Exploited Vulnerabilities Catalog(557)


H  2024(177)  2023(189)  2022(113)  2021(179)  2020(128) 


Ivanti | Cloud Services Appliance (CSA)

CVE-2024-8963

Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability: Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.

Known To Be Used in Ransomware Campaigns? Unknown

Action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.

Date Added: 2024-09-19

  • Due Date: 2024-10-10

  • Additional Notes

    Apache | HugeGraph-Server

    CVE-2024-27348

    Apache HugeGraph-Server Improper Access Control Vulnerability: Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Additional Notes

    Microsoft | SQL Server

    CVE-2020-0618

    Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability: Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Additional Notes

    Oracle | ADF Faces

    CVE-2022-21445

    Oracle ADF Faces Deserialization of Untrusted Data Vulnerability: Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Additional Notes

    Oracle | WebLogic Server

    CVE-2020-14644

    Oracle WebLogic Server Remote Code Execution Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Additional Notes

    Adobe | Flash Player

    CVE-2014-0497

    Adobe Flash Player Integer Underflow Vulnerablity: Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

    Additional Notes

    Adobe | Flash Player

    CVE-2013-0643

    Adobe Flash Player Incorrect Default Permissions Vulnerability: Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

    Additional Notes

    Adobe | Flash Player

    CVE-2013-0648

    Adobe Flash Player Code Execution Vulnerability: Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

    Additional Notes

    Adobe | Flash Player

    CVE-2014-0502

    Adobe Flash Player Double Free Vulnerablity: Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

    Additional Notes

    Microsoft | Windows

    CVE-2024-43461

    Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Additional Notes

    Progress | WhatsUp Gold

    CVE-2024-6670

    Progress WhatsUp Gold SQL Injection Vulnerability: Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.

    Known To Be Used in Ransomware Campaigns? Known

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Additional Notes

    Ivanti | Cloud Services Appliance

    CVE-2024-8190

    Ivanti Cloud Services Appliance OS Command Injection Vulnerability: Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.

    Microsoft | Publisher

    CVE-2024-38226

    Microsoft Publisher Security Feature Bypass Vulnerability: Microsoft Publisher contains a security feature bypass vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-09-10

  • Due Date: 2024-10-01

  • Microsoft | Windows

    CVE-2024-43491

    Microsoft Windows Update Remote Code Execution Vulnerability: Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-09-10
  • Due Date: 2024-10-01

  • Microsoft | Windows

    CVE-2024-38014

    Microsoft Windows Installer Privilege Escalation Vulnerability : Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-09-10
  • Due Date: 2024-10-01

  • Microsoft | Windows

    CVE-2024-38217

    Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-09-10
  • Due Date: 2024-10-01

  • ImageMagick | ImageMagick

    CVE-2016-3714

    ImageMagick Improper Input Validation Vulnerability: ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-09-09
  • Due Date: 2024-09-30

  • Linux | Kernel

    CVE-2017-1000253

    Linux Kernel PIE Stack Buffer Corruption Vulnerability : Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.

    Known To Be Used in Ransomware Campaigns? Known

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-09-09
  • Due Date: 2024-09-30

  • SonicWall | SonicOS

    CVE-2024-40766

    SonicWall SonicOS Improper Access Control Vulnerability: SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-09-09
  • Due Date: 2024-09-30

  • DrayTek | VigorConnect

    CVE-2021-20123

    Draytek VigorConnect Path Traversal Vulnerability : Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-09-03
  • Due Date: 2024-09-24

  • DrayTek | VigorConnect

    CVE-2021-20124

    Draytek VigorConnect Path Traversal Vulnerability : Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-09-03
  • Due Date: 2024-09-24

  • Kingsoft | WPS Office

    CVE-2024-7262

    Kingsoft WPS Office Path Traversal Vulnerability: Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-09-03
  • Due Date: 2024-09-24

  • Google | Chromium V8

    CVE-2024-7965

    Google Chromium V8 Inappropriate Implementation Vulnerability: Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Date Added: 2024-08-28
  • Due Date: 2024-09-18

  •  

    Apache | OFBiz

    CVE-2024-38856

    Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Google | Chromium V8

    CVE-2024-7971

    Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Versa | Director

    CVE-2024-39717

    Versa Director Dangerous File Type Upload Vulnerability: The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

      Dahua | IP Camera Firmware

    CVE-2021-33044

    Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

      Dahua | IP Camera Firmware

    CVE-2021-33045

    Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

      Linux | Kernel

    CVE-2022-0185

    Linux Kernel Heap-Based Buffer Overflow: Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

      Microsoft | Exchange Server

    CVE-2021-31196

    Microsoft Exchange Server Information Disclosure Vulnerability: Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

      Jenkins | Jenkins Command Line Interface (CLI)

    CVE-2024-23897

    Jenkins Command Line Interface (CLI) Path Traversal Vulnerability: Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.

