www.cisa.gov
Open in
urlscan Pro
2a02:26f0:3100:389::447a
Public Scan
URL:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Submission: On December 07 via api from TR — Scanned from DE
Submission: On December 07 via api from TR — Scanned from DE
Form analysis 3 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>GET /known-exploited-vulnerabilities-catalog
<form action="/known-exploited-vulnerabilities-catalog" method="get" id="views-exposed-form-index-kev-listing-block-1" accept-charset="UTF-8">
<div class="c-form-item c-form-item--text c-form-item--id-search-api-fulltext js-form-item js-form-type-textfield js-form-item-search-api-fulltext">
<label for="edit-search-api-fulltext" class="c-form-item__label">Text Search <span class="usa-hint"> (optional) </span></label>
<input data-drupal-selector="edit-search-api-fulltext" type="text" id="edit-search-api-fulltext" name="search_api_fulltext" value="" size="30" maxlength="128" class="c-form-item__text">
</div>
<div class="c-form-item c-form-item--select c-form-item--id-sort-by js-form-item js-form-type-select js-form-item-sort-by">
<label for="edit-sort-by" class="c-form-item__label">Sort by <span class="usa-hint"> (optional) </span></label>
<select data-drupal-selector="edit-sort-by" id="edit-sort-by" name="sort_by" class="c-form-item__select c-form-item--select">
<option value="field_date_added" selected="selected">Publish Date</option>
<option value="field_due_date">Due Date</option>
<option value="field_vendor_project_name">Vendor/Project A-Z</option>
</select>
</div>
<div class="c-form-item c-form-item--select c-form-item--id-items-per-page js-form-item js-form-type-select js-form-item-items-per-page">
<label for="edit-items-per-page" class="c-form-item__label">Items per page <span class="usa-hint"> (optional) </span></label>
<select data-drupal-selector="edit-items-per-page" id="edit-items-per-page" name="items_per_page" class="c-form-item__select c-form-item--select">
<option value="20" selected="selected">20</option>
<option value="50">50</option>
<option value="100">100</option>
</select>
</div>
<div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper" id="edit-actions">
<input data-drupal-selector="edit-submit-index-kev-listing" type="submit" id="edit-submit-index-kev-listing" value="Apply" class="c-button js-form-submit c-form-item__submit c-button js-form-submit">
</div>
</form>Text Content
Skip to main content An official website of the United States government Here’s how you know Here’s how you know Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. Cybersecurity & Infrastructure Security Agency America's Cyber Defense Agency Search × search Menu Close × search * Topics Topics Cybersecurity Best Practices Cyber Threats and Advisories Critical Infrastructure Security and Resilience Election Security Emergency Communications Industrial Control Systems Information and Communications Technology Supply Chain Security Partnerships and Collaboration Physical Security Risk Management How can we help? GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutives * Spotlight * Resources & Tools Resources & Tools All Resources & Tools Services Programs Resources Training Groups * News & Events News & Events News Events Cybersecurity Alerts & Advisories Directives Request a CISA Speaker Congressional Testimony * Careers Careers Benefits & Perks HireVue Applicant Reasonable Accommodations Process Hiring Resume & Application Tips Students & Recent Graduates Veteran and Military Spouses Work @ CISA * About About Culture Divisions & Offices Regions Leadership Doing Business with CISA Site Links Reporting Employee and Contractor Misconduct CISA GitHub Contact Us Report a Cyber Issue America's Cyber Defense Agency Breadcrumb 1. Home Share: FILTERS What are you looking for? Text Search (optional) Sort by (optional) Publish DateDue DateVendor/Project A-Z Items per page (optional) 2050100 VENDOR/PROJECT * Accellion Accellion * Qlik Qlik * ownCloud ownCloud * Adobe Adobe * Alcatel Alcatel * Amcrest Amcrest * Android Android * Apache Apache * Apple Apple * Arcadyan Arcadyan * Arcserve Arcserve * Arm Arm * Artifex Artifex * Atlassian Atlassian * Aviatrix Aviatrix * Barracuda Networks Barracuda Networks * BQE BQE * Cacti Cacti * ChakraCore ChakraCore * Checkbox Checkbox * Cisco Cisco * CIsco CIsco * Citrix Citrix * Code Aurora Code Aurora * Crestron Crestron * CWP CWP * D-Link D-Link * D-Link and TRENDnet D-Link and TRENDnet * Dasan Dasan * Dell Dell * Delta Electronics Delta Electronics * Docker Docker * dotCMS dotCMS * DotNetNuke (DNN) DotNetNuke (DNN) * DrayTek DrayTek * Drupal Drupal * Elastic Elastic * Embedthis Embedthis * Exim Exim * EyesOfNetwork EyesOfNetwork * F5 F5 * FatPipe FatPipe * ForgeRock ForgeRock * Fortinet Fortinet * Fortra Fortra * Fuel CMS Fuel CMS * GIGABYTE GIGABYTE * GitLab GitLab * GNU GNU * Google Google * Grafana Labs Grafana Labs * Grandstream Grandstream * Hewlett Packard (HP) Hewlett Packard (HP) * Hikvision Hikvision * IBM IBM * IETF IETF * Ignite Realtime Ignite Realtime * ImageMagick ImageMagick * InduSoft InduSoft * Intel Intel * Ivanti Ivanti * Jenkins Jenkins * JetBrains JetBrains * Juniper Juniper * Kaseya Kaseya * Kentico Kentico * Laravel Laravel * LG LG * Liferay Liferay * Linux Linux * McAfee McAfee * MediaTek MediaTek * Meta Platforms Meta Platforms * Micro Focus Micro Focus * Microsoft Microsoft * MikroTik MikroTik * MinIO MinIO * Mitel Mitel * MongoDB MongoDB * Mozilla Mozilla * Nagios Nagios * NETGEAR NETGEAR * Netis Netis * Netwrix Netwrix * Novi Survey Novi Survey * Npm package Npm package * October CMS October CMS * OpenBSD OpenBSD * OpenSSL OpenSSL * Oracle Oracle * Palo Alto Networks Palo Alto Networks * PaperCut PaperCut * PEAR PEAR * Perl Perl * PHP PHP * phpMyAdmin phpMyAdmin * PHPUnit PHPUnit * Pi-hole Pi-hole * PlaySMS PlaySMS * Plex Plex * Primetek Primetek * Progress Progress * Pulse Secure Pulse Secure * QNAP QNAP * QNAP Systems QNAP Systems * Qualcomm Qualcomm * Quest Quest * Rails Rails * RARLAB RARLAB * rConfig rConfig * Realtek Realtek * Red Hat Red Hat * Redis Redis * Rejetto Rejetto * Roundcube Roundcube * Ruckus Wireless Ruckus Wireless * SaltStack SaltStack * Samba Samba * Samsung Samsung * SAP SAP * Schneider Electric Schneider Electric * Siemens Siemens * SIMalliance SIMalliance * Sitecore Sitecore * SolarView SolarView * SolarWinds SolarWinds * Sonatype Sonatype * SonicWall SonicWall * Sophos Sophos * Sudo Sudo * SugarCRM SugarCRM * Sumavision Sumavision * Symantec Symantec * Synacor Synacor * SysAid SysAid * TeamViewer TeamViewer * Teclib Teclib * Telerik Telerik * Tenda Tenda * TerraMaster TerraMaster * ThinkPHP ThinkPHP * TIBCO TIBCO * TP-Link TP-Link * Treck TCP/IP stack Treck TCP/IP stack * Trend Micro Trend Micro * Trihedral Trihedral * TVT TVT * Ubiquiti Ubiquiti * Unraid Unraid * vBulletin vBulletin * Veeam Veeam * Veritas Veritas * VMware VMware * VMware Tanzu VMware Tanzu * WatchGuard WatchGuard * WebKitGTK WebKitGTK * Webmin Webmin * WebRTC WebRTC * WordPress WordPress * WSO2 WSO2 * XStream XStream * Yealink Yealink * Zabbix Zabbix * Zimbra Zimbra * ZK Framework ZK Framework * Zoho Zoho * Zyxel Zyxel Show more No result Reset KNOWN EXPLOITED VULNERABILITIES CATALOG For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework. How to use the KEV Catalog The KEV catalog is also available in the following formats: CSV JSON JSON Schema -------------------------------------------------------------------------------- Showing 1 - 20 of 1050 Qlik | Sense CVE-2023-41265 Qlik Sense HTTP Tunneling Vulnerability Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. * Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-12-07 * Due Date: 2023-12-28 Resources and Notes https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801 Qlik | Sense CVE-2023-41266 Qlik Sense Path Traversal Vulnerability Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints. * Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-12-07 * Due Date: 2023-12-28 Resources and Notes https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801 Qualcomm | Multiple Chipsets CVE-2022-22071 Qualcomm Multiple Chipsets Use-After-Free Vulnerability Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress. * Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-12-05 * Due Date: 2023-12-26 Resources and Notes This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/586840fde350d7b8563df9889c8ce397e2c20dda Qualcomm | Multiple Chipsets CVE-2023-33063 Qualcomm Multiple Chipsets Use-After-Free Vulnerability Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP. * Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-12-05 * Due Date: 2023-12-26 Resources and Notes This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/2643808ddbedfaabbb334741873fb2857f78188a, https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/d43222efda5a01c9804d74a541e3c1be9b7fe110 Qualcomm | Multiple Chipsets CVE-2023-33106 Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. * Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-12-05 * Due Date: 2023-12-26 Resources and Notes This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/1e46e81dbeb69aafd5842ce779f07e617680fd58 Qualcomm | Multiple Chipsets CVE-2023-33107 Qualcomm Multiple Chipsets Integer Overflow Vulnerability Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. * Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-12-05 * Due Date: 2023-12-26 Resources and Notes This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/d66b799c804083ea5226cfffac6d6c4e7ad4968b Apple | Multiple Products CVE-2023-42916 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content. * Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-12-04 * Due Date: 2023-12-25 Resources and Notes https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 Apple | Multiple Products CVE-2023-42917 Apple Multiple Products WebKit Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. * Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-12-04 * Due Date: 2023-12-25 Resources and Notes https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ownCloud | ownCloud graphapi CVE-2023-49103 ownCloud graphapi Information Disclosure Vulnerability ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-30 * Due Date: 2023-12-21 Resources and Notes https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/ Google | Skia CVE-2023-6345 Google Skia Integer Overflow Vulnerability Google Skia contains an integer overflow vulnerability affecting Google Chrome and ChromeOS, Android, Flutter, and possibly other products. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-30 * Due Date: 2023-12-21 Resources and Notes This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html GNU | GNU C Library CVE-2023-4911 GNU C Library Buffer Overflow Vulnerability GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-21 * Due Date: 2023-12-12 Resources and Notes This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa, https://access.redhat.com/security/cve/cve-2023-4911, https://www.debian.org/security/2023/dsa-5514 Oracle | Fusion Middleware CVE-2020-2551 Oracle Fusion Middleware Unspecified Vulnerability Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-16 * Due Date: 2023-12-07 Resources and Notes https://www.oracle.com/security-alerts/cpujan2020.html Sophos | Web Appliance CVE-2023-1671 Sophos Web Appliance Command Injection Vulnerability Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-16 * Due Date: 2023-12-07 Resources and Notes https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce Microsoft | Windows CVE-2023-36584 Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-16 * Due Date: 2023-12-07 Resources and Notes https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584 Microsoft | Windows CVE-2023-36036 Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-14 * Due Date: 2023-12-05 Resources and Notes https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36036 Microsoft | Windows CVE-2023-36025 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-14 * Due Date: 2023-12-05 Resources and Notes https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36025 Microsoft | Windows CVE-2023-36033 Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-14 * Due Date: 2023-12-05 Resources and Notes https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36033 Juniper | Junos OS CVE-2023-36851 Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-13 * Due Date: 2023-11-17 Resources and Notes https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US Juniper | Junos OS CVE-2023-36847 Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-13 * Due Date: 2023-11-17 Resources and Notes https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US Juniper | Junos OS CVE-2023-36846 Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2023-11-13 * Due Date: 2023-11-17 Resources and Notes https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US * Currently on page 1 * Page 2 * Page 3 * Page 4 * Page 5 * Page 6 * Page 7 * Page 8 * Page 9 * … * Go to next pageNext * Go to last pageLast SUBSCRIBE TO THE KEV CATALOG UPDATES Stay up to date on the latest known exploited vulnerabilities. Subscribe Now(link is external) Return to top * Topics * Spotlight * Resources & Tools * News & Events * Careers * About Cybersecurity & Infrastructure Security Agency * Facebook * Twitter * LinkedIn * YouTube * Instagram * RSS CISA Central 888-282-0870 Central@cisa.dhs.gov(link sends email) DHS Seal CISA.gov An official website of the U.S. Department of Homeland Security * About CISA * Accessibility * Budget and Performance * DHS.gov * FOIA Requests * No FEAR Act * Office of Inspector General * Privacy Policy * Subscribe * The White House * USA.gov * Website Feedback