Exploited Vulnerabilities Catalog(557)
H 2024(177) 2023(189) 2022(113) 2021(179) 2020(128)
Ivanti | Cloud Services Appliance (CSA)
CVE-2024-8963
Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability: Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.
Known To Be Used in Ransomware Campaigns? Unknown
Action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.
Date Added: 2024-09-19
Due Date: 2024-10-10
Apache | HugeGraph-Server
CVE-2024-27348
Apache HugeGraph-Server Improper Access Control Vulnerability: Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-09-18
Due Date: 2024-10-09
Microsoft | SQL Server
CVE-2020-0618
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability: Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-09-18
Due Date: 2024-10-09
Oracle | ADF Faces
CVE-2022-21445
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability: Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-09-18
Due Date: 2024-10-09
Oracle | WebLogic Server
CVE-2020-14644
Oracle WebLogic Server Remote Code Execution Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-09-18
Due Date: 2024-10-09
Adobe | Flash Player
CVE-2014-0497
Adobe Flash Player Integer Underflow Vulnerablity: Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Date Added: 2024-09-17
Due Date: 2024-10-08
Adobe | Flash Player
CVE-2013-0643
Adobe Flash Player Incorrect Default Permissions Vulnerability: Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Date Added: 2024-09-17
Due Date: 2024-10-08
Adobe | Flash Player
CVE-2013-0648
Adobe Flash Player Code Execution Vulnerability: Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Date Added: 2024-09-17
Due Date: 2024-10-08
Adobe | Flash Player
CVE-2014-0502
Adobe Flash Player Double Free Vulnerablity: Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Date Added: 2024-09-17
Due Date: 2024-10-08
Microsoft | Windows
CVE-2024-43461
Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-09-16
Due Date: 2024-10-07
Progress | WhatsUp Gold
CVE-2024-6670
Progress WhatsUp Gold SQL Injection Vulnerability: Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-09-16
Due Date: 2024-10-07
Ivanti | Cloud Services Appliance
CVE-2024-8190
Ivanti Cloud Services Appliance OS Command Injection Vulnerability: Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Known To Be Used in Ransomware Campaigns? Unknown
Action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.
Microsoft | Publisher
CVE-2024-38226
Microsoft Publisher Security Feature Bypass Vulnerability: Microsoft Publisher contains a security feature bypass vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-09-10
Due Date: 2024-10-01
Microsoft | Windows
CVE-2024-43491
Microsoft Windows Update Remote Code Execution Vulnerability: Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-10-01
Microsoft | Windows
CVE-2024-38014
Microsoft Windows Installer Privilege Escalation Vulnerability : Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-10-01
Microsoft | Windows
CVE-2024-38217
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-10-01
ImageMagick | ImageMagick
CVE-2016-3714
ImageMagick Improper Input Validation Vulnerability: ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-09-30
Linux | Kernel
CVE-2017-1000253
Linux Kernel PIE Stack Buffer Corruption Vulnerability : Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-09-30
SonicWall | SonicOS
CVE-2024-40766
SonicWall SonicOS Improper Access Control Vulnerability: SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-09-30
DrayTek | VigorConnect
CVE-2021-20123
Draytek VigorConnect Path Traversal Vulnerability : Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-09-24
DrayTek | VigorConnect
CVE-2021-20124
Draytek VigorConnect Path Traversal Vulnerability : Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-09-24
Kingsoft | WPS Office
CVE-2024-7262
Kingsoft WPS Office Path Traversal Vulnerability: Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-09-24
Google | Chromium V8
CVE-2024-7965
Google Chromium V8 Inappropriate Implementation Vulnerability: Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-09-18
Apache | OFBiz
CVE-2024-38856
Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-27
Due Date: 2024-09-17
Google | Chromium V8
CVE-2024-7971
Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-26
Due Date: 2024-09-16
Versa | Director
CVE-2024-39717
Versa Director Dangerous File Type Upload Vulnerability: The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-23
Due Date: 2024-09-13
Dahua | IP Camera Firmware
CVE-2021-33044
Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-21
Due Date: 2024-09-11
Dahua | IP Camera Firmware
CVE-2021-33045
Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-21
Due Date: 2024-09-11
Linux | Kernel
CVE-2022-0185
Linux Kernel Heap-Based Buffer Overflow: Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Date Added: 2024-08-21
Due Date: 2024-09-11
Microsoft | Exchange Server
CVE-2021-31196
Microsoft Exchange Server Information Disclosure Vulnerability: Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-21
Due Date: 2024-09-11
Jenkins | Jenkins Command Line Interface (CLI)
CVE-2024-23897
Jenkins Command Line Interface (CLI) Path Traversal Vulnerability: Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-19
Due Date: 2024-09-09
SolarWinds | Web Help Desk CVE-2024-28986
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability: SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-15
Due Date: 2024-09-05
Microsoft | Windows CVE-2024-38107
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability: Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-13
