Exploited Vulnerabilities Catalog(557)


H  2024()  2023(189)  2022(113)  2021(179)  2020(128) 


PALO ALTO NETWORKS | PAN-OS

CVE-2024-3400

Palo Alto Networks PAN-OS Command Injection Vulnerability
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
  • Action: Users of affected devices should enable Threat Prevention Threat ID 95187 if that is available, otherwise, disable device telemetry until patches are available from the vendor, per vendor instructions.
  • Known To Be Used in Ransomware Campaigns?: Unknown
  • Date Added: 2024-04-12
  • Due Date: 2024-04-19
Resources and Notes
D-LINK | MULTIPLE NAS DEVICES

CVE-2024-3272

D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.
  • Action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
  • Known To Be Used in Ransomware Campaigns?: Unknown
  • Date Added: 2024-04-11
  • Due Date: 2024-05-02
Resources and Notes
D-LINK | MULTIPLE NAS DEVICES

CVE-2024-3273

D-Link Multiple NAS Devices Command Injection Vulnerability
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.
  • Action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
  • Known To Be Used in Ransomware Campaigns?: Unknown
  • Date Added: 2024-04-11
  • Due Date: 2024-05-02
Resources and Notes
ANDROID | PIXEL

CVE-2024-29745

Android Pixel Information Disclosure Vulnerability
Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.
  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Known To Be Used in Ransomware Campaigns?: Unknown
  • Date Added: 2024-04-04
  • Due Date: 2024-04-25

ANDROID | PIXEL

CVE-2024-29748

Android Pixel Privilege Escalation Vulnerability

Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-04-04

  • Due Date: 2024-04-25

Resources and Notes

ANDROID | PIXEL

CVE-2024-29745

Android Pixel Information Disclosure Vulnerability

Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-04-04

  • Due Date: 2024-04-25

Resources and Notes

MICROSOFT | SHAREPOINT SERVER

CVE-2023-24955

Microsoft SharePoint Server Code Injection Vulnerability

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-03-26

  • Due Date: 2024-04-16

Resources and Notes

NICE | LINEAR EMERGE E3-SERIES

CVE-2019-7256

Nice Linear eMerge E3-Series OS Command Injection Vulnerability

Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.

  • Action: Contact the vendor for guidance on remediating firmware, per their advisory.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-03-25

  • Due Date: 2024-04-15

Resources and Notes

IVANTI | ENDPOINT MANAGER CLOUD SERVICE APPLIANCE (EPM CSA)

CVE-2021-44529

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-03-25

  • Due Date: 2024-04-15

Resources and Notes

FORTINET | FORTICLIENT EMS

CVE-2023-48788

Fortinet FortiClient EMS SQL Injection Vulnerability

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-03-25

  • Due Date: 2024-04-15

Resources and Notes

JETBRAINS | TEAMCITY

CVE-2024-27198

JetBrains TeamCity Authentication Bypass Vulnerability

JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-03-07

  • Due Date: 2024-03-28

Resources and Notes

APPLE | MULTIPLE PRODUCTS

CVE-2024-23225

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-03-06

  • Due Date: 2024-03-27

Resources and Notes

APPLE | MULTIPLE PRODUCTS

CVE-2024-23296

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-03-06

  • Due Date: 2024-03-27

Resources and Notes

ANDROID | PIXEL

CVE-2023-21237

Android Pixel Information Disclosure Vulnerability

Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-03-05

  • Due Date: 2024-03-26

Resources and Notes

SUNHILLO | SURELINE

CVE-2021-36380

Sunhillo SureLine OS Command Injection Vulnerablity

Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-03-05

  • Due Date: 2024-03-26

Resources and Notes

MICROSOFT | WINDOWS

CVE-2024-21338

Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-03-04

  • Due Date: 2024-03-25

Resources and Notes

MICROSOFT | STREAMING SERVICE

CVE-2023-29360

Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability

Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-02-29

  • Due Date: 2024-03-21

Resources and Notes

CONNECTWISE | SCREENCONNECT

CVE-2024-1709

ConnectWise ScreenConnect Authentication Bypass Vulnerability

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2024-02-22

  • Due Date: 2024-02-29

Resources and Notes

CISCO | ADAPTIVE SECURITY APPLIANCE (ASA) AND FIREPOWER THREAT DEFENSE (FTD)