    Known To Be Used in Ransomware Campaigns? Known

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    SolarWinds | Web Help Desk CVE-2024-28986

    SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability: SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Windows CVE-2024-38107

    Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability: Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Windows CVE-2024-38106

    Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Windows CVE-2024-38193

    Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability: Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Windows CVE-2024-38213

    Microsoft Windows SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Windows CVE-2024-38178

    Microsoft Windows Scripting Engine Memory Corruption Vulnerability: Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Project CVE-2024-38189

    Microsoft Project Remote Code Execution Vulnerability : Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Apache | OFBiz CVE-2024-32113

    Apache OFBiz Path Traversal Vulnerability: Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Android | Kernel CVE-2024-36971

    Android Kernel Remote Code Execution Vulnerability: Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Windows CVE-2018-0824

    Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability: Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    VMware | ESXi CVE-2024-37085

    VMware ESXi Authentication Bypass Vulnerability: VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

    Known To Be Used in Ransomware Campaigns? Known

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Acronis | Cyber Infrastructure (ACI) CVE-2023-45249

    Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability: Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    ServiceNow | Utah, Vancouver, and Washington DC Now CVE-2024-5217

    ServiceNow Incomplete List of Disallowed Inputs Vulnerability: ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    ServiceNow | Utah, Vancouver, and Washington DC Now CVE-2024-4879

    ServiceNow Improper Input Validation Vulnerability: ServiceNow Utah, Vancouver, and Washington DC Now releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Twilio | Authy CVE-2024-39891

    Twilio Authy Information Disclosure Vulnerability: Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Internet Explorer CVE-2012-4792

    Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: The impacted product is end-of-life and should be disconnected if still in use.

    VMware | vCenter Server CVE-2022-22948

    VMware vCenter Server Incorrect Default File Permissions Vulnerability : VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    SolarWinds | Serv-U CVE-2024-28995

    SolarWinds Serv-U Path Traversal Vulnerability : SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Adobe | Commerce and Magento Open Source CVE-2024-34102

    Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability: Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    OSGeo | GeoServer CVE-2024-36401

    OSGeo GeoServer GeoTools Eval Injection Vulnerability: OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Rejetto | HTTP File Server CVE-2024-23692

    Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability: Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Windows CVE-2024-38080

    Microsoft Windows Hyper-V Privilege Escalation Vulnerability: Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Windows CVE-2024-38112

    Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Cisco | NX-OS CVE-2024-20399

    Cisco NX-OS Command Injection Vulnerability: Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Roundcube | Webmail CVE-2020-13965

    Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability: Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Linux | Kernel CVE-2022-2586

    Linux Kernel Use-After-Free Vulnerability: Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

    OSGeo | JAI-EXT CVE-2022-24816

    OSGeo GeoServer JAI-EXT Code Injection Vulnerability: OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Progress | Telerik Report Server CVE-2024-4358

    Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability: Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Microsoft | Windows CVE-2024-26169

    Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability: Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

    Known To Be Used in Ransomware Campaigns? Known

    Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

    Android | Pixel CVE-2024-32896

    Android Pixel Privilege Escalation Vulnerability: Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    PHP Group | PHP CVE-2024-4577

    PHP-CGI OS Command Injection Vulnerability: PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.

    Known To Be Used in Ransomware Campaigns? Known

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Arm | Mali GPU Kernel Driver CVE-2024-4610

    Arm Mali GPU Kernel Driver Use-After-Free Vulnerability: Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Oracle | WebLogic Server CVE-2017-3506

    Oracle WebLogic Server OS Command Injection Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Linux | Kernel CVE-2024-1086

    Linux Kernel Use-After-Free Vulnerability: Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.

