NVD disclosure day

Published threat advisories for March 24, 2023

CVE advisoryKnown Exploit

CVE-2023-20963

Android WorkSource Parcel Mismatch Leads to Privilege Escalation.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Android's WorkSource component could allow for local privilege escalation without user interaction. This impacts affected Android systems by enabling unauthorized access and modification of data and functions, posing a business risk.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2022-42948

Cobalt Strike UI Vulnerability Allows Remote Code Execution.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability exists in the Cobalt Strike user interface that allows for remote code execution. Attackers can exploit this by injecting specially crafted HTML, potentially impacting data confidentiality and operational integrity, posing a business risk.

NVD published: • CISA KEV