Merge pull request #512 from e-m-b-a/known_exploited_update

CISA known exploited database update
e-m-b-a · Mar 5, 2023 · 865ce09 · 865ce09
2 parents 00ae31f + a9b2c4a
commit 865ce09
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv
@@ -877,3 +877,12 @@
 "CVE-2015-2291","Intel","Ethernet Diagnostics Driver for Windows","Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability","2023-02-10","Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service.","Apply updates per vendor instructions.","2023-03-03","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html"
 "CVE-2022-24990","TerraMaster","TerraMaster OS","TerraMaster OS Remote Command Execution Vulnerability","2023-02-10","TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.","Apply updates per vendor instructions.","2023-03-03","https://forum.terra-master.com/en/viewtopic.php?t=3030"
 "CVE-2023-0669","Fortra","GoAnywhere MFT","Fortra GoAnywhere MFT Remote Code Execution Vulnerability","2023-02-10","Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.","Apply updates per vendor instructions.","2023-03-03","Fortra users must have an account in order to login and access the patch. https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml"
+"CVE-2023-21715","Microsoft","Office","Microsoft Office Publisher Security Feature Bypass Vulnerability","2023-02-14","Microsoft Office Publisher contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system.","Apply updates per vendor instructions.","2023-03-07","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715"
+"CVE-2023-23376","Microsoft","Windows","Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability","2023-02-14","Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation.","Apply updates per vendor instructions.","2023-03-07","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376"
+"CVE-2023-23529","Apple","Multiple Products","Apple Multiple Products WebKit Type Confusion Vulnerability","2023-02-14","WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution.","Apply updates per vendor instructions.","2023-03-07","https://support.apple.com/en-us/HT213635, https://support.apple.com/en-us/HT213633, https://support.apple.com/en-us/HT213638"
+"CVE-2023-21823","Microsoft","Windows","Microsoft Windows Graphic Component Privilege Escalation Vulnerability","2023-02-14","Microsoft Windows Graphic Component contains an unspecified vulnerability which allows for privilege escalation.","Apply updates per vendor instructions.","2023-03-07","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823"
+"CVE-2022-46169","Cacti","Cacti","Cacti Command Injection Vulnerability","2023-02-16","Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.","Apply updates per vendor instructions.","2023-03-09","https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf"
+"CVE-2022-47986","IBM","Aspera Faspex","IBM Aspera Faspex Code Execution Vulnerability","2023-02-21","IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.","Apply updates per vendor instructions.","2023-03-14","https://exchange.xforce.ibmcloud.com/vulnerabilities/243512?_ga=2.189195179.1800390251.1676559338-700333034.1676325890"
+"CVE-2022-41223","Mitel","MiVoice Connect","Mitel MiVoice Connect Code Injection Vulnerability","2023-02-21","The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.","Apply updates per vendor instructions.","2023-03-14","https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008"
+"CVE-2022-40765","Mitel","MiVoice Connect","Mitel MiVoice Connect Command Injection Vulnerability","2023-02-21","The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.","Apply updates per vendor instructions.","2023-03-14","https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007"
+"CVE-2022-36537","ZK Framework","AuUploader","ZK Framework AuUploader Unspecified Vulnerability","2023-02-27","ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.","Apply updates per vendor instructions.","2023-03-20","https://tracker.zkoss.org/browse/ZK-5150"