CVE-2020-3259

Cisco ASA and FTD Information Disclosure Vulnerability

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2024-02-15

  • Due Date: 2024-03-07

Resources and Notes

MICROSOFT | EXCHANGE SERVER

CVE-2024-21410

Microsoft Exchange Server Privilege Escalation Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-02-15

  • Due Date: 2024-03-07

Resources and Notes

MICROSOFT | WINDOWS

CVE-2024-21412

Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability

Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-02-13

  • Due Date: 2024-03-05

Resources and Notes

MICROSOFT | WINDOWS

CVE-2024-21351

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-02-13

  • Due Date: 2024-03-05

Resources and Notes

ROUNDCUBE | WEBMAIL

CVE-2023-43770

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-02-12

  • Due Date: 2024-03-04

Resources and Notes

FORTINET | FORTIOS

CVE-2024-21762

Fortinet FortiOS Out-of-Bound Write Vulnerability

Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-02-09

  • Due Date: 2024-02-16

Resources and Notes

GOOGLE | CHROMIUM V8

CVE-2023-4762

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-02-06

  • Due Date: 2024-02-27

Resources and Notes

APPLE | MULTIPLE PRODUCTS

CVE-2022-48618

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-31

  • Due Date: 2024-02-21

Resources and Notes

IVANTI | CONNECT SECURE, POLICY SECURE, AND NEURONS

CVE-2024-21893

Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-31

  • Due Date: 2024-02-02

Resources and Notes

ATLASSIAN | CONFLUENCE DATA CENTER AND SERVER

CVE-2023-22527

Atlassian Confluence Data Center and Server Template Injection Vulnerability

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2024-01-24

  • Due Date: 2024-02-14

Resources and Notes

APPLE | MULTIPLE PRODUCTS

CVE-2024-23222

Apple Multiple Products Type Confusion Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-23

  • Due Date: 2024-02-13

Resources and Notes

VMWARE | VCENTER SERVER

CVE-2023-34048

VMware vCenter Server Out-of-Bounds Write Vulnerability

VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-22

  • Due Date: 2024-02-12

Resources and Notes

IVANTI | ENDPOINT MANAGER MOBILE (EPMM) AND MOBILEIRON CORE

CVE-2023-35082

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2024-01-18

  • Due Date: 2024-02-08

Resources and Notes

GOOGLE | CHROMIUM V8

CVE-2024-0519

Google Chromium V8 Out-of-Bounds Memory Access Vulnerability

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-17

  • Due Date: 2024-02-07

Resources and Notes

CITRIX | NETSCALER ADC AND NETSCALER GATEWAY

CVE-2023-6549

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-17

  • Due Date: 2024-02-07

Resources and Notes

CITRIX | NETSCALER ADC AND NETSCALER GATEWAY

CVE-2023-6548

Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-17

  • Due Date: 2024-01-24

Resources and Notes

LARAVEL | LARAVEL FRAMEWORK

CVE-2018-15133

Laravel Deserialization of Untrusted Data Vulnerability

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-16

  • Due Date: 2024-02-06

Resources and Notes

MICROSOFT | SHAREPOINT SERVER

CVE-2023-29357

Microsoft SharePoint Server Privilege Escalation Vulnerability

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-10

  • Due Date: 2024-01-31

Resources and Notes

IVANTI | CONNECT SECURE AND POLICY SECURE

CVE-2023-46805

Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-10

  • Due Date: 2024-01-22

Resources and Notes

IVANTI | CONNECT SECURE AND POLICY SECURE

CVE-2024-21887

Ivanti Connect Secure and Policy Secure Command Injection Vulnerability

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-10

  • Due Date: 2024-01-22

Resources and Notes

JOOMLA! | JOOMLA!