    Known To Be Used in Ransomware Campaigns? Unknown

    Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

     

    CHECK POINT | QUANTUM SECURITY GATEWAYS

    CVE-2024-24919

    Check Point Quantum Security Gateways Information Disclosure Vulnerability

    Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

    Resources and Notes

    LINUX | KERNEL

    CVE-2024-1086

    Linux Kernel Use-After-Free Vulnerability

    Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.

    Resources and Notes

    JUSTICE AV SOLUTIONS | VIEWER

    CVE-2024-4978

    Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability

    Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2 server.

    Resources and Notes

    GOOGLE | CHROMIUM V8

    CVE-2024-5274

    Google Chromium V8 Type Confusion Vulnerability

    Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    APACHE | FLINK

    CVE-2020-17519

    Apache Flink Improper Access Control Vulnerability

    Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface.

    NEXTGEN HEALTHCARE | MIRTH CONNECT

    CVE-2023-43208

    NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability

    NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request.

    GOOGLE | CHROMIUM V8

    CVE-2024-4947

    Google Chromium V8 Type Confusion Vulnerability

    Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.

    D-LINK | DIR-600 ROUTER

    CVE-2014-100005

    D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability

    D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session.

    D-LINK | DIR-605 ROUTER

    CVE-2021-40655

    D-Link DIR-605 Router Information Disclosure Vulnerability

    D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.

    GOOGLE | CHROMIUM VISUALS

    CVE-2024-4761

    Google Chromium V8 Out-of-Bounds Memory Write Vulnerability

    Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    MICROSOFT | DWM CORE LIBRARY

    CVE-2024-30051

    Microsoft DWM Core Library Privilege Escalation Vulnerability

    Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.

    MICROSOFT | WINDOWS

    CVE-2024-30040

    Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability

    Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.

    GOOGLE | CHROMIUM

    CVE-2024-4671

    Google Chromium Visuals Use-After-Free Vulnerability

    Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    GITLAB | GITLAB CE/EE

    CVE-2023-7028

    GitLab Community and Enterprise Editions Improper Access Control Vulnerability

    GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

    MICROSOFT | SMARTSCREEN PROMPT

    CVE-2024-29988

    Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability

    Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file.

    CRUSHFTP | CRUSHFTP

    CVE-2024-4040

    CrushFTP VFS Sandbox Escape Vulnerability

    CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).

    CISCO | ADAPTIVE SECURITY APPLIANCE (ASA) AND FIREPOWER THREAT DEFENSE (FTD)

    CVE-2024-20359

    Cisco ASA and FTD Privilege Escalation Vulnerability

    Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.

    CISCO | ADAPTIVE SECURITY APPLIANCE (ASA) AND FIREPOWER THREAT DEFENSE (FTD)

    CVE-2024-20353

    Cisco ASA and FTD Denial of Service Vulnerability

    Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition.

    MICROSOFT | WINDOWS

    CVE-2022-38028

    Microsoft Windows Print Spooler Privilege Escalation Vulnerability

    Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.

    PALO ALTO NETWORKS | PAN-OS

    CVE-2024-3400

    Palo Alto Networks PAN-OS Command Injection Vulnerability

    Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

    D-LINK | MULTIPLE NAS DEVICES

    CVE-2024-3272

    D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability

    D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.

    D-LINK | MULTIPLE NAS DEVICES

    CVE-2024-3273

    D-Link Multiple NAS Devices Command Injection Vulnerability

    D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.

    ANDROID | PIXEL

    CVE-2024-29745

    Android Pixel Information Disclosure Vulnerability

    Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.

    ANDROID | PIXEL

    CVE-2024-29748

    Android Pixel Privilege Escalation Vulnerability

    Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.

    ANDROID | PIXEL

    CVE-2024-29745

    Android Pixel Information Disclosure Vulnerability

    Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.

    MICROSOFT | SHAREPOINT SERVER

    CVE-2023-24955

    Microsoft SharePoint Server Code Injection Vulnerability

    Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

    NICE | LINEAR EMERGE E3-SERIES

    CVE-2019-7256

    Nice Linear eMerge E3-Series OS Command Injection Vulnerability

    Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.

    IVANTI | ENDPOINT MANAGER CLOUD SERVICE APPLIANCE (EPM CSA)

    CVE-2021-44529

    Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability

    Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).

    FORTINET | FORTICLIENT EMS

    CVE-2023-48788

    Fortinet FortiClient EMS SQL Injection Vulnerability

    Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

    JETBRAINS | TEAMCITY

    CVE-2024-27198

    JetBrains TeamCity Authentication Bypass Vulnerability

    JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.

