Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CISA known exploited database update #671

Merged
merged 1 commit into from
Jun 25, 2023
Merged

CISA known exploited database update #671

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions config/known_exploited_vulnerabilities.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -945,3 +945,14 @@
"CVE-2023-33010","Zyxel","Multiple Firewalls","Zyxel Multiple Firewalls Buffer Overflow Vulnerability","2023-06-05","Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.","Apply updates per vendor instructions.","2023-06-26","https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
"CVE-2023-3079","Google","Chromium V8 Engine","Google Chromium V8 Type Confusion Vulnerability","2023-06-07","Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.","Apply updates per vendor instructions.","2023-06-28","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html"
"CVE-2023-27997","Fortinet","FortiOS and FortiProxy SSL-VPN","Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability","2023-06-13","Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.","Apply updates per vendor instructions.","2023-07-04","https://www.fortiguard.com/psirt/FG-IR-23-097"
"CVE-2023-20887","VMware","Aria Operations for Networks","Vmware Aria Operations for Networks Command Injection Vulnerability","2023-06-22","VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.","Apply updates per vendor instructions.","2023-07-13","https://www.vmware.com/security/advisories/VMSA-2023-0012.html"
"CVE-2020-35730","Roundcube","Roundcube Webmail","Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability","2023-06-22","Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.","Apply updates per vendor instructions.","2023-07-13","https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2.13"
"CVE-2020-12641","Roundcube","Roundcube Webmail","Roundcube Webmail Remote Code Execution Vulnerability","2023-06-22","Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.","Apply updates per vendor instructions.","2023-07-13","https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10"
"CVE-2021-44026","Roundcube","Roundcube Webmail","Roundcube Webmail SQL Injection Vulnerability","2023-06-22","Roundcube Webmail is vulnerable to SQL injection via search or search_params.","Apply updates per vendor instructions.","2023-07-13","https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released"
"CVE-2016-9079","Mozilla","Firefox, Firefox ESR, and Thunderbird","Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability","2023-06-22","Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.","Apply updates per vendor instructions.","2023-07-13","https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079"
"CVE-2016-0165","Microsoft","Win32k","Microsoft Win32k Privilege Escalation Vulnerability","2023-06-22","Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.","Apply updates per vendor instructions.","2023-07-13","https://learn.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039"
"CVE-2023-32434","Apple","Multiple Products","Apple Multiple Products Integer Overflow Vulnerability","2023-06-23","Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.","Apply updates per vendor instructions.","2023-07-14","https://support.apple.com/en-us/HT213808 , https://support.apple.com/en-us/HT213812 , https://support.apple.com/en-us/HT213809 , https://support.apple.com/en-us/HT213810 , https://support.apple.com/en-us/HT213813 , https://support.apple.com/en-us/HT213811 , https://support.apple.com/en-us/HT213814"
"CVE-2023-32435","Apple","iOS and macOS","Apple iOS and iPadOS WebKit Memory Corruption Vulnerability","2023-06-23","Apple iOS and iPadOS WebKit contain a memory corruption vulnerability that leads to code execution when processing web content.","Apply updates per vendor instructions.","2023-07-14","https://support.apple.com/en-us/HT213811"
"CVE-2023-32439","Apple","Multiple Products","Apple Multiple Products WebKit Type Confusion Vulnerability","2023-06-23","Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content.","Apply updates per vendor instructions.","2023-07-14","https://support.apple.com/en-us/HT213813 , https://support.apple.com/en-us/HT213811 , https://support.apple.com/en-us/HT213814 , https://support.apple.com/en-us/HT213816"
"CVE-2023-20867","VMware","Tools","VMware Tools Authentication Bypass Vulnerability","2023-06-23","VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability.","Apply updates per vendor instructions.","2023-07-14","https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
"CVE-2023-27992","Zyxel","Multiple Network-Attached Storage (NAS) Devices","Zyxel Multiple NAS Devices Command Injection Vulnerability","2023-06-23","Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.","Apply updates per vendor instructions.","2023-07-14","https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products"