www.cisa.gov
Open in
urlscan Pro
2a02:26f0:3500:891::447a
Public Scan
URL:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Submission: On July 18 via api from TR — Scanned from DE
Submission: On July 18 via api from TR — Scanned from DE
Form analysis 2 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Skip to main content An official website of the United States government Here’s how you know Here’s how you know Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. Cybersecurity & Infrastructure Security Agency America's Cyber Defense Agency Search × search Menu Close × search * Topics Topics Cybersecurity Best Practices Cyber Threats and Advisories Critical Infrastructure Security and Resilience Election Security Emergency Communications Industrial Control Systems Information and Communications Technology Supply Chain Security Partnerships and Collaboration Physical Security Risk Management How can we help? GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help Locally * Spotlight * Resources & Tools Resources & Tools All Resources & Tools Services Programs Resources Training Groups * News & Events News & Events News Events Cybersecurity Alerts & Advisories Directives Request a CISA Speaker Congressional Testimony * Careers Careers Benefits & Perks HireVue Applicant Reasonable Accommodations Process Hiring Resume & Application Tips Students & Recent Graduates Veteran and Military Spouses Work @ CISA * About About Culture Divisions & Offices Regions Leadership Doing Business with CISA Contact Us Site Links Reporting Employee and Contractor Misconduct CISA GitHub Report a Cyber Issue America's Cyber Defense Agency Breadcrumb 1. Home Share: KNOWN EXPLOITED VULNERABILITIES CATALOG Download CSV version Download JSON version Download JSON schema Subscribe to the Known Exploited Vulnerabilities Catalog Update Bulletin(link is external) Back to previous page for background on known exploited vulnerabilities Show 102550100 entries Search: CVEVendor/ProjectProductVulnerability NameDate Added to CatalogShort DescriptionActionDue DateNotesCVE-2023-36884MicrosoftOffice and WindowsMicrosoft Office and Windows HTML Remote Code Execution Vulnerability2023-07-17Microsoft Office and Windows contain an unspecified vulnerability that allows an attacker to perform remote code execution via a specially crafted Microsoft Office document.Follow "CVE-2023-36884 Specific Recommendations" per vendor instructions. [https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/]2023-08-07Required actions will be modified if and when the vendor releases as an update addressing the vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 * Notes Required actions will be modified if and when the vendor releases as an update addressing the vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 CVE-2022-29303SolarViewCompactSolarView Compact Command Injection Vulnerability2023-07-13SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server.Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.2023-08-03https://jvn.jp/en/vu/JVNVU92327282/ * Notes https://jvn.jp/en/vu/JVNVU92327282/ CVE-2023-37450AppleMultiple ProductsApple Multiple Products WebKit Code Execution Vulnerability2023-07-13Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content.Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.2023-08-03https://support.apple.com/en-us/HT213823 * Notes https://support.apple.com/en-us/HT213823 CVE-2023-32046MicrosoftWindowsMicrosoft Windows MSHTML Platform Privilege Escalation Vulnerability2023-07-11Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.2023-08-01https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046 * Notes https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046 CVE-2023-32049MicrosoftWindowsMicrosoft Windows Defender SmartScreen Security Feature Bypass Vulnerability2023-07-11Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.2023-08-01https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32049 * Notes https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32049 CVE-2023-35311MicrosoftOutlookMicrosoft Outlook Security Feature Bypass Vulnerability2023-07-11Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.2023-08-01https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311 * Notes https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311 CVE-2023-36874MicrosoftWindowsMicrosoft Windows Error Reporting Service Privilege Escalation Vulnerability2023-07-11Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.2023-08-01https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874 * Notes https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874 CVE-2022-31199NetwrixAuditorNetwrix Auditor Insecure Object Deserialization Vulnerability2023-07-11Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.2023-08-01Patch application requires login to customer portal: https://security.netwrix.com/Account/SignIn?ReturnUrl=%2FAdvisories%2FADV-2022-003 * Notes Patch application requires login to customer portal: https://security.netwrix.com/Account/SignIn?ReturnUrl=%2FAdvisories%2FADV-2022-003 CVE-2021-29256ArmMali Graphics Processing Unit (GPU)Arm Mali GPU Kernel Driver Use-After-Free Vulnerability2023-07-07Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.2023-07-28https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities * Notes https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities CVE-2019-17621D-LinkDIR-859 RouterD-Link DIR-859 Router Command Execution Vulnerability2023-06-29D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.2023-07-20https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 * Notes https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 Showing 1 to 10 of 974 entries Previous12345…98Next Back to top Return to top * Topics * Spotlight * Resources & Tools * News & Events * Careers * About Cybersecurity & Infrastructure Security Agency * Facebook * Twitter * LinkedIn * YouTube * Instagram * RSS CISA Central 888-282-0870 Central@cisa.dhs.gov(link sends email) DHS Seal CISA.gov An official website of the U.S. Department of Homeland Security * About CISA * Accessibility * Budget and Performance * DHS.gov * FOIA Requests * No FEAR Act * Office of Inspector General * Privacy Policy * Subscribe * The White House * USA.gov * Website Feedback