diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv index 6a77babfe..786509062 100644 --- a/config/known_exploited_vulnerabilities.csv +++ b/config/known_exploited_vulnerabilities.csv @@ -904,3 +904,9 @@ "CVE-2023-0266","Linux","Kernel","Linux Kernel Use-After-Free Vulnerability","2023-03-30","Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.","Apply updates per vendor instructions.","2023-04-20","https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4" "CVE-2022-3038","Google","Chrome","Google Chrome Use-After-Free Vulnerability","2023-03-30","Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption.","Apply updates per vendor instructions.","2023-04-20","https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" "CVE-2022-22706","Arm","Mali Graphics Processing Unit (GPU)","Arm Mali GPU Kernel Driver Unspecified Vulnerability","2023-03-30","Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.","Apply updates per vendor instructions.","2023-04-20","https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities" +"CVE-2022-27926","Zimbra","Collaboration (ZCS)","Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability","2023-04-03","Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.","Apply updates per vendor instructions.","2023-04-24","https://wiki.zimbra.com/wiki/Security_Center" +"CVE-2021-27876","Veritas","Backup Exec Agent","Veritas Backup Exec Agent File Access Vulnerability","2023-04-07","Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.","Apply updates per vendor instructions.","2023-04-28","https://www.veritas.com/support/en_US/security/VTS21-001" +"CVE-2021-27877","Veritas","Backup Exec Agent","Veritas Backup Exec Agent Improper Authentication Vulnerability","2023-04-07","Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.","Apply updates per vendor instructions.","2023-04-28","https://www.veritas.com/support/en_US/security/VTS21-001" +"CVE-2021-27878","Veritas","Backup Exec Agent","Veritas Backup Exec Agent Command Execution Vulnerability","2023-04-07","Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.","Apply updates per vendor instructions.","2023-04-28","https://www.veritas.com/support/en_US/security/VTS21-001" +"CVE-2019-1388","Microsoft","Windows","Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability","2023-04-07","Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.","Apply updates per vendor instructions.","2023-04-28","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388" +"CVE-2023-26083","Arm","Mali Graphics Processing Unit (GPU)","Arm Mali GPU Kernel Driver Information Disclosure Vulnerability","2023-04-07","Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.","Apply updates per vendor instructions.","2023-04-28","https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"