    APPLE | MULTIPLE PRODUCTS

    CVE-2024-23225

    Apple Multiple Products Memory Corruption Vulnerability

    Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

    APPLE | MULTIPLE PRODUCTS

    CVE-2024-23296

    Apple Multiple Products Memory Corruption Vulnerability

    Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

    ANDROID | PIXEL

    CVE-2023-21237

    Android Pixel Information Disclosure Vulnerability

    Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.

    SUNHILLO | SURELINE

    CVE-2021-36380

    Sunhillo SureLine OS Command Injection Vulnerablity

    Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi.

    MICROSOFT | WINDOWS

    CVE-2024-21338

    Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability

    Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

    MICROSOFT | STREAMING SERVICE

    CVE-2023-29360

    Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability

    Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

    CONNECTWISE | SCREENCONNECT

    CVE-2024-1709

    ConnectWise ScreenConnect Authentication Bypass Vulnerability

    ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

    CISCO | ADAPTIVE SECURITY APPLIANCE (ASA) AND FIREPOWER THREAT DEFENSE (FTD)

    CVE-2020-3259

    Cisco ASA and FTD Information Disclosure Vulnerability

    Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations.

    MICROSOFT | EXCHANGE SERVER

    CVE-2024-21410

    Microsoft Exchange Server Privilege Escalation Vulnerability

    Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

    MICROSOFT | WINDOWS

    CVE-2024-21412

    Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability

    Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.

    MICROSOFT | WINDOWS

    CVE-2024-21351

    Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

    Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

    ROUNDCUBE | WEBMAIL

    CVE-2023-43770

    Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

    Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages.

    FORTINET | FORTIOS

    CVE-2024-21762

    Fortinet FortiOS Out-of-Bound Write Vulnerability

    Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.

    GOOGLE | CHROMIUM V8

    CVE-2023-4762

    Google Chromium V8 Type Confusion Vulnerability

    Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    APPLE | MULTIPLE PRODUCTS

    CVE-2022-48618

    Apple Multiple Products Memory Corruption Vulnerability

    Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.

    IVANTI | CONNECT SECURE, POLICY SECURE, AND NEURONS

    CVE-2024-21893

    Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability

    Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.

    ATLASSIAN | CONFLUENCE DATA CENTER AND SERVER

    CVE-2023-22527

    Atlassian Confluence Data Center and Server Template Injection Vulnerability

    Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

    APPLE | MULTIPLE PRODUCTS

    CVE-2024-23222

    Apple Multiple Products Type Confusion Vulnerability

    Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content.

    VMWARE | VCENTER SERVER

    CVE-2023-34048

    VMware vCenter Server Out-of-Bounds Write Vulnerability

    VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.

    IVANTI | ENDPOINT MANAGER MOBILE (EPMM) AND MOBILEIRON CORE

    CVE-2023-35082

    Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

    Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

    GOOGLE | CHROMIUM V8

    CVE-2024-0519

    Google Chromium V8 Out-of-Bounds Memory Access Vulnerability

    Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    CITRIX | NETSCALER ADC AND NETSCALER GATEWAY

    CVE-2023-6549

    Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

    Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

    CITRIX | NETSCALER ADC AND NETSCALER GATEWAY

    CVE-2023-6548

    Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability

    Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.

    LARAVEL | LARAVEL FRAMEWORK

    CVE-2018-15133

    Laravel Deserialization of Untrusted Data Vulnerability

    Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).

    MICROSOFT | SHAREPOINT SERVER

    CVE-2023-29357

    Microsoft SharePoint Server Privilege Escalation Vulnerability

    Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

    IVANTI | CONNECT SECURE AND POLICY SECURE

    CVE-2023-46805

    Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability

    Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.

    IVANTI | CONNECT SECURE AND POLICY SECURE

    CVE-2024-21887

    Ivanti Connect Secure and Policy Secure Command Injection Vulnerability

    Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.

    JOOMLA! | JOOMLA!

    CVE-2023-23752

    Joomla! Improper Access Control Vulnerability

    Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints.

    D-LINK | DSL-2750B DEVICES

    CVE-2016-20017

    D-Link DSL-2750B Devices Command Injection Vulnerability

    D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.

    APPLE | MULTIPLE PRODUCTS

    CVE-2023-41990

    Apple Multiple Products Code Execution Vulnerability

    Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.

