Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CISA known exploited database update #614

Merged
merged 1 commit into from
May 7, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions config/known_exploited_vulnerabilities.csv
Original file line number Diff line number Diff line change
Expand Up @@ -921,3 +921,6 @@
"CVE-2023-28432","MinIO","MinIO","MinIO Information Disclosure Vulnerability","2023-04-21","MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.","Apply updates per vendor instructions.","2023-05-12","https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q"
"CVE-2023-27350","PaperCut","MF/NG","PaperCut MF/NG Improper Access Control Vulnerability","2023-04-21","PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.","Apply updates per vendor instructions.","2023-05-12","https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
"CVE-2023-2136","Google","Chrome","Google Chrome Skia Integer Overflow Vulnerability","2023-04-21","Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products.","Apply updates per vendor instructions.","2023-05-12","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html"
"CVE-2023-1389","TP-Link","Archer AX21","TP-Link Archer AX-21 Command Injection Vulnerability","2023-05-01","TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.","Apply updates per vendor instructions.","2023-05-22","https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware"
"CVE-2021-45046","Apache","Log4j2","Apache Log4j2 Deserialization of Untrusted Data Vulnerability","2023-05-01","Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.","Apply updates per vendor instructions.","2023-05-22","https://logging.apache.org/log4j/2.x/security.html"
"CVE-2023-21839","Oracle","WebLogic Server","Oracle WebLogic Server Unspecified Vulnerability","2023-05-01","Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.","Apply updates per vendor instructions.","2023-05-22","https://www.oracle.com/security-alerts/cpujan2023.html"