Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CISA known exploited database update #560

Merged
merged 1 commit into from
Apr 2, 2023
Merged

CISA known exploited database update #560

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions config/known_exploited_vulnerabilities.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,7 +347,7 @@
"CVE-2020-5722","Grandstream","UCM6200","Grandstream Networks UCM6200 Series SQL Injection Vulnerability","2022-01-28","Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root.","Apply updates per vendor instructions.","2022-07-28",""
"CVE-2020-0787","Microsoft","Windows","Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability","2022-01-28","Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.","Apply updates per vendor instructions.","2022-07-28",""
"CVE-2017-5689","Intel","Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability","Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability","2022-01-28","Intel products contain a vulnerability which can allow attackers to perform privilege escalation.","Apply updates per vendor instructions.","2022-07-28",""
"CVE-2014-1776","Microsoft","Internet Explorer","Microsoft Internet Explorer Use-After-Free Vulnerability","2022-01-28","Microsoft Internet Explorer 6 - 11 contains a use-after-free vulnerability which can allow for arbitrary code execution or denial of service.","Apply updates per vendor instructions.","2022-07-28",""
"CVE-2014-1776","Microsoft","Internet Explorer","Microsoft Internet Explorer Memory Corruption Vulnerability","2022-01-28","Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.","Apply updates per vendor instructions.","2022-07-28","https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-021?redirectedfrom=MSDN"
"CVE-2014-6271","GNU","Bourne-Again Shell (Bash)","GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability","2022-01-28","GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.","Apply updates per vendor instructions.","2022-07-28",""
"CVE-2014-7169","GNU","Bourne-Again Shell (Bash)","GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability","2022-01-28","GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271.","Apply updates per vendor instructions.","2022-07-28",""
"CVE-2022-21882","Microsoft","Win32k","Microsoft Win32k Privilege Escalation Vulnerability","2022-02-04","Microsoft Win32k contains an unspecified vulnerability which allows for privilege escalation.","Apply updates per vendor instructions.","2022-02-18",""
Expand Down Expand Up @@ -891,7 +891,16 @@
"CVE-2022-35914","Teclib","GLPI","Teclib GLPI Remote Code Execution Vulnerability","2023-03-07","Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.","Apply updates per vendor instructions.","2023-03-28","https://glpi-project.org/fr/glpi-10-0-3-disponible/, http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed."
"CVE-2021-39144","XStream","XStream","XStream Remote Code Execution Vulnerability","2023-03-10","XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.","Apply updates per vendor instructions.","2023-03-31","https://www.vmware.com/security/advisories/VMSA-2022-0027.html, https://x-stream.github.io/CVE-2021-39144.html"
"CVE-2020-5741","Plex","Media Server","Plex Media Server Remote Code Execution Vulnerability","2023-03-10","Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.","Apply updates per vendor instructions.","2023-03-31","https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819"
"CVE-2023-23397","Microsoft","Office","Microsoft Office Outlook Privilege Escalation Vulnerability","2023-03-14","Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.","Apply updates per vendor instructions.","2023-04-04","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/"
"CVE-2023-23397","Microsoft","Office","Microsoft Office Outlook Privilege Escalation Vulnerability","2023-03-14","Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.","Apply updates per vendor instructions.","2023-04-04","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/,"
"CVE-2023-24880","Microsoft","Windows","Microsoft Windows SmartScreen Security Feature Bypass Vulnerability","2023-03-14","Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.","Apply updates per vendor instructions.","2023-04-04","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880"
"CVE-2022-41328","Fortinet","FortiOS","Fortinet FortiOS Path Traversal Vulnerability","2023-03-14","Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.","Apply updates per vendor instructions.","2023-04-04","https://www.fortiguard.com/psirt/FG-IR-22-369"
"CVE-2023-26360","Adobe","ColdFusion","Adobe ColdFusion Improper Access Control Vulnerability","2023-03-15","Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution.","Apply updates per vendor instructions.","2023-04-05","https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html"
"CVE-2013-3163","Microsoft","Internet Explorer","Microsoft Internet Explorer Memory Corruption Vulnerability","2023-03-30","Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.","The impacted product is end-of-life and should be disconnected if still in use.","2023-04-20","https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055"
"CVE-2017-7494","Samba","Samba","Samba Remote Code Execution Vulnerability","2023-03-30","Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.","Apply updates per vendor instructions.","2023-04-20","https://www.samba.org/samba/security/CVE-2017-7494.html"
"CVE-2022-42948","Fortra","Cobalt Strike","Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability","2023-03-30","Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.","Apply updates per vendor instructions.","2023-04-20","https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/"
"CVE-2022-39197","Fortra","Cobalt Strike","Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability","2023-03-30","Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.","Apply updates per vendor instructions.","2023-04-20","https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/"
"CVE-2021-30900","Apple","iOS, iPadOS, and macOS","Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability","2023-03-30","Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.","Apply updates per vendor instructions.","2023-04-20","https://support.apple.com/en-us/HT21286, https://support.apple.com/en-us/HT212868, https://support.apple.com/kb/HT212872"
"CVE-2022-38181","Arm","Mali Graphics Processing Unit (GPU)","Arm Mali GPU Kernel Driver Use-After-Free Vulnerability","2023-03-30","Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.","Apply updates per vendor instructions.","2023-04-20","https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
"CVE-2023-0266","Linux","Kernel","Linux Kernel Use-After-Free Vulnerability","2023-03-30","Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.","Apply updates per vendor instructions.","2023-04-20","https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4"
"CVE-2022-3038","Google","Chrome","Google Chrome Use-After-Free Vulnerability","2023-03-30","Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption.","Apply updates per vendor instructions.","2023-04-20","https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html"
"CVE-2022-22706","Arm","Mali Graphics Processing Unit (GPU)","Arm Mali GPU Kernel Driver Unspecified Vulnerability","2023-03-30","Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.","Apply updates per vendor instructions.","2023-04-20","https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"