Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CISA known exploited database update #512

Merged
merged 1 commit into from
Mar 5, 2023
Merged

CISA known exploited database update #512

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions config/known_exploited_vulnerabilities.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -877,3 +877,12 @@
"CVE-2015-2291","Intel","Ethernet Diagnostics Driver for Windows","Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability","2023-02-10","Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service.","Apply updates per vendor instructions.","2023-03-03","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html"
"CVE-2022-24990","TerraMaster","TerraMaster OS","TerraMaster OS Remote Command Execution Vulnerability","2023-02-10","TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.","Apply updates per vendor instructions.","2023-03-03","https://forum.terra-master.com/en/viewtopic.php?t=3030"
"CVE-2023-0669","Fortra","GoAnywhere MFT","Fortra GoAnywhere MFT Remote Code Execution Vulnerability","2023-02-10","Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.","Apply updates per vendor instructions.","2023-03-03","Fortra users must have an account in order to login and access the patch. https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml"
"CVE-2023-21715","Microsoft","Office","Microsoft Office Publisher Security Feature Bypass Vulnerability","2023-02-14","Microsoft Office Publisher contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system.","Apply updates per vendor instructions.","2023-03-07","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715"
"CVE-2023-23376","Microsoft","Windows","Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability","2023-02-14","Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation.","Apply updates per vendor instructions.","2023-03-07","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376"
"CVE-2023-23529","Apple","Multiple Products","Apple Multiple Products WebKit Type Confusion Vulnerability","2023-02-14","WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution.","Apply updates per vendor instructions.","2023-03-07","https://support.apple.com/en-us/HT213635, https://support.apple.com/en-us/HT213633, https://support.apple.com/en-us/HT213638"
"CVE-2023-21823","Microsoft","Windows","Microsoft Windows Graphic Component Privilege Escalation Vulnerability","2023-02-14","Microsoft Windows Graphic Component contains an unspecified vulnerability which allows for privilege escalation.","Apply updates per vendor instructions.","2023-03-07","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823"
"CVE-2022-46169","Cacti","Cacti","Cacti Command Injection Vulnerability","2023-02-16","Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.","Apply updates per vendor instructions.","2023-03-09","https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf"
"CVE-2022-47986","IBM","Aspera Faspex","IBM Aspera Faspex Code Execution Vulnerability","2023-02-21","IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.","Apply updates per vendor instructions.","2023-03-14","https://exchange.xforce.ibmcloud.com/vulnerabilities/243512?_ga=2.189195179.1800390251.1676559338-700333034.1676325890"
"CVE-2022-41223","Mitel","MiVoice Connect","Mitel MiVoice Connect Code Injection Vulnerability","2023-02-21","The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.","Apply updates per vendor instructions.","2023-03-14","https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008"
"CVE-2022-40765","Mitel","MiVoice Connect","Mitel MiVoice Connect Command Injection Vulnerability","2023-02-21","The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.","Apply updates per vendor instructions.","2023-03-14","https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007"
"CVE-2022-36537","ZK Framework","AuUploader","ZK Framework AuUploader Unspecified Vulnerability","2023-02-27","ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.","Apply updates per vendor instructions.","2023-03-20","https://tracker.zkoss.org/browse/ZK-5150"