Known Exploited Vulnerabilities Catalog

Pierluigi Paganini January 25, 2024
CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Atlassian Confluence Data Center and Server Template Injection bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Atlassian Confluence Data Center and Server Template Injection bug, tracked as CVE-2023-22527, to its Known Exploited Vulnerabilities (KEV) catalog. Atlassian recently warned of a critical […]

Pierluigi Paganini January 23, 2024
CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a VMware vCenter Server Out-of-Bounds Write bug, tracked as CVE-2023-34048, to its Known Exploited Vulnerabilities (KEV) catalog. vCenter Server is a critical component in VMware virtualization and cloud computing […]

Pierluigi Paganini January 19, 2024
U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM flaw CVE-2023-35082 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti EPMM flaw CVE-2023-35082 (CVSS score: 9.8) vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. At the end of July, Ivanti disclosed a security vulnerability impacting Endpoint Manager Mobile (EPMM), tracked […]

Pierluigi Paganini January 18, 2024
CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This week Citrix warned customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, […]

Pierluigi Paganini January 11, 2024
CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure and Policy Secure flaws, tracked as CVE-2024-21887 and CVE-2023-46805, and Microsoft SharePoint Server flaw CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog. Software firm […]

Pierluigi Paganini January 09, 2024
CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Superset vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Superset flaw, tracked as CVE-2023-27524, to its Known Exploited Vulnerabilities (KEV) catalog. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on […]

Pierluigi Paganini January 03, 2024
CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-7024 – The vulnerability is a Heap […]

Pierluigi Paganini December 11, 2023
CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: Researchers at cybersecurity firm Praetorian discovered the two vulnerabilities […]

Pierluigi Paganini November 22, 2023
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

US CISA adds Looney Tunables Linux flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Looney Tunables Linux vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2023-4911 (CVSS score 7.8), aka Looney Tunables, is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so while processing the […]

Pierluigi Paganini November 17, 2023
CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

US CISA added three new vulnerabilities (tracked as CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551) to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the three added vulnerabilities: According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known […]