Due Date: 2024-09-03
Microsoft | Windows CVE-2024-38106
Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-13
Due Date: 2024-09-03
Microsoft | Windows CVE-2024-38193
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability: Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-13
Due Date: 2024-09-03
Microsoft | Windows CVE-2024-38213
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-13
Due Date: 2024-09-03
Microsoft | Windows CVE-2024-38178
Microsoft Windows Scripting Engine Memory Corruption Vulnerability: Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-13
Due Date: 2024-09-03
Microsoft | Project CVE-2024-38189
Microsoft Project Remote Code Execution Vulnerability : Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-13
Due Date: 2024-09-03
Apache | OFBiz CVE-2024-32113
Apache OFBiz Path Traversal Vulnerability: Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-07
Due Date: 2024-08-28
Android | Kernel CVE-2024-36971
Android Kernel Remote Code Execution Vulnerability: Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-07
Due Date: 2024-08-28
Microsoft | Windows CVE-2018-0824
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability: Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-08-05
Due Date: 2024-08-26
VMware | ESXi CVE-2024-37085
VMware ESXi Authentication Bypass Vulnerability: VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-30
Due Date: 2024-08-20
Acronis | Cyber Infrastructure (ACI) CVE-2023-45249
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability: Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-29
Due Date: 2024-08-19
ServiceNow | Utah, Vancouver, and Washington DC Now CVE-2024-5217
ServiceNow Incomplete List of Disallowed Inputs Vulnerability: ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-29
Due Date: 2024-08-19
ServiceNow | Utah, Vancouver, and Washington DC Now CVE-2024-4879
ServiceNow Improper Input Validation Vulnerability: ServiceNow Utah, Vancouver, and Washington DC Now releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-29
Due Date: 2024-08-19
Twilio | Authy CVE-2024-39891
Twilio Authy Information Disclosure Vulnerability: Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-23
Due Date: 2024-08-13
Microsoft | Internet Explorer CVE-2012-4792
Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life and should be disconnected if still in use.
Date Added: 2024-07-23
Due Date: 2024-08-13
VMware | vCenter Server CVE-2022-22948
VMware vCenter Server Incorrect Default File Permissions Vulnerability : VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-17
Due Date: 2024-08-07
SolarWinds | Serv-U CVE-2024-28995
SolarWinds Serv-U Path Traversal Vulnerability : SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-17
Due Date: 2024-08-07
Adobe | Commerce and Magento Open Source CVE-2024-34102
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability: Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-17
Due Date: 2024-08-07
OSGeo | GeoServer CVE-2024-36401
OSGeo GeoServer GeoTools Eval Injection Vulnerability: OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-15
Due Date: 2024-08-05
Rejetto | HTTP File Server CVE-2024-23692
Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability: Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-09
Due Date: 2024-07-30
Microsoft | Windows CVE-2024-38080
Microsoft Windows Hyper-V Privilege Escalation Vulnerability: Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-09
Due Date: 2024-07-30
Microsoft | Windows CVE-2024-38112
Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-09
Due Date: 2024-07-30
Cisco | NX-OS CVE-2024-20399
Cisco NX-OS Command Injection Vulnerability: Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-07-02
Due Date: 2024-07-23
Roundcube | Webmail CVE-2020-13965
Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability: Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-06-26
Due Date: 2024-07-17
Linux | Kernel CVE-2022-2586
Linux Kernel Use-After-Free Vulnerability: Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Date Added: 2024-06-26
Due Date: 2024-07-17
OSGeo | JAI-EXT CVE-2022-24816
OSGeo GeoServer JAI-EXT Code Injection Vulnerability: OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-06-26
Due Date: 2024-07-17
Progress | Telerik Report Server CVE-2024-4358
Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability: Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-06-13
Due Date: 2024-07-04
Microsoft | Windows CVE-2024-26169
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability: Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Date Added: 2024-06-13
Due Date: 2024-07-04
Android | Pixel CVE-2024-32896
Android Pixel Privilege Escalation Vulnerability: Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-06-13
Due Date: 2024-07-04
PHP Group | PHP CVE-2024-4577
PHP-CGI OS Command Injection Vulnerability: PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-06-12
Due Date: 2024-07-03
Arm | Mali GPU Kernel Driver CVE-2024-4610
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability: Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-06-12
Due Date: 2024-07-03
Oracle | WebLogic Server CVE-2017-3506
Oracle WebLogic Server OS Command Injection Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-06-03
Due Date: 2024-06-24
Linux | Kernel CVE-2024-1086
Linux Kernel Use-After-Free Vulnerability: Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-05-30
Due Date: 2024-06-20
CHECK POINT | QUANTUM SECURITY GATEWAYS
Check Point Quantum Security Gateways Information Disclosure Vulnerability
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.
