CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    6.1

    CVSS31
    CVE-2022-39197 - Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability -

    Action Due Apr 20, 2023 Target Vendor : Fortra

    Description : Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/

    Alert Date: Mar 30, 2023 | 539 days ago

    7.8

    CVSS31
    CVE-2021-30900 - Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability -

    Action Due Apr 20, 2023 Target Vendor : Apple

    Description : Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.apple.com/en-us/HT21286, https://support.apple.com/en-us/HT212868, https://support.apple.com/kb/HT212872

    Alert Date: Mar 30, 2023 | 539 days ago

    8.8

    CVSS31
    CVE-2022-38181 - Arm Mali GPU Kernel Driver Use-After-Free Vulnerability -

    Action Due Apr 20, 2023 Target Vendor : Arm

    Description : Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

    Alert Date: Mar 30, 2023 | 539 days ago

    7.9

    CVSS31
    CVE-2023-0266 - Linux Kernel Use-After-Free Vulnerability -

    Action Due Apr 20, 2023 Target Vendor : Linux

    Description : Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4

    Alert Date: Mar 30, 2023 | 539 days ago

    8.8

    CVSS31
    CVE-2022-3038 - Google Chromium Network Service Use-After-Free Vulnerability -

    Action Due Apr 20, 2023 Target Vendor : Google

    Description : Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html

    Alert Date: Mar 30, 2023 | 539 days ago

    7.8

    CVSS31
    CVE-2022-22706 - Arm Mali GPU Kernel Driver Unspecified Vulnerability -

    Action Due Apr 20, 2023 Target Vendor : Arm

    Description : Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

    Alert Date: Mar 30, 2023 | 539 days ago

    9.8

    CVSS31
    CVE-2023-26360 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -

    Action Due Apr 05, 2023 Target Vendor : Adobe

    Description : Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

    Alert Date: Mar 15, 2023 | 554 days ago

    9.8

    CVSS31
    CVE-2023-23397 - Microsoft Office Outlook Privilege Escalation Vulnerability -

    Action Due Apr 04, 2023 Target Vendor : Microsoft

    Description : Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/,

    Alert Date: Mar 14, 2023 | 555 days ago

    4.4

    CVSS31
    CVE-2023-24880 - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability -

    Action Due Apr 04, 2023 Target Vendor : Microsoft

    Description : Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880

    Alert Date: Mar 14, 2023 | 555 days ago

    7.1

    CVSS31
    CVE-2022-41328 - Fortinet FortiOS Path Traversal Vulnerability -

    Action Due Apr 04, 2023 Target Vendor : Fortinet

    Description : Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.fortiguard.com/psirt/FG-IR-22-369

    Alert Date: Mar 14, 2023 | 555 days ago

    8.5

    CVSS31
    CVE-2021-39144 - XStream Remote Code Execution Vulnerability -

    Action Due Mar 31, 2023 Target Vendor : XStream

    Description : XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.vmware.com/security/advisories/VMSA-2022-0027.html, https://x-stream.github.io/CVE-2021-39144.html

    Alert Date: Mar 10, 2023 | 559 days ago

    7.2

    CVSS31
    CVE-2020-5741 - Plex Media Server Remote Code Execution Vulnerability -

    Action Due Mar 31, 2023 Target Vendor : Plex

    Description : Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819

    Alert Date: Mar 10, 2023 | 559 days ago

    6.8

    CVSS31
    CVE-2022-28810 - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability -

    Action Due Mar 28, 2023 Target Vendor : Zoho

    Description : Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28810.html

    Alert Date: Mar 07, 2023 | 562 days ago

    8.8

    CVSS31
    CVE-2022-33891 - Apache Spark Command Injection Vulnerability -

    Action Due Mar 28, 2023 Target Vendor : Apache

    Description : Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc

    Alert Date: Mar 07, 2023 | 562 days ago

    9.8

    CVSS31
    CVE-2022-35914 - Teclib GLPI Remote Code Execution Vulnerability -

    Action Due Mar 28, 2023 Target Vendor : Teclib

    Description : Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://glpi-project.org/fr/glpi-10-0-3-disponible/, http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed.

    Alert Date: Mar 07, 2023 | 562 days ago

    7.5

    CVSS31
    CVE-2022-36537 - ZK Framework AuUploader Unspecified Vulnerability -

    Action Due Mar 20, 2023 Target Vendor : ZK Framework

    Description : ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://tracker.zkoss.org/browse/ZK-5150

    Alert Date: Feb 27, 2023 | 570 days ago

    9.8

    CVSS31
    CVE-2022-47986 - IBM Aspera Faspex Code Execution Vulnerability -

    Action Due Mar 14, 2023 Target Vendor : IBM

    Description : IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://exchange.xforce.ibmcloud.com/vulnerabilities/243512?_ga=2.189195179.1800390251.1676559338-700333034.1676325890

    Alert Date: Feb 21, 2023 | 576 days ago

    6.8

    CVSS31
    CVE-2022-41223 - Mitel MiVoice Connect Code Injection Vulnerability -

    Action Due Mar 14, 2023 Target Vendor : Mitel

    Description : The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008

    Alert Date: Feb 21, 2023 | 576 days ago

    6.8

    CVSS31
    CVE-2022-40765 - Mitel MiVoice Connect Command Injection Vulnerability -

    Action Due Mar 14, 2023 Target Vendor : Mitel

    Description : The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007

    Alert Date: Feb 21, 2023 | 576 days ago

    9.8

    CVSS31
    CVE-2022-46169 - Cacti Command Injection Vulnerability -

    Action Due Mar 09, 2023 Target Vendor : Cacti

    Description : Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf

    Alert Date: Feb 16, 2023 | 581 days ago
Showing 20 of 1180 Results

Filters