Merge pull request #594 from e-m-b-a/known_exploited_update

CISA known exploited database update
e-m-b-a · Apr 23, 2023 · 211cc45 · 211cc45
2 parents 640a57e + b65dd37
commit 211cc45
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv
@@ -915,3 +915,9 @@
 "CVE-2023-28252","Microsoft","Windows","Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability","2023-04-11","Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.","Apply updates per vendor instructions.","2023-05-02","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252"
 "CVE-2023-20963","Android","Framework","Android Framework Privilege Escalation Vulnerability","2023-04-13","Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.","Apply updates per vendor instructions.","2023-05-04","https://source.android.com/docs/security/bulletin/2023-03-01"
 "CVE-2023-29492","Novi Survey","Novi Survey","Novi Survey Insecure Deserialization Vulnerability","2023-04-13","Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account.","Apply updates per vendor instructions.","2023-05-04","https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx"
+"CVE-2019-8526","Apple","macOS","Apple macOS Use-After-Free Vulnerability","2023-04-17","Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.","Apply updates per vendor instructions.","2023-05-08","https://support.apple.com/en-us/HT209600"
+"CVE-2023-2033","Google","Chromium V8 Engine","Google Chromium V8 Engine Type Confusion Vulnerability","2023-04-17","Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time.","Apply updates per vendor instructions.","2023-05-08","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html"
+"CVE-2017-6742","Cisco","IOS and IOS XE Software","Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability","2023-04-19","The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.","Apply updates per vendor instructions.","2023-05-10","https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp"
+"CVE-2023-28432","MinIO","MinIO","MinIO Information Disclosure Vulnerability","2023-04-21","MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.","Apply updates per vendor instructions.","2023-05-12","https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q"
+"CVE-2023-27350","PaperCut","MF/NG","PaperCut MF/NG Improper Access Control Vulnerability","2023-04-21","PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.","Apply updates per vendor instructions.","2023-05-12","https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
+"CVE-2023-2136","Google","Chrome","Google Chrome Skia Integer Overflow Vulnerability","2023-04-21","Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products.","Apply updates per vendor instructions.","2023-05-12","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html"