LINUX | KERNEL
Linux Kernel Use-After-Free Vulnerability
Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
JUSTICE AV SOLUTIONS | VIEWER
Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability
Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2 server.
GOOGLE | CHROMIUM V8
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
APACHE | FLINK
Apache Flink Improper Access Control Vulnerability
Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface.
NEXTGEN HEALTHCARE | MIRTH CONNECT
NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability
NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request.
GOOGLE | CHROMIUM V8
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
D-LINK | DIR-600 ROUTER
D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session.
Action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Date Added: 2024-05-16
Due Date: 2024-06-06
D-LINK | DIR-605 ROUTER
D-Link DIR-605 Router Information Disclosure Vulnerability
D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.
Action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Date Added: 2024-05-16
Due Date: 2024-06-06
GOOGLE | CHROMIUM VISUALS
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
MICROSOFT | DWM CORE LIBRARY
Microsoft DWM Core Library Privilege Escalation Vulnerability
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.
MICROSOFT | WINDOWS
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.
GOOGLE | CHROMIUM
Google Chromium Visuals Use-After-Free Vulnerability
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
GITLAB | GITLAB CE/EE
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.
MICROSOFT | SMARTSCREEN PROMPT
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file.
CRUSHFTP | CRUSHFTP
CrushFTP VFS Sandbox Escape Vulnerability
CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).
CISCO | ADAPTIVE SECURITY APPLIANCE (ASA) AND FIREPOWER THREAT DEFENSE (FTD)
Cisco ASA and FTD Privilege Escalation Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.
CISCO | ADAPTIVE SECURITY APPLIANCE (ASA) AND FIREPOWER THREAT DEFENSE (FTD)
Cisco ASA and FTD Denial of Service Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition.
MICROSOFT | WINDOWS
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.
PALO ALTO NETWORKS | PAN-OS
Palo Alto Networks PAN-OS Command Injection Vulnerability
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
Action: Users of affected devices should enable Threat Prevention Threat ID 95187 if that is available, otherwise, disable device telemetry until patches are available from the vendor, per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Date Added: 2024-04-12
Due Date: 2024-04-19
D-LINK | MULTIPLE NAS DEVICES
D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.
Action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Date Added: 2024-04-11
Due Date: 2024-05-02
D-LINK | MULTIPLE NAS DEVICES
D-Link Multiple NAS Devices Command Injection Vulnerability
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.
Action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Date Added: 2024-04-11
Due Date: 2024-05-02
ANDROID | PIXEL
Android Pixel Information Disclosure Vulnerability
Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.
ANDROID | PIXEL
Android Pixel Privilege Escalation Vulnerability
Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.
ANDROID | PIXEL
Android Pixel Information Disclosure Vulnerability
Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.
MICROSOFT | SHAREPOINT SERVER
Microsoft SharePoint Server Code Injection Vulnerability
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
NICE | LINEAR EMERGE E3-SERIES
Nice Linear eMerge E3-Series OS Command Injection Vulnerability
Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.
Action: Contact the vendor for guidance on remediating firmware, per their advisory.
Known To Be Used in Ransomware Campaigns?: Unknown
Date Added: 2024-03-25
Due Date: 2024-04-15
IVANTI | ENDPOINT MANAGER CLOUD SERVICE APPLIANCE (EPM CSA)
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).
FORTINET | FORTICLIENT EMS
Fortinet FortiClient EMS SQL Injection Vulnerability
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
JETBRAINS | TEAMCITY
JetBrains TeamCity Authentication Bypass Vulnerability
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
APPLE | MULTIPLE PRODUCTS
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
APPLE | MULTIPLE PRODUCTS
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
ANDROID | PIXEL
Android Pixel Information Disclosure Vulnerability
Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.
