CVE-2023-41266

Known exploited
Used for ransomware
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
Max CVSS
8.2
EPSS Score
83.57%
Published
2023-08-29
Updated
2023-09-08
CISA KEV Added
2023-12-07

CVE-2023-41265

Known exploited
Used for ransomware
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
Max CVSS
9.9
EPSS Score
91.51%
Published
2023-08-29
Updated
2023-09-08
CISA KEV Added
2023-12-07

CVE-2023-33107

Known exploited
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
Max CVSS
8.4
EPSS Score
0.06%
Published
2023-12-05
Updated
2023-12-11
CISA KEV Added
2023-12-05

CVE-2023-33106

Known exploited
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
Max CVSS
8.4
EPSS Score
0.06%
Published
2023-12-05
Updated
2023-12-11
CISA KEV Added
2023-12-05

CVE-2023-33063

Known exploited
Memory corruption in DSP Services during a remote call from HLOS to DSP.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-12-05
Updated
2023-12-11
CISA KEV Added
2023-12-05

CVE-2022-22071

Known exploited
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Max CVSS
8.4
EPSS Score
0.11%
Published
2022-06-14
Updated
2022-06-22
CISA KEV Added
2023-12-05

CVE-2023-42917

Known exploited
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Max CVSS
8.8
EPSS Score
0.14%
Published
2023-11-30
Updated
2024-01-26
CISA KEV Added
2023-12-04

CVE-2023-42916

Known exploited
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Max CVSS
6.5
EPSS Score
0.11%
Published
2023-11-30
Updated
2024-01-26
CISA KEV Added
2023-12-04
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!