Snapshot
Dec. 16, 2022 - Dec. 23, 2022
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
No issues added to the CISA Known Exploited Vulnerability list. | ||||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2022-41697 (3) | A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. | N/A |
Public Exploits Available |
|
CVE-2022-41654 (3) | An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. | N/A |
Public Exploits Available |
|
CVE-2022-42821 (22) | A logic issue was addressed with improved checks. | MEDIUM |
Public Exploits Available |
|
CVE-2022-41080 (6) | Microsoft Exchange Server Elevation of Privilege Vulnerability. | CRITICAL | Microsoft | Risk Context N/A |
CVE-2022-38023 (2) | Netlogon RPC Elevation of Privilege Vulnerability. | HIGH | Microsoft |
Public Exploits Available |
CVE-2016-20017 (2) | D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as explo... | CRITICAL | Dlink | Risk Context N/A |
CVE-2022-41082 (9) | Microsoft Exchange Server Remote Code Execution Vulnerability. | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2022-41040 (8) | Microsoft Exchange Server Elevation of Privilege Vulnerability. | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2022-37958 (10) | SPNEGO Extended Negotiation Security Mechanism Information Disclosure Vulnerability. | HIGH |
Remote Code Execution Public Exploits Available |
|
CVE-2022-33891 (7) | The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. | HIGH | Apache |
Public Exploits Available |
CVE-2022-30023 (7) | Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | HIGH | Tenda |
Remote Code Execution Public Exploits Available |
CVE-2021-44228 (2) | Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect agai... | CRITICAL | Percussion, Siemens, Snowsoftware, Debian, Cisco, Apache, Intel, Netapp, Bentley, Fedoraproject |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2021-42013 (8) | It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. | CRITICAL | Apache, Oracle |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2021-34523 (2) | Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470. | CRITICAL | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2021-34473 (4) | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. | CRITICAL | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2021-31207 (2) | Microsoft Exchange Server Security Feature Bypass Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited |
CVE-2018-20057 (2) | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. | HIGH | Risk Context N/A | |
CVE-2018-12613 (3) | An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include files on the server. | HIGH |
Public Exploits Available |
|
CVE-2018-10561 (2) | An issue was discovered on Dasan GPON home routers. | HIGH | Dasan, Dasannetworks |
CISA Known Exploited |
CVE-2017-17106 (2) | Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standa... | HIGH | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added 0 vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2022-41697 |
CVSS Not Assigned |
Public Exploits Available |
Published: Dec. 22, 2022 |
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability. |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2022-41654 |
CVSS Not Assigned |
Public Exploits Available |
Published: Dec. 22, 2022 |
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2022-41080 |
CRITICAL CVSS 9.80 |
Risk Context N/A |
Published: Nov. 9, 2022 |
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123. |
Vendor Impacted: Microsoft |
Product Impacted: Exchange Server |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-38023 |
HIGH CVSS 8.10 |
Public Exploits Available |
Published: Nov. 9, 2022 |
Netlogon RPC Elevation of Privilege Vulnerability. |
Vendor Impacted: Microsoft |
Products Impacted: Windows Server 2016, Windows Server 2019, Windows Server 2012, Windows Server 2008, Windows Server 2022 |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2016-20017 |
CRITICAL CVSS 9.80 |
Risk Context N/A |
Published: Oct. 19, 2022 |
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. |
Vendor Impacted: Dlink |
Products Impacted: Dsl-2750b, Dsl-2750b Firmware |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2022-41082 |
HIGH CVSS 8.80 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Oct. 3, 2022 |
Microsoft Exchange Server Remote Code Execution Vulnerability. |
Vendor Impacted: Microsoft |
Product Impacted: Exchange Server |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-41040 |
HIGH CVSS 8.80 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Oct. 3, 2022 |
Microsoft Exchange Server Elevation of Privilege Vulnerability. |
Vendor Impacted: Microsoft |
Product Impacted: Exchange Server |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-33891 |
HIGH CVSS 8.80 |
Public Exploits Available |
Published: July 18, 2022 |
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1. |
Vendor Impacted: Apache |
Product Impacted: Spark |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-30023 |
HIGH CVSS 8.80 |
Remote Code Execution Public Exploits Available |
Published: June 16, 2022 |
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. |
Vendor Impacted: Tenda |
Products Impacted: Hg9 Firmware, Hg9 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2021-44228 |
CRITICAL CVSS 10.00 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Dec. 10, 2021 |
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