SUNHILLO | SURELINE
Sunhillo SureLine OS Command Injection Vulnerablity
Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi.
MICROSOFT | WINDOWS
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.
MICROSOFT | STREAMING SERVICE
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
CONNECTWISE | SCREENCONNECT
ConnectWise ScreenConnect Authentication Bypass Vulnerability
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.
CISCO | ADAPTIVE SECURITY APPLIANCE (ASA) AND FIREPOWER THREAT DEFENSE (FTD)
Cisco ASA and FTD Information Disclosure Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations.
MICROSOFT | EXCHANGE SERVER
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
MICROSOFT | WINDOWS
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.
MICROSOFT | WINDOWS
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.
ROUNDCUBE | WEBMAIL
Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages.
FORTINET | FORTIOS
Fortinet FortiOS Out-of-Bound Write Vulnerability
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
GOOGLE | CHROMIUM V8
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
APPLE | MULTIPLE PRODUCTS
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
IVANTI | CONNECT SECURE, POLICY SECURE, AND NEURONS
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.
ATLASSIAN | CONFLUENCE DATA CENTER AND SERVER
Atlassian Confluence Data Center and Server Template Injection Vulnerability
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
APPLE | MULTIPLE PRODUCTS
Apple Multiple Products Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content.
VMWARE | VCENTER SERVER
VMware vCenter Server Out-of-Bounds Write Vulnerability
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.
IVANTI | ENDPOINT MANAGER MOBILE (EPMM) AND MOBILEIRON CORE
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.
GOOGLE | CHROMIUM V8
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CITRIX | NETSCALER ADC AND NETSCALER GATEWAY
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
CITRIX | NETSCALER ADC AND NETSCALER GATEWAY
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.
LARAVEL | LARAVEL FRAMEWORK
Laravel Deserialization of Untrusted Data Vulnerability
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).
MICROSOFT | SHAREPOINT SERVER
Microsoft SharePoint Server Privilege Escalation Vulnerability
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
IVANTI | CONNECT SECURE AND POLICY SECURE
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.
IVANTI | CONNECT SECURE AND POLICY SECURE
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.
JOOMLA! | JOOMLA!
Joomla! Improper Access Control Vulnerability
Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints.
D-LINK | DSL-2750B DEVICES
D-Link DSL-2750B Devices Command Injection Vulnerability
D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.
APPLE | MULTIPLE PRODUCTS
Apple Multiple Products Code Execution Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
APACHE | SUPERSET
Apache Superset Insecure Default Initialization of Resource Vulnerability
Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.
ADOBE | COLDFUSION
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
ADOBE | COLDFUSION
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
SPREADSHEET::PARSEEXCEL | SPREADSHEET::PARSEEXCEL
Spreadsheet::ParseExcel Remote Code Execution Vulnerability
Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.
GOOGLE | CHROMIUM WEBRTC
Google Chromium WebRTC Heap Buffer Overflow Vulnerability
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.
FXC | AE1021, AE1021PE
FXC AE1021, AE1021PE OS Command Injection Vulnerability
FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network.
QNAP | VIOSTOR NVR
QNAP VioStor NVR OS Command Injection Vulnerability
QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.
UNITRONICS | VISION PLC AND HMI
Unitronics Vision PLC and HMI Insecure Default Password Vulnerability
Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.
QLIK | SENSE
Qlik Sense Path Traversal Vulnerability
Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.
QLIK | SENSE
Qlik Sense HTTP Tunneling Vulnerability
Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.
QUALCOMM | MULTIPLE CHIPSETS
Qualcomm Multiple Chipsets Integer Overflow Vulnerability
Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
QUALCOMM | MULTIPLE CHIPSETS
Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability
Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
QUALCOMM | MULTIPLE CHIPSETS
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP.
QUALCOMM | MULTIPLE CHIPSETS
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.
APPLE | MULTIPLE PRODUCTS
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content.
APPLE | MULTIPLE PRODUCTS
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content.
GOOGLE | CHROMIUM SKIA
Google Skia Integer Overflow Vulnerability
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
OWNCLOUD | OWNCLOUD GRAPHAPI
ownCloud graphapi Information Disclosure Vulnerability
ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials.
