www.cisa.gov
Open in
urlscan Pro
2a02:26f0:3400:198::447a
Public Scan
URL:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Submission: On June 22 via api from TR — Scanned from DE
Submission: On June 22 via api from TR — Scanned from DE
Form analysis
2 forms found in the DOM<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>
Text Content
Skip to main content An official website of the United States government Here’s how you know Here’s how you know Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. Cybersecurity & Infrastructure Security Agency America's Cyber Defense Agency Search × search Menu Close × search * Topics Topics Cybersecurity Best Practices Cyber Threats and Advisories Critical Infrastructure Security and Resilience Election Security Emergency Communications Industrial Control Systems Information and Communications Technology Supply Chain Security Partnerships and Collaboration Physical Security Risk Management How can we help? GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help Locally * Spotlight * Resources & Tools Resources & Tools All Resources & Tools Services Programs Resources Training Groups * News & Events News & Events News Events Cybersecurity Alerts & Advisories Directives Request a CISA Speaker Congressional Testimony * Careers Careers Benefits & Perks HireVue Applicant Reasonable Accommodations Process Hiring Resume & Application Tips Students & Recent Graduates Veteran and Military Spouses Work @ CISA * About About Culture Divisions & Offices Regions Leadership Doing Business with CISA Contact Us Site Links Reporting Employee and Contractor Misconduct CISA GitHub Report a Cyber Issue America's Cyber Defense Agency Breadcrumb 1. Home Share: KNOWN EXPLOITED VULNERABILITIES CATALOG Download CSV version Download JSON version Download JSON schema Subscribe to the Known Exploited Vulnerabilities Catalog Update Bulletin(link is external) Back to previous page for background on known exploited vulnerabilities Show 102550100 entries Search: CVEVendor/ProjectProductVulnerability NameDate Added to CatalogShort DescriptionActionDue DateNotesCVE-2023-20887VMwareAria Operations for NetworksVmware Aria Operations for Networks Command Injection Vulnerability2023-06-22VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.Apply updates per vendor instructions.2023-07-13https://www.vmware.com/security/advisories/VMSA-2023-0012.htmlCVE-2020-35730RoundcubeRoundcube WebmailRoundcube Webmail Cross-Site Scripting (XSS) Vulnerability2023-06-22Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.Apply updates per vendor instructions.2023-07-13https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2.13CVE-2020-12641RoundcubeRoundcube WebmailRoundcube Webmail Remote Code Execution Vulnerability2023-06-22Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.Apply updates per vendor instructions.2023-07-13https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10CVE-2021-44026RoundcubeRoundcube WebmailRoundcube Webmail SQL Injection Vulnerability2023-06-22Roundcube Webmail is vulnerable to SQL injection via search or search_params.Apply updates per vendor instructions.2023-07-13https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-releasedCVE-2016-9079MozillaFirefox, Firefox ESR, and ThunderbirdMozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability2023-06-22Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.Apply updates per vendor instructions.2023-07-13https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079CVE-2016-0165MicrosoftWin32kMicrosoft Win32k Privilege Escalation Vulnerability2023-06-22Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.Apply updates per vendor instructions.2023-07-13https://learn.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039CVE-2023-27997FortinetFortiOS and FortiProxy SSL-VPNFortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability2023-06-13Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.Apply updates per vendor instructions.2023-07-04https://www.fortiguard.com/psirt/FG-IR-23-097CVE-2023-3079GoogleChromium V8 EngineGoogle Chromium V8 Type Confusion Vulnerability2023-06-07Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.2023-06-28https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.htmlCVE-2023-33009ZyxelMultiple FirewallsZyxel Multiple Firewalls Buffer Overflow Vulnerability2023-06-05Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.Apply updates per vendor instructions.2023-06-26https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewallsCVE-2023-33010ZyxelMultiple FirewallsZyxel Multiple Firewalls Buffer Overflow Vulnerability2023-06-05Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.Apply updates per vendor instructions.2023-06-26https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls Showing 1 to 10 of 952 entries Previous12345…96Next Back to top Return to top * Topics * Spotlight * Resources & Tools * News & Events * Careers * About Cybersecurity & Infrastructure Security Agency * Facebook * Twitter * LinkedIn * YouTube * Instagram * RSS CISA Central 888-282-0870 Central@cisa.dhs.gov(link sends email) DHS Seal CISA.gov An official website of the U.S. Department of Homeland Security * About CISA * Accessibility * Budget and Performance * DHS.gov * FOIA Requests * No FEAR Act * Office of Inspector General * Privacy Policy * Subscribe * The White House * USA.gov * Website Feedback