CISA Known Exploited Vulnerabilities Catalog
7.8
CVE-2023-29336 - Microsoft Win32K Privilege Escalation Vulnerability -
Action Due May 30, 2023 Target Vendor : Microsoft
Description : Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336
8.8
CVE-2023-1389 - TP-Link Archer AX-21 Command Injection Vulnerability -
Action Due May 22, 2023 Target Vendor : TP-Link
Description : TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware
9.0
CVE-2021-45046 - Apache Log4j2 Deserialization of Untrusted Data Vulnerability -
Action Due May 22, 2023 Target Vendor : Apache
Description : Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://logging.apache.org/log4j/2.x/security.html
7.5
CVE-2023-21839 - Oracle WebLogic Server Unspecified Vulnerability -
Action Due May 22, 2023 Target Vendor : Oracle
Description : Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.oracle.com/security-alerts/cpujan2023.html
7.5
CVE-2023-28432 - MinIO Information Disclosure Vulnerability -
Action Due May 12, 2023 Target Vendor : MinIO
Description : MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q
9.8
CVE-2023-27350 - PaperCut MF/NG Improper Access Control Vulnerability -
Action Due May 12, 2023 Target Vendor : PaperCut
Description : PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
9.6
CVE-2023-2136 - Google Chrome Skia Integer Overflow Vulnerability -
Action Due May 12, 2023 Target Vendor : Google
Description : Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
8.8
CVE-2017-6742 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -
Action Due May 10, 2023 Target Vendor : Cisco
Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
7.8
CVE-2019-8526 - Apple macOS Use-After-Free Vulnerability -
Action Due May 08, 2023 Target Vendor : Apple
Description : Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT209600
8.8
CVE-2023-2033 - Google Chromium V8 Type Confusion Vulnerability -
Action Due May 08, 2023 Target Vendor : Google
Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
7.8
CVE-2023-20963 - Android Framework Privilege Escalation Vulnerability -
Action Due May 04, 2023 Target Vendor : Android
Description : Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://source.android.com/docs/security/bulletin/2023-03-01
9.8
CVE-2023-29492 - Novi Survey Insecure Deserialization Vulnerability -
Action Due May 04, 2023 Target Vendor : Novi Survey
Description : Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx
7.8
CVE-2023-28252 - Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability -
Action Due May 02, 2023 Target Vendor : Microsoft
Description : Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252
8.8
CVE-2023-28205 - Apple Multiple Products WebKit Use-After-Free Vulnerability -
Action Due May 01, 2023 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT213720,https://support.apple.com/en-us/HT213721,https://support.apple.com/en-us/HT213722,https://support.apple.com/en-us/HT213723
8.6
CVE-2023-28206 - Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability -
Action Due May 01, 2023 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT213720, https://support.apple.com/en-us/HT213721
8.1
CVE-2021-27876 - Veritas Backup Exec Agent File Access Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Veritas
Description : Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.veritas.com/support/en_US/security/VTS21-001
9.8
CVE-2021-27877 - Veritas Backup Exec Agent Improper Authentication Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Veritas
Description : Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.veritas.com/support/en_US/security/VTS21-001
8.8
CVE-2021-27878 - Veritas Backup Exec Agent Command Execution Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Veritas
Description : Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.veritas.com/support/en_US/security/VTS21-001
7.8
CVE-2019-1388 - Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Microsoft
Description : Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388
3.3
CVE-2023-26083 - Arm Mali GPU Kernel Driver Information Disclosure Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Arm
Description : Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities