diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv index 5d2efb472..048d29913 100644 --- a/config/known_exploited_vulnerabilities.csv +++ b/config/known_exploited_vulnerabilities.csv @@ -921,3 +921,6 @@ "CVE-2023-28432","MinIO","MinIO","MinIO Information Disclosure Vulnerability","2023-04-21","MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.","Apply updates per vendor instructions.","2023-05-12","https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q" "CVE-2023-27350","PaperCut","MF/NG","PaperCut MF/NG Improper Access Control Vulnerability","2023-04-21","PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.","Apply updates per vendor instructions.","2023-05-12","https://www.papercut.com/kb/Main/PO-1216-and-PO-1219" "CVE-2023-2136","Google","Chrome","Google Chrome Skia Integer Overflow Vulnerability","2023-04-21","Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products.","Apply updates per vendor instructions.","2023-05-12","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html" +"CVE-2023-1389","TP-Link","Archer AX21","TP-Link Archer AX-21 Command Injection Vulnerability","2023-05-01","TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.","Apply updates per vendor instructions.","2023-05-22","https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware" +"CVE-2021-45046","Apache","Log4j2","Apache Log4j2 Deserialization of Untrusted Data Vulnerability","2023-05-01","Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.","Apply updates per vendor instructions.","2023-05-22","https://logging.apache.org/log4j/2.x/security.html" +"CVE-2023-21839","Oracle","WebLogic Server","Oracle WebLogic Server Unspecified Vulnerability","2023-05-01","Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.","Apply updates per vendor instructions.","2023-05-22","https://www.oracle.com/security-alerts/cpujan2023.html"