Vendors Impacted: Percussion, Siemens, Snowsoftware, Debian, Cisco, Apache, Intel, Netapp, Bentley, Fedoraproject |
Products Impacted: Cx Cloud Agent, Firepower 1140, Unified Contact Center Express, Spectrum Power 4, Logo\! Soft Comfort, Navigator, Firepower 2130, Nexus Dashboard, Siveillance Command, Cyber Vision, Snow Commander, Cloudcenter Workload Manager, Data Center Network Manager, Vm Access Proxy, Prime Service Catalog, Crosswork Network Controller, Identity Services Engine, Workload Optimization Manager, Firepower 1010, Contact Center Management Portal, Crosswork Optimization Engine, System Studio, Unified Communications Manager Im \&, Oneapi Sample Browser, Advanced Malware Protection Virtual , Paging Server, Head-End System Universal Device Int, Desigo Cc Info Center, Firepower 4140, Mindsphere, Xpedition Enterprise, Video Surveillance Operations Manage, Siguard Dsa, Siveillance Viewpoint, Ucs Central Software, Video Surveillance Manager, Unified Customer Voice Portal, Cloud Insights, Connected Analytics For Network Depl, Log4j2, Firepower Threat Defense, Cloud Manager, E-Car Operation Center, Firepower 4112, Sppa-T3000 Ses3000 Firmware, Dna Spaces Connector, Solid Edge Cam Pro, Active Iq Unified Manager, Energyip, Oncommand Insight, Packaged Contact Center Enterprise, Sppa-T3000 Ses3000, Crosswork Network Automation, Contact Center Domain Manager, Unified Sip Proxy, Firepower 4110, Emergency Responder, Genomics Kernel Library, Unified Communications Manager, Fog Director, Operation Scheduler, Industrial Edge Management Hub, Network Assurance Engine, Firepower 4125, Opcenter Intelligence, Iot Operations Dashboard, Rhythmyx, Xpedition Package Integrator, Network Dashboard Fabric Controller, Dna Spaces\, Snapcenter, Intersight Virtual Appliance, Cloudcenter Cost Optimizer, Cloudcenter Suite Admin, Crosswork Zero Touch Provisioning, Firepower 2120, Integrated Management Controller Sup, Virtual Topology System, Unified Communications Manager Im An, Crosswork Data Gateway, Ucs Director, Smart Phy, Firepower 1120, Teamcenter, Unified Contact Center Management Po, Siveillance Vantage, Firepower 4120, Webex Meetings Server, Nexus Insights, Ontap Tools, Business Process Automation, Cyber Vision Sensor Management Exten, Sensor Solution Firmware Development, Energyip Prepay, Virtualized Voice Browser, Connected Mobile Experiences, Fxos, Wan Automation Engine, Comos, Cloudcenter Suite, Network Insights For Data Center, Cloudcenter, Siveillance Identity, Cloud Secure Agent, Firepower 2140, Unity Connection, Unified Computing System, Siveillance Control Pro, Gma-Manager, Unified Contact Center Enterprise, Debian Linux, Firepower 2110, Unified Workforce Optimization, Vesys, Automated Subsea Tuning, Enterprise Chat And Email, Mobility Services Engine, Cloud Connect, Ucs Central, Virtualized Infrastructure Manager, Sentron Powermanager, Spectrum Power 7, Firepower 1150, Common Services Platform Collector, Data Center Manager, Log4j, Network Services Orchestrator, Nx, Industrial Edge Management, Solid Edge Harness Design, Fedora, Crosswork Platform Infrastructure, Synchro, Optical Network Controller, Synchro 4d, Broadworks, Audio Development Kit, Secure Device Onboard, Dna Center, Firepower 4145, Customer Experience Cloud Agent, Sipass Integrated, Computer Vision Annotation Tool, Unified Intelligence Center, Dna Spaces, Captial, Finesse, Mendix, Evolved Programmable Network Manager, Sd-Wan Vmanage, Desigo Cc Advanced Reports, Firepower 9300, System Debugger, Energy Engage, Firepower 4115, Firepower 4150 |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2021-42013 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Oct. 7, 2021 |
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. |
Vendors Impacted: Apache, Oracle |
Products Impacted: Http Server, Secure Backup |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2021-34523 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: July 14, 2021 |
Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470. |
Vendor Impacted: Microsoft |
Products Impacted: Microsoft Exchange Server, Exchange Server |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2021-34473 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: July 14, 2021 |
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. |
Vendor Impacted: Microsoft |
Product Impacted: Microsoft Exchange Server |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2021-31207 |
HIGH CVSS 7.20 |
CISA Known Exploited Actively Exploited |
Published: May 11, 2021 |
Microsoft Exchange Server Security Feature Bypass Vulnerability |
Vendor Impacted: Microsoft |
Product Impacted: Microsoft Exchange Server |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2018-20057 |
HIGH CVSS 9.00 |
Risk Context N/A |
Published: Dec. 11, 2018 |
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2018-12613 |
HIGH CVSS 8.80 |
Public Exploits Available |
Published: June 21, 2018 |
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2018-10561 |
HIGH CVSS 7.50 |
CISA Known Exploited |
Published: May 4, 2018 |
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device. |
Vendors Impacted: Dasan, Dasannetworks |
Products Impacted: Gigabit Passive Optical Network (Gpon) Routers, Gpon Router Firmware, Gpon Router |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2017-17106 |
HIGH CVSS 10.00 |
Risk Context N/A |
Published: Dec. 19, 2017 |
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. |
Quotes
|
Headlines |
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.