CISA Adds Known Exploited Vulnerabilities to Catalog - 20230331002

Overview

CISA has added ten new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

What is the vulnerability?

CVE	Affected Product
CVE-2023-0266	Linux Kernel Use-After-Free Vulnerability
CVE-2022-42948	Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability
CVE-2022-39197	Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability
CVE-2022-38181	Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
CVE-2022-3038	Google Chrome Use-After-Free Vulnerability
CVE-2022-22706	Arm Mali GPU Kernel Driver Unspecified Vulnerability
CVE-2021-30900	Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
CVE-2017-7494	Samba Remote Code Execution Vulnerability
CVE-2014-1776	Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3163	Microsoft Internet Explorer Memory Corruption Vulnerability

What has been observed?

CISA has listed this vulnerabilty in their Known Exploited Vulnerabilties catalog.

Recommendation

Due to the report of active exploitation, it is strongly recommended to patch this vulnerability within 2 weeks across all affected platforms as per vendor instructions.