    APACHE | SUPERSET

    CVE-2023-27524

    Apache Superset Insecure Default Initialization of Resource Vulnerability

    Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.

    ADOBE | COLDFUSION

    CVE-2023-29300

    Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

    Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

    ADOBE | COLDFUSION

    CVE-2023-38203

    Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

    Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

    SPREADSHEET::PARSEEXCEL | SPREADSHEET::PARSEEXCEL

    CVE-2023-7101

    Spreadsheet::ParseExcel Remote Code Execution Vulnerability

    Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.

    GOOGLE | CHROMIUM WEBRTC

    CVE-2023-7024

    Google Chromium WebRTC Heap Buffer Overflow Vulnerability

    Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.

    FXC | AE1021, AE1021PE

    CVE-2023-49897

    FXC AE1021, AE1021PE OS Command Injection Vulnerability

    FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network.

    QNAP | VIOSTOR NVR

    CVE-2023-47565

    QNAP VioStor NVR OS Command Injection Vulnerability

    QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.

    UNITRONICS | VISION PLC AND HMI

    CVE-2023-6448

    Unitronics Vision PLC and HMI Insecure Default Password Vulnerability

    Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.

    QLIK | SENSE

    CVE-2023-41266

    Qlik Sense Path Traversal Vulnerability

    Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

    QLIK | SENSE

    CVE-2023-41265

    Qlik Sense HTTP Tunneling Vulnerability

    Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

    QUALCOMM | MULTIPLE CHIPSETS

    CVE-2023-33107

    Qualcomm Multiple Chipsets Integer Overflow Vulnerability

    Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

    QUALCOMM | MULTIPLE CHIPSETS

    CVE-2023-33106

    Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability

    Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

    QUALCOMM | MULTIPLE CHIPSETS

    CVE-2023-33063

    Qualcomm Multiple Chipsets Use-After-Free Vulnerability

    Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP.

    QUALCOMM | MULTIPLE CHIPSETS

    CVE-2022-22071

    Qualcomm Multiple Chipsets Use-After-Free Vulnerability

    Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.

    APPLE | MULTIPLE PRODUCTS

    CVE-2023-42917

    Apple Multiple Products WebKit Memory Corruption Vulnerability

    Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content.

    APPLE | MULTIPLE PRODUCTS

    CVE-2023-42916

    Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

    Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content.

    GOOGLE | CHROMIUM SKIA

    CVE-2023-6345

    Google Skia Integer Overflow Vulnerability

    Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

    OWNCLOUD | OWNCLOUD GRAPHAPI

    CVE-2023-49103

    ownCloud graphapi Information Disclosure Vulnerability

    ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials.

    GNU | GNU C LIBRARY

    CVE-2023-4911

    GNU C Library Buffer Overflow Vulnerability

    GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

    MICROSOFT | WINDOWS

    CVE-2023-36584

    Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

    Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

    SOPHOS | WEB APPLIANCE

    CVE-2023-1671

    Sophos Web Appliance Command Injection Vulnerability

    Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.

    ORACLE | FUSION MIDDLEWARE

    CVE-2020-2551

    Oracle Fusion Middleware Unspecified Vulnerability

    Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.

    MICROSOFT | WINDOWS

    CVE-2023-36033

    Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability

    Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

    MICROSOFT | WINDOWS

    CVE-2023-36025

    Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

    Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts.

    MICROSOFT | WINDOWS

    CVE-2023-36036

    Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability

    Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.

    SYSAID | SYSAID SERVER

    CVE-2023-47246

    SysAid Server Path Traversal Vulnerability

    SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution.

    JUNIPER | JUNOS OS

    CVE-2023-36844

    Juniper Junos OS EX Series PHP External Variable Modification Vulnerability

    Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to partial loss of integrity, which may allow chaining to other vulnerabilities.

    JUNIPER | JUNOS OS

    CVE-2023-36845

    Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability

    Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the PHP execution environment allowing the injection und execution of code.

    JUNIPER | JUNOS OS

    CVE-2023-36846

    Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

    Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

    JUNIPER | JUNOS OS

    CVE-2023-36847

    Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability

    Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

    JUNIPER | JUNOS OS

    CVE-2023-36851

    Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

    Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

    IETF | SERVICE LOCATION PROTOCOL (SLP)

    CVE-2023-29552

    Service Location Protocol (SLP) Denial-of-Service Vulnerability

    The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.