GNU | GNU C LIBRARY
GNU C Library Buffer Overflow Vulnerability
GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.
MICROSOFT | WINDOWS
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
SOPHOS | WEB APPLIANCE
Sophos Web Appliance Command Injection Vulnerability
Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
ORACLE | FUSION MIDDLEWARE
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.
MICROSOFT | WINDOWS
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
MICROSOFT | WINDOWS
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts.
MICROSOFT | WINDOWS
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
SYSAID | SYSAID SERVER
SysAid Server Path Traversal Vulnerability
SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution.
JUNIPER | JUNOS OS
Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
JUNIPER | JUNOS OS
Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the PHP execution environment allowing the injection und execution of code.
JUNIPER | JUNOS OS
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.
JUNIPER | JUNOS OS
Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.
JUNIPER | JUNOS OS
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.
IETF | SERVICE LOCATION PROTOCOL (SLP)
Service Location Protocol (SLP) Denial-of-Service Vulnerability
The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.
Action: Apply mitigations per vendor instructions or disable SLP service or port 427/UDP on all systems running on untrusted networks, including those directly connected to the Internet.
Known To Be Used in Ransomware Campaigns?: Unknown
Date Added: 2023-11-08
Due Date: 2023-11-29
ATLASSIAN | CONFLUENCE DATA CENTER AND SERVER
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data.
APACHE | ACTIVEMQ
Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
F5 | BIG-IP CONFIGURATION UTILITY
F5 BIG-IP Configuration Utility SQL Injection Vulnerability
F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.
F5 | BIG-IP CONFIGURATION UTILITY
F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.
ROUNDCUBE | WEBMAIL
Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code.
CISCO | CISCO IOS XE WEB UI
Cisco IOS XE Web UI Command Injection Vulnerability
Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.
Action: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.
Known To Be Used in Ransomware Campaigns?: Unknown
Date Added: 2023-10-23
Due Date: 2023-10-27
CITRIX | NETSCALER ADC AND NETSCALER GATEWAY
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Action: Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns?: Known
Date Added: 2023-10-18
Due Date: 2023-11-08
CISCO | IOS XE WEB UI
Cisco IOS XE Web UI Privilege Escalation Vulnerability
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.
Action: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.
Known To Be Used in Ransomware Campaigns?: Unknown
Date Added: 2023-10-16
Due Date: 2023-10-20
ADOBE | ACROBAT AND READER
Adobe Acrobat and Reader Use-After-Free Vulnerability
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
CISCO | IOS AND IOS XE
Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash.
MICROSOFT | SKYPE FOR BUSINESS
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
MICROSOFT | WORDPAD
Microsoft WordPad Information Disclosure Vulnerability
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
IETF | HTTP/2
HTTP/2 Rapid Reset Attack Vulnerability
HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
ATLASSIAN | CONFLUENCE DATA CENTER AND SERVER
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA.
Known To Be Used in Ransomware Campaigns?: Known
Date Added: 2023-10-05
Due Date: 2023-10-13
PROGRESS | WS_FTP SERVER
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.
APPLE | IOS AND IPADOS
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
JETBRAINS | TEAMCITY
JetBrains TeamCity Authentication Bypass Vulnerability
JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
MICROSOFT | WINDOWS CNG KEY ISOLATION SERVICE
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.
ARM | MALI GPU KERNEL DRIVER
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
GOOGLE | CHROMIUM LIBVPX
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.
RED HAT | JBOSS RICHFACES FRAMEWORK
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
APPLE | MULTIPLE PRODUCTS
Apple Multiple Products Improper Certificate Validation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
APPLE | MULTIPLE PRODUCTS
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
APPLE | MULTIPLE PRODUCTS
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content.
TREND MICRO | APEX ONE AND WORRY-FREE BUSINESS SECURITY
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
MINIO | MINIO
MinIO Security Feature Bypass Vulnerability
MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket` to conduct privilege escalation. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access.
SAMSUNG | MOBILE DEVICES
Samsung Mobile Devices Use-After-Free Vulnerability
Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
REALTEK | SDK
Realtek SDK Improper Input Validation Vulnerability
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.
ZYXEL | EMG2926 ROUTERS
Zyxel EMG2926 Routers Command Injection Vulnerability
Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
LARAVEL | IGNITION
Laravel Ignition File Upload Vulnerability
Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().
ADOBE | ACROBAT AND READER
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.