHSA-9v8w-xmr4-wgxp] TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor` [GHSA-wq6q-6m32-9rv9] TensorFlow vulnerable to `CHECK` fail in `SetSize` [GHSA-f7r5-q7cx-h668] TensorFlow vulnerable to segfault in `BlockLSTMGradV2` [GHSA-84jm-4cf3-9jfm] TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad` [GHSA-h5vq-gw2c-pq47] TensorFlow vulnerable to `CHECK` failures in `UnbatchGradOp` [GHSA-x989-q2pq-4q5x] TensorFlow vulnerable to Int overflow in `RaggedRangeOp` [GHSA-fhfc-2q7x-929f] TensorFlow vulnerable to `CHECK` fail in `CollectiveGather` [GHSA-v5xg-3q2c-c2r4] TensorFlow vulnerable to `CHECK` failure in `TensorListReserve` via missing validation [GHSA-q5jv-m6qw-5g37] TensorFlow vulnerable to floating point exception in `Conv2D` [GHSA-wxjj-cgcx-r3vq] TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad` [GHSA-qhw4-wwr7-gjc5] TensorFlow vulnerable to `CHECK` fail in `EmptyTensorList` [GHSA-fqxc-pvf8-2w9v] TensorFlow vulnerable to null dereference on MLIR on empty function attributes [GHSA-jqm7-m5q7-3hm5] TensorFlow vulnerable to `CHECK` fail in `DrawBoundingBoxes` [GHSA-634p-93h9-92vh] ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File [GHSA-mh3m-62v7-68xg] TensorFlow vulnerable to `CHECK` fail in `Unbatch` [GHSA-828c-5j5q-vrjq] TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef` [GHSA-fv43-93gv-vm8f] TensorFlow vulnerable to null dereference on MLIR on empty function attributes [GHSA-wqmc-pm8c-2jhc] TensorFlow vulnerable to segfault in `Requantize` [GHSA-cv2p-32v3-vhwq] TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2` [GHSA-r26c-679w-mrjm] TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` [GHSA-g9h5-vr8m-x2h4] TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2` [GHSA-4p6f-m4f9-ch88] Binary vulnerable to Slice Memory Allocation with Excessive Size Value [GHSA-mv8m-8x97-937q] TensorFlow vulnerable to `CHECK` fail in `tf.random.gamma` [GHSA-g468-qj8g-vcjc] TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` [GHSA-mv8x-668m-53fg] Elrond-go has improper initialization [GHSA-7j3m-8g3c-9qqq] TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr` [GHSA-rh87-q4vg-m45j] TensorFlow vulnerable to integer overflow in math ops [GHSA-jvhc-5hhr-w3v5] TensorFlow vulnerable to assertion fail on MLIR empty edge names [GHSA-w62h-8xjm-fv49] TensorFlow vulnerable to `CHECK` fail in `DenseBincount` [GHSA-mgmh-g2v6-mqw5] TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp` [GHSA-2m6g-crv8-p3c6] Parse Server vulnerable to brute force guessing of user sensitive data via search patterns [GHSA-9cr2-8pwr-fhfq] TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3` [GHSA-m6cv-4fmf-66xf] TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant` [GHSA-9j4v-pp28-mxv7] TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` [GHSA-79h2-q768-fpxr] TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions [GHSA-54qx-8p8w-xhg8] SFTPGo vulnerable to recovery codes abuse [GHSA-fxwr-4vq9-9vhj] XWiki Cross-Site Request Forgery (CSRF) for actions on tags [GHSA-ffjm-4qwc-7cmf] TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite [GHSA-pxrw-j2fv-hx3h] TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite [GHSA-6vfq-jmxg-g58r] Shopware contains sensitive data in backend customer module [GHSA-3pgj-pg6c-r5p7] OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI [GHSA-qc43-pgwq-3q2q] Shopware access control list bypassed via crafted specific URLs [GHSA-rc4r-wh2q-q6c4] Moby supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions [GHSA-xhmf-mmv2-4hhx] Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function [GHSA-f4w6-h4f5-wx45] TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows [GHSA-97p7-w86h-vcf9] TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation [GHSA-x996-7qh9-7ff7] Hyperledger indy-node vulnerable to denial of service [GHSA-xx9w-464f-7h6f] Harbor fails to validate the user permissions when updating a robot account [GHSA-8c6p-v837-77f6] Harbor fails to validate the user permissions when updating tag immutability policies [GHSA-jf8p-3vjh-pq94] Harbor fails to validate the user permissions when viewing Webhook policies [GHSA-3637-v6vq-xqqw] Harbor fails to validate the user permissions when updating tag retention policies [GHSA-28m8-9j7v-x499] Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links [GHSA-9xgj-fcgf-x6mw] Poetry Argument Injection can lead to Local Code Execution [GHSA-p7hr-f446-x6qf] TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross` [GHSA-37jf-mjv6-xfqw] TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput` [GHSA-8gw7-4j42-w388] Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature [GHSA-47m6-46mj-p235] TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection [GHSA-p2g7-xwvr-rrw3] Helm Controller denial of service [GHSA-w3w9-vrf5-8mx8] ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent [GHSA-xmgg-fx9p-prq6] NodeBB account takeover via SSO plugins [GHSA-r9x7-2xmr-v8fw] mangadex-downloader vulnerable to unauthorized file reading [GHSA-jv3g-j58f-9mq9] JOSE vulnerable to resource exhaustion via specifically crafted JWE [GHSA-qm4w-4995-vg7f] cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch [GHSA-f524-rf33-2jjr] OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions [GHSA-xg8p-34w2-j49j] linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend` [GHSA-jgc8-gvcx-9vfx] XWiki Platform Improper Authorization check for inactive users [GHSA-599v-w48h-rjrm] XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor [GHSA-gjmq-x5x7-wc36] XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list [GHSA-9r9j-57rf-f6vj] XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form [GHSA-c5v8-2q4r-5w9v] XWiki Platform Mentions UI vulnerable to Cross-site Scripting [GHSA-xr6m-2p4m-jvqf] XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability [GHSA-2g5c-228j-p52x] XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection [GHSA-7hgc-php5-77qq] Talos worker join token can be used to get elevated access level to the Talos API [GHSA-jr8j-2jhp-m67v] nftables binding to an already bound chain [GHSA-34vw-m4rh-r36p] Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM [GHSA-3633-5h82-39pq] Improper handling of different key IDs for the same public keys in attacker-controlled metadata [GHSA-fffr-7x4x-f98q] TYPO3 CMS vulnerable to Denial of Service in Page Error Handling [GHSA-m392-235j-9r7r] TYPO3 CMS vulnerable to User Enumeration via Response Timing [GHSA-5959-4x58-r8c2] TYPO3 CMS missing check for expiration time of password reset token for backend users [GHSA-9c6w-55cp-5w25] TYPO3 CMS Stored Cross-Site Scripting via FileDumpController [GHSA-fv2m-9249-qx85] TYPO3 CMS vulnerable to Cross-Site Scripting in view helper [GHSA-rfj2-q3h3-hm5j] Cargo extracting malicious crates can corrupt arbitrary files [GHSA-2hvr-h6gw-qrxp] Cargo extracting malicious crates can fill the file system [GHSA-8h89-34w2-jpfm] XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action [GHSA-h5j3-5x63-p8jv] XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard [GHSA-mxf2-4r22-5hq9] XWiki Platform Web Parent POM vulnerable to XSS in the attachment history [GHSA-fph9-f5r6-vhqf] Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service) [GHSA-r7vq-6425-j94w] Python-TUF vulnerable to incorrect threshold signature computation for new root metadata [GHSA-ggf6-638m-vqmg] Netmaker before 0.15.1 vulnerable to Insufficient Granularity of Access Control [GHSA-pfw4-xjgm-267c] Dendrite signature checks not applied to some retrieved missing events [GHSA-gqqf-g5r7-84vf] TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection [GHSA-cq7q-5c67-w39w] matrix-appservice-irc vulnerable to IRC mode parameter confusion [GHSA-xvqg-mv25-rwvw] Parsing issue in matrix-org/node-irc leading to room takeovers [GHSA-r8m2-4x37-6592] .NET Denial of Service Vulnerability [GHSA-qcqv-38jg-2r43] Pageflow vulnerable to insecure direct object reference in membership update endpoint [GHSA-wrrw-crp8-979q] Pageflow vulnerable to sensitive user data extraction via Ransack query injection [GHSA-qv98-3369-g364] KubeVirt vulnerable to arbitrary file read on host

CISA Known Exploted Vulnerabilities

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability CVE-2022-37969 Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability CVE-2022-32917 Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability CVE-2022-40139 Linux Kernel Improper Input Validation Vulnerability CVE-2013-6282 Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability CVE-2013-2597 Linux Kernel Integer Overflow Vulnerability CVE-2013-2596 Linux Kernel Privilege Escalation Vulnerability CVE-2013-2094 Microsoft Windows Remote Code Execution Vulnerability CVE-2010-2568

The known exploited vulnerabilities list contains vulnerabilities that are known to be activly exploited. They may not be new or recently discovered. Vulnerabilities listed here were added to this list in the past week.