Skip to content

Commit

Permalink
Merge pull request #671 from e-m-b-a/known_exploited_update
Browse files Browse the repository at this point in the history 
CISA known exploited database update
  • Loading branch information
@m-1-k-3
m-1-k-3 authored Jun 25, 2023
2 parents 3cad050 + b532a05 commit 50abe72
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions config/known_exploited_vulnerabilities.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -945,3 +945,14 @@
"CVE-2023-33010","Zyxel","Multiple Firewalls","Zyxel Multiple Firewalls Buffer Overflow Vulnerability","2023-06-05","Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.","Apply updates per vendor instructions.","2023-06-26","https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
"CVE-2023-3079","Google","Chromium V8 Engine","Google Chromium V8 Type Confusion Vulnerability","2023-06-07","Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.","Apply updates per vendor instructions.","2023-06-28","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html"
"CVE-2023-27997","Fortinet","FortiOS and FortiProxy SSL-VPN","Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability","2023-06-13","Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.","Apply updates per vendor instructions.","2023-07-04","https://www.fortiguard.com/psirt/FG-IR-23-097"
"CVE-2023-20887","VMware","Aria Operations for Networks","Vmware Aria Operations for Networks Command Injection Vulnerability","2023-06-22","VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.","Apply updates per vendor instructions.","2023-07-13","https://www.vmware.com/security/advisories/VMSA-2023-0012.html"
"CVE-2020-35730","Roundcube","Roundcube Webmail","Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability","2023-06-22","Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.","Apply updates per vendor instructions.","2023-07-13","https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2.13"
"CVE-2020-12641","Roundcube","Roundcube Webmail","Roundcube Webmail Remote Code Execution Vulnerability","2023-06-22","Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.","Apply updates per vendor instructions.","2023-07-13","https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10"
"CVE-2021-44026","Roundcube","Roundcube Webmail","Roundcube Webmail SQL Injection Vulnerability","2023-06-22","Roundcube Webmail is vulnerable to SQL injection via search or search_params.","Apply updates per vendor instructions.","2023-07-13","https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released"
"CVE-2016-9079","Mozilla","Firefox, Firefox ESR, and Thunderbird","Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability","2023-06-22","Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.","Apply updates per vendor instructions.","2023-07-13","https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079"
"CVE-2016-0165","Microsoft","Win32k","Microsoft Win32k Privilege Escalation Vulnerability","2023-06-22","Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.","Apply updates per vendor instructions.","2023-07-13","https://learn.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039"
"CVE-2023-32434","Apple","Multiple Products","Apple Multiple Products Integer Overflow Vulnerability","2023-06-23","Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.","Apply updates per vendor instructions.","2023-07-14","https://support.apple.com/en-us/HT213808 , https://support.apple.com/en-us/HT213812 , https://support.apple.com/en-us/HT213809 , https://support.apple.com/en-us/HT213810 , https://support.apple.com/en-us/HT213813 , https://support.apple.com/en-us/HT213811 , https://support.apple.com/en-us/HT213814"
"CVE-2023-32435","Apple","iOS and macOS","Apple iOS and iPadOS WebKit Memory Corruption Vulnerability","2023-06-23","Apple iOS and iPadOS WebKit contain a memory corruption vulnerability that leads to code execution when processing web content.","Apply updates per vendor instructions.","2023-07-14","https://support.apple.com/en-us/HT213811"
"CVE-2023-32439","Apple","Multiple Products","Apple Multiple Products WebKit Type Confusion Vulnerability","2023-06-23","Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content.","Apply updates per vendor instructions.","2023-07-14","https://support.apple.com/en-us/HT213813 , https://support.apple.com/en-us/HT213811 , https://support.apple.com/en-us/HT213814 , https://support.apple.com/en-us/HT213816"
"CVE-2023-20867","VMware","Tools","VMware Tools Authentication Bypass Vulnerability","2023-06-23","VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability.","Apply updates per vendor instructions.","2023-07-14","https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
"CVE-2023-27992","Zyxel","Multiple Network-Attached Storage (NAS) Devices","Zyxel Multiple NAS Devices Command Injection Vulnerability","2023-06-23","Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.","Apply updates per vendor instructions.","2023-07-14","https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products"

0 comments on commit 50abe72

Please sign in to comment.