CVE-2023-23752

Joomla! Improper Access Control Vulnerability

Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-08

  • Due Date: 2024-01-29

Resources and Notes

D-LINK | DSL-2750B DEVICES

CVE-2016-20017

D-Link DSL-2750B Devices Command Injection Vulnerability

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-08

  • Due Date: 2024-01-29

Resources and Notes

APPLE | MULTIPLE PRODUCTS

CVE-2023-41990

Apple Multiple Products Code Execution Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-08

  • Due Date: 2024-01-29

Resources and Notes

APACHE | SUPERSET

CVE-2023-27524

Apache Superset Insecure Default Initialization of Resource Vulnerability

Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-08

  • Due Date: 2024-01-29

Resources and Notes

ADOBE | COLDFUSION

CVE-2023-29300

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-08

  • Due Date: 2024-01-29

Resources and Notes

ADOBE | COLDFUSION

CVE-2023-38203

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-08

  • Due Date: 2024-01-29

Resources and Notes

SPREADSHEET::PARSEEXCEL | SPREADSHEET::PARSEEXCEL

CVE-2023-7101

Spreadsheet::ParseExcel Remote Code Execution Vulnerability

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-02

  • Due Date: 2024-01-23

Resources and Notes

GOOGLE | CHROMIUM WEBRTC

CVE-2023-7024

Google Chromium WebRTC Heap Buffer Overflow Vulnerability

Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2024-01-02

  • Due Date: 2024-01-23

Resources and Notes

FXC | AE1021, AE1021PE

CVE-2023-49897

FXC AE1021, AE1021PE OS Command Injection Vulnerability

FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-12-21

  • Due Date: 2024-01-11

Resources and Notes

QNAP | VIOSTOR NVR

CVE-2023-47565

QNAP VioStor NVR OS Command Injection Vulnerability

QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-12-21

  • Due Date: 2024-01-11

Resources and Notes

UNITRONICS | VISION PLC AND HMI

CVE-2023-6448

Unitronics Vision PLC and HMI Insecure Default Password Vulnerability

Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-12-11

  • Due Date: 2023-12-18

Resources and Notes

QLIK | SENSE

CVE-2023-41266

Qlik Sense Path Traversal Vulnerability

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

  • Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2023-12-07

  • Due Date: 2023-12-28

Resources and Notes

QLIK | SENSE

CVE-2023-41265

Qlik Sense HTTP Tunneling Vulnerability

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

  • Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2023-12-07

  • Due Date: 2023-12-28

Resources and Notes

QUALCOMM | MULTIPLE CHIPSETS

CVE-2023-33107

Qualcomm Multiple Chipsets Integer Overflow Vulnerability

Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

  • Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-12-05

  • Due Date: 2023-12-26

Resources and Notes

QUALCOMM | MULTIPLE CHIPSETS

CVE-2023-33106

Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability

Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

  • Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-12-05

  • Due Date: 2023-12-26

Resources and Notes

QUALCOMM | MULTIPLE CHIPSETS

CVE-2023-33063

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP.

  • Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-12-05

  • Due Date: 2023-12-26

Resources and Notes

QUALCOMM | MULTIPLE CHIPSETS

CVE-2022-22071

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.

  • Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-12-05

  • Due Date: 2023-12-26

Resources and Notes

APPLE | MULTIPLE PRODUCTS

CVE-2023-42917

Apple Multiple Products WebKit Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content.

  • Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-12-04

  • Due Date: 2023-12-25

Resources and Notes

APPLE | MULTIPLE PRODUCTS

CVE-2023-42916

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content.

  • Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-12-04

  • Due Date: 2023-12-25

Resources and Notes

GOOGLE | CHROMIUM SKIA

CVE-2023-6345

Google Skia Integer Overflow Vulnerability

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-30

  • Due Date: 2023-12-21

Resources and Notes

OWNCLOUD | OWNCLOUD GRAPHAPI

CVE-2023-49103

ownCloud graphapi Information Disclosure Vulnerability

ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-30

  • Due Date: 2023-12-21

Resources and Notes

GNU | GNU C LIBRARY

CVE-2023-4911

GNU C Library Buffer Overflow Vulnerability

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-21

  • Due Date: 2023-12-12

Resources and Notes

MICROSOFT | WINDOWS

CVE-2023-36584

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-16

  • Due Date: 2023-12-07

Resources and Notes

SOPHOS | WEB APPLIANCE

CVE-2023-1671

Sophos Web Appliance Command Injection Vulnerability

Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-16

  • Due Date: 2023-12-07

Resources and Notes

ORACLE | FUSION MIDDLEWARE

CVE-2020-2551

Oracle Fusion Middleware Unspecified Vulnerability

Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-16

  • Due Date: 2023-12-07

Resources and Notes

MICROSOFT | WINDOWS

CVE-2023-36033

Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability

Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-14

  • Due Date: 2023-12-05

Resources and Notes

MICROSOFT | WINDOWS

CVE-2023-36025

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-14

  • Due Date: 2023-12-05

Resources and Notes

MICROSOFT | WINDOWS

CVE-2023-36036

Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability

Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-14

  • Due Date: 2023-12-05

Resources and Notes

SYSAID | SYSAID SERVER

CVE-2023-47246

SysAid Server Path Traversal Vulnerability

SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2023-11-13

  • Due Date: 2023-12-04

Resources and Notes

JUNIPER | JUNOS OS

CVE-2023-36844

Juniper Junos OS EX Series PHP External Variable Modification Vulnerability

Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to partial loss of integrity, which may allow chaining to other vulnerabilities.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-13

  • Due Date: 2023-11-17

Resources and Notes

JUNIPER | JUNOS OS

CVE-2023-36845

Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability

Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the PHP execution environment allowing the injection und execution of code.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-13

  • Due Date: 2023-11-17

Resources and Notes

JUNIPER | JUNOS OS

CVE-2023-36846

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-13

  • Due Date: 2023-11-17

Resources and Notes

JUNIPER | JUNOS OS

CVE-2023-36847

Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-13

  • Due Date: 2023-11-17

Resources and Notes

JUNIPER | JUNOS OS

CVE-2023-36851

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-13

  • Due Date: 2023-11-17

Resources and Notes

IETF | SERVICE LOCATION PROTOCOL (SLP)

CVE-2023-29552

Service Location Protocol (SLP) Denial-of-Service Vulnerability

The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.

  • Action: Apply mitigations per vendor instructions or disable SLP service or port 427/UDP on all systems running on untrusted networks, including those directly connected to the Internet.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-11-08

  • Due Date: 2023-11-29

Resources and Notes

ATLASSIAN | CONFLUENCE DATA CENTER AND SERVER

CVE-2023-22518

Atlassian Confluence Data Center and Server Improper Authorization Vulnerability

Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2023-11-07

  • Due Date: 2023-11-28

Resources and Notes

APACHE | ACTIVEMQ

CVE-2023-46604

Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2023-11-02

  • Due Date: 2023-11-23

Resources and Notes

F5 | BIG-IP CONFIGURATION UTILITY

CVE-2023-46748

F5 BIG-IP Configuration Utility SQL Injection Vulnerability

F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-31

  • Due Date: 2023-11-21

Resources and Notes

F5 | BIG-IP CONFIGURATION UTILITY

CVE-2023-46747

F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability

F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-31

  • Due Date: 2023-11-21

Resources and Notes

ROUNDCUBE | WEBMAIL

CVE-2023-5631

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-26

  • Due Date: 2023-11-16

Resources and Notes

CISCO | CISCO IOS XE WEB UI

CVE-2023-20273

Cisco IOS XE Web UI Command Injection Vulnerability

Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.

  • Action: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-23

  • Due Date: 2023-10-27

Resources and Notes

CITRIX | NETSCALER ADC AND NETSCALER GATEWAY

CVE-2023-4966

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

  • Action: Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2023-10-18

  • Due Date: 2023-11-08

Resources and Notes

CISCO | IOS XE WEB UI

CVE-2023-20198

Cisco IOS XE Web UI Privilege Escalation Vulnerability

Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.

