CVE-2023-28206 - Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability -

Action Due May 01, 2023 Target Vendor : Apple

Description : Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-us/HT213720, https://support.apple.com/en-us/HT213721; https://nvd.nist.gov/vuln/detail/CVE-2023-28206

CVE-2021-27876 - Veritas Backup Exec Agent File Access Vulnerability -

Action Due Apr 28, 2023 Target Vendor : Veritas

Description : Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27876

CVE-2021-27877 - Veritas Backup Exec Agent Improper Authentication Vulnerability -

Action Due Apr 28, 2023 Target Vendor : Veritas

Description : Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27877

CVE-2021-27878 - Veritas Backup Exec Agent Command Execution Vulnerability -

Action Due Apr 28, 2023 Target Vendor : Veritas

Description : Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27878

CVE-2023-26083 - Arm Mali GPU Kernel Driver Information Disclosure Vulnerability -

Action Due Apr 28, 2023 Target Vendor : Arm

Description : Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2023-26083

CVE-2019-1388 - Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability -

Action Due Apr 28, 2023 Target Vendor : Microsoft

Description : Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388; https://nvd.nist.gov/vuln/detail/CVE-2019-1388

CVE-2022-27926 - Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability -

Action Due Apr 24, 2023 Target Vendor : Zimbra

Description : Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://wiki.zimbra.com/wiki/Security_Center; https://nvd.nist.gov/vuln/detail/CVE-2022-27926

CVE-2017-7494 - Samba Remote Code Execution Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Samba

Description : Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://www.samba.org/samba/security/CVE-2017-7494.html; https://nvd.nist.gov/vuln/detail/CVE-2017-7494

CVE-2022-42948 - Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Fortra

Description : Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/; https://nvd.nist.gov/vuln/detail/CVE-2022-42948

CVE-2022-39197 - Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Fortra

Description : Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/; https://nvd.nist.gov/vuln/detail/CVE-2022-39197

CVE-2021-30900 - Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Apple

Description : Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-us/HT21286, https://support.apple.com/en-us/HT212868, https://support.apple.com/kb/HT212872; https://nvd.nist.gov/vuln/detail/CVE-2021-30900

CVE-2022-38181 - Arm Mali GPU Kernel Driver Use-After-Free Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Arm

Description : Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-38181

CVE-2023-0266 - Linux Kernel Use-After-Free Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Linux

Description : Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4; https://nvd.nist.gov/vuln/detail/CVE-2023-0266

CVE-2022-22706 - Arm Mali GPU Kernel Driver Unspecified Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Arm

Description : Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-22706

CVE-2013-3163 - Microsoft Internet Explorer Memory Corruption Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055; https://nvd.nist.gov/vuln/detail/CVE-2013-3163

CVE-2022-3038 - Google Chromium Network Service Use-After-Free Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Google

Description : Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html; https://nvd.nist.gov/vuln/detail/CVE-2022-3038

CVE-2023-26360 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -

Action Due Apr 05, 2023 Target Vendor : Adobe

Description : Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html; https://nvd.nist.gov/vuln/detail/CVE-2023-26360

CVE-2023-23397 - Microsoft Office Outlook Privilege Escalation Vulnerability -

Action Due Apr 04, 2023 Target Vendor : Microsoft

Description : Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397

CVE-2023-24880 - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability -

Action Due Apr 04, 2023 Target Vendor : Microsoft

Description : Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880; https://nvd.nist.gov/vuln/detail/CVE-2023-24880

CVE-2022-41328 - Fortinet FortiOS Path Traversal Vulnerability -

Action Due Apr 04, 2023 Target Vendor : Fortinet

Description : Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.fortiguard.com/psirt/FG-IR-22-369; https://nvd.nist.gov/vuln/detail/CVE-2022-41328