    ATLASSIAN | CONFLUENCE DATA CENTER AND SERVER

    CVE-2023-22518

    Atlassian Confluence Data Center and Server Improper Authorization Vulnerability

    Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data.

    APACHE | ACTIVEMQ

    CVE-2023-46604

    Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

    Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

    F5 | BIG-IP CONFIGURATION UTILITY

    CVE-2023-46748

    F5 BIG-IP Configuration Utility SQL Injection Vulnerability

    F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.

    F5 | BIG-IP CONFIGURATION UTILITY

    CVE-2023-46747

    F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability

    F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.

    ROUNDCUBE | WEBMAIL

    CVE-2023-5631

    Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

    Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code.

    CISCO | CISCO IOS XE WEB UI

    CVE-2023-20273

    Cisco IOS XE Web UI Command Injection Vulnerability

    Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.

    CITRIX | NETSCALER ADC AND NETSCALER GATEWAY

    CVE-2023-4966

    Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

    Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

    CISCO | IOS XE WEB UI

    CVE-2023-20198

    Cisco IOS XE Web UI Privilege Escalation Vulnerability

    Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.

    ADOBE | ACROBAT AND READER

    CVE-2023-21608

    Adobe Acrobat and Reader Use-After-Free Vulnerability

    Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.

    CISCO | IOS AND IOS XE

    CVE-2023-20109

    Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability

    Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash.

    MICROSOFT | SKYPE FOR BUSINESS

    CVE-2023-41763

    Microsoft Skype for Business Privilege Escalation Vulnerability

    Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.

    MICROSOFT | WORDPAD

    CVE-2023-36563

    Microsoft WordPad Information Disclosure Vulnerability

    Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.

    IETF | HTTP/2

    CVE-2023-44487

    HTTP/2 Rapid Reset Attack Vulnerability

    HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).

    ATLASSIAN | CONFLUENCE DATA CENTER AND SERVER

    CVE-2023-22515

    Atlassian Confluence Data Center and Server Broken Access Control Vulnerability

    Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.

    PROGRESS | WS_FTP SERVER

    CVE-2023-40044

    Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

    Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.

    APPLE | IOS AND IPADOS

    CVE-2023-42824

    Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability

    Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.

    JETBRAINS | TEAMCITY

    CVE-2023-42793

    JetBrains TeamCity Authentication Bypass Vulnerability

    JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.

    MICROSOFT | WINDOWS CNG KEY ISOLATION SERVICE

    CVE-2023-28229

    Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

    Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.

    ARM | MALI GPU KERNEL DRIVER

    CVE-2023-4211

    Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

    Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.

    GOOGLE | CHROMIUM LIBVPX

    CVE-2023-5217

    Google Chromium libvpx Heap Buffer Overflow Vulnerability

    Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

    RED HAT | JBOSS RICHFACES FRAMEWORK

    CVE-2018-14667

    Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

    Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

    APPLE | MULTIPLE PRODUCTS

    CVE-2023-41991

    Apple Multiple Products Improper Certificate Validation Vulnerability

    Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.

    APPLE | MULTIPLE PRODUCTS

    CVE-2023-41992

    Apple Multiple Products Kernel Privilege Escalation Vulnerability

    Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.

    APPLE | MULTIPLE PRODUCTS

    CVE-2023-41993

    Apple Multiple Products WebKit Code Execution Vulnerability

    Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content.

    TREND MICRO | APEX ONE AND WORRY-FREE BUSINESS SECURITY

    CVE-2023-41179

    Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability

    Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

    MINIO | MINIO

    CVE-2023-28434

    MinIO Security Feature Bypass Vulnerability

    MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket` to conduct privilege escalation. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access.

    SAMSUNG | MOBILE DEVICES

    CVE-2022-22265

    Samsung Mobile Devices Use-After-Free Vulnerability

    Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.

    REALTEK | SDK

    CVE-2014-8361

    Realtek SDK Improper Input Validation Vulnerability

    Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.

    ZYXEL | EMG2926 ROUTERS

    CVE-2017-6884

    Zyxel EMG2926 Routers Command Injection Vulnerability

    Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

    LARAVEL | IGNITION

    CVE-2021-3129

    Laravel Ignition File Upload Vulnerability

    Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().

    ADOBE | ACROBAT AND READER

    CVE-2023-26369

    Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability

    Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.