  • Action: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-16

  • Due Date: 2023-10-20

Resources and Notes

ADOBE | ACROBAT AND READER

CVE-2023-21608

Adobe Acrobat and Reader Use-After-Free Vulnerability

Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-10

  • Due Date: 2023-10-31

Resources and Notes

CISCO | IOS AND IOS XE

CVE-2023-20109

Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability

Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-10

  • Due Date: 2023-10-31

Resources and Notes

MICROSOFT | SKYPE FOR BUSINESS

CVE-2023-41763

Microsoft Skype for Business Privilege Escalation Vulnerability

Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-10

  • Due Date: 2023-10-31

Resources and Notes

MICROSOFT | WORDPAD

CVE-2023-36563

Microsoft WordPad Information Disclosure Vulnerability

Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-10

  • Due Date: 2023-10-31

Resources and Notes

IETF | HTTP/2

CVE-2023-44487

HTTP/2 Rapid Reset Attack Vulnerability

HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-10

  • Due Date: 2023-10-31

Resources and Notes

ATLASSIAN | CONFLUENCE DATA CENTER AND SERVER

CVE-2023-22515

Atlassian Confluence Data Center and Server Broken Access Control Vulnerability

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2023-10-05

  • Due Date: 2023-10-13

Resources and Notes

PROGRESS | WS_FTP SERVER

CVE-2023-40044

Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2023-10-05

  • Due Date: 2023-10-26

Resources and Notes

APPLE | IOS AND IPADOS

CVE-2023-42824

Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability

Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-05

  • Due Date: 2023-10-26

Resources and Notes

JETBRAINS | TEAMCITY

CVE-2023-42793

JetBrains TeamCity Authentication Bypass Vulnerability

JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Known

  • Date Added: 2023-10-04

  • Due Date: 2023-10-25

Resources and Notes

MICROSOFT | WINDOWS CNG KEY ISOLATION SERVICE

CVE-2023-28229

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-04

  • Due Date: 2023-10-25

Resources and Notes

ARM | MALI GPU KERNEL DRIVER

CVE-2023-4211

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-03

  • Due Date: 2023-10-24

Resources and Notes

GOOGLE | CHROMIUM LIBVPX

CVE-2023-5217

Google Chromium libvpx Heap Buffer Overflow Vulnerability

Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-10-02

  • Due Date: 2023-10-23

Resources and Notes

RED HAT | JBOSS RICHFACES FRAMEWORK

CVE-2018-14667

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-28

  • Due Date: 2023-10-19

Resources and Notes

APPLE | MULTIPLE PRODUCTS

CVE-2023-41991

Apple Multiple Products Improper Certificate Validation Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-25

  • Due Date: 2023-10-16

Resources and Notes

APPLE | MULTIPLE PRODUCTS

CVE-2023-41992

Apple Multiple Products Kernel Privilege Escalation Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-25

  • Due Date: 2023-10-16

Resources and Notes

APPLE | MULTIPLE PRODUCTS

CVE-2023-41993

Apple Multiple Products WebKit Code Execution Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-25

  • Due Date: 2023-10-16

Resources and Notes

TREND MICRO | APEX ONE AND WORRY-FREE BUSINESS SECURITY

CVE-2023-41179

Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability

Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-21

  • Due Date: 2023-10-12

Resources and Notes

MINIO | MINIO

CVE-2023-28434

MinIO Security Feature Bypass Vulnerability

MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket` to conduct privilege escalation. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-19

  • Due Date: 2023-10-10

Resources and Notes

SAMSUNG | MOBILE DEVICES

CVE-2022-22265

Samsung Mobile Devices Use-After-Free Vulnerability

Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-18

  • Due Date: 2023-10-09

Resources and Notes

REALTEK | SDK

CVE-2014-8361

Realtek SDK Improper Input Validation Vulnerability

Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-18

  • Due Date: 2023-10-09

Resources and Notes

ZYXEL | EMG2926 ROUTERS

CVE-2017-6884

Zyxel EMG2926 Routers Command Injection Vulnerability

Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-18

  • Due Date: 2023-10-09

Resources and Notes

LARAVEL | IGNITION

CVE-2021-3129

Laravel Ignition File Upload Vulnerability

Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-18

  • Due Date: 2023-10-09

Resources and Notes

ADOBE | ACROBAT AND READER

CVE-2023-26369

Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability

Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.

  • Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

  • Known To Be Used in Ransomware Campaigns?: Unknown

  • Date Added: 2023-09-14

  • Due Date: 2023-10-05