[CISA-2023:0512] CISA Adds 7 Known Exploited Vulnerabilities to Catalog
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
[CVE-2010-3904] Linux Kernel Improper Input Validation Vulnerability
Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
- Action The impacted product is end-of-life and should be disconnected if still in use.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Linux
- Product: Kernel
- Due Date: Fri Jun 2 00:00:00 2023
- Notes: https://lkml.iu.edu/hypermail/linux/kernel/1601.3/06474.html; https://nvd.nist.gov/vuln/detail/CVE-2010-3904
[CVE-2014-0196] Linux Kernel Race Condition Vulnerability
Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings.
- Action The impacted product is end-of-life and should be disconnected if still in use.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Linux
- Product: Kernel
- Due Date: Fri Jun 2 00:00:00 2023
- Notes: https://lkml.iu.edu/hypermail/linux/kernel/1609.1/02103.html; https://nvd.nist.gov/vuln/detail/CVE-2014-0196
[CVE-2015-5317] Jenkins User Interface (UI) Information Disclosure Vulnerability
Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Jenkins
- Product: Jenkins User Interface (UI)
- Due Date: Fri Jun 2 00:00:00 2023
- Notes: https://www.jenkins.io/security/advisory/2015-11-11/; https://nvd.nist.gov/vuln/detail/CVE-2015-5317
[CVE-2016-3427] Oracle Java SE and JRockit Unspecified Vulnerability
Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Oracle
- Product: Java SE and JRockit
- Due Date: Fri Jun 2 00:00:00 2023
- Notes: https://www.oracle.com/security-alerts/cpuapr2016v3.html; https://nvd.nist.gov/vuln/detail/CVE-2016-3427
[CVE-2016-8735] Apache Tomcat Remote Code Execution Vulnerability
Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Apache
- Product: Tomcat
- Due Date: Fri Jun 2 00:00:00 2023
- Notes: https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735
[CVE-2021-3560] Red Hat Polkit Incorrect Authorization Vulnerability
Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Red Hat
- Product: Polkit
- Due Date: Fri Jun 2 00:00:00 2023
- Notes: https://bugzilla.redhat.com/show_bug.cgi?id=1961710; https://nvd.nist.gov/vuln/detail/CVE-2021-3560
[CVE-2023-25717] Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.
- Action Apply updates per vendor instructions or disconnect product if it is end-of-life.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Ruckus Wireless
- Product: Multiple Products
- Due Date: Fri Jun 2 00:00:00 2023
- Notes: https://support.ruckuswireless.com/security_bulletins/315; https://nvd.nist.gov/vuln/detail/CVE-2023-25717
- ID
- CISA-2023:0512
- Severity
- critical
- Severity from
- CVE-2016-3427
- URL
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Published
-
2023-05-12T00:00:00
(16 months ago) - Modified
-
2023-05-12T00:00:00
(16 months ago) - Other Advisories
-
- ALAS-2014-339
- ALAS-2014-392
- ALAS-2016-688
- ALAS-2016-693
- ALAS-2016-700
- ALAS-2016-776
- ALAS-2016-777
- ALAS-2016-778
- ALPINE:CVE-2021-3560
- ALSA-2021:2238
- ASA-202106-24
- DSA-2926-1
- DSA-3558-1
- DSA-3738-1
- DSA-3739-1
- ELSA-2010-0792
- ELSA-2010-2009
- ELSA-2011-0007
- ELSA-2014-0678
- ELSA-2014-3034
- ELSA-2014-3053
- ELSA-2014-3054
- ELSA-2016-0650
- ELSA-2016-0651
- ELSA-2016-0675
- ELSA-2016-0676
- ELSA-2016-0723
- ELSA-2021-2238
- FEDORA-2010-16826
- FEDORA-2010-18493
- FEDORA-2010-18506
- FEDORA-2010-18983
- FEDORA-2011-11103
- FEDORA-2011-1138
- FEDORA-2011-12874
- FEDORA-2011-14747
- FEDORA-2011-15241
- FEDORA-2011-16346
- FEDORA-2011-2134
- FEDORA-2011-6447
- FEDORA-2011-6541
- FEDORA-2011-7551
- FEDORA-2014-11031
- FEDORA-2014-13045
- FEDORA-2014-13558
- FEDORA-2014-13773
- FEDORA-2014-15200
- FEDORA-2014-16632
- FEDORA-2014-17283
- FEDORA-2014-6122
- FEDORA-2014-6354
- FEDORA-2014-6357
- FEDORA-2014-7033
- FEDORA-2014-7128
- FEDORA-2014-7430
- FEDORA-2014-7863
- FEDORA-2014-8171
- FEDORA-2014-8519
- FEDORA-2014-9010
- FEDORA-2014-9466
- FEDORA-2014-9959
- FEDORA-2015-0515
- FEDORA-2015-1672
- FEDORA-2015-3594
- FEDORA-2015-5024
- FEDORA-2015-6294
- FEDORA-2015-8518
- FEDORA-2015-89468612f5
- FEDORA-2015-d02feebd15
- FEDORA-2016-98cca07999
- FEDORA-2016-9c33466fbb
- FEDORA-2016-a98c560116
- FEDORA-2021-0ec5a8a74b
- FEDORA-2021-3f8d6016c9
- FREEBSD:0B9AF110-D529-11E6-AE1B-002590263BF5
- FREEBSD:36A35D83-C560-11EB-84AB-E0D55E2A8BF9
- GLSA-201606-18
- GLSA-202107-31
- MAVEN:GHSA-CW54-59PW-4G8C
- openSUSE-SU-2021:0838-1
- openSUSE-SU-2021:1843-1
- RHSA-2010:0842
- RHSA-2013:0744
- RHSA-2014:0678
- RHSA-2016:0650
- RHSA-2016:0651
- RHSA-2016:0675
- RHSA-2016:0676
- RHSA-2016:0701
- RHSA-2016:0708
- RHSA-2016:0716
- RHSA-2016:0723
- RHSA-2016:1039
- RHSA-2021:2238
- RLSA-2021:2238
- SSA:2021-158-02
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0652-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1376-1
- SUSE-SU-2016:1248-1
- SUSE-SU-2016:1250-1
- SUSE-SU-2016:1299-1
- SUSE-SU-2016:1300-1
- SUSE-SU-2016:1303-1
- SUSE-SU-2016:1378-1
- SUSE-SU-2016:1379-1
- SUSE-SU-2016:1458-1
- SUSE-SU-2016:1475-1
- SUSE-SU-2016:3079-1
- SUSE-SU-2016:3081-1
- SUSE-SU-2017:1632-1
- SUSE-SU-2017:1660-1
- SUSE-SU-2021:1842-1
- SUSE-SU-2021:1843-1
- SUSE-SU-2021:1844-1
- TOMCAT:CVE-2016-8735
- USN-1000-1
- USN-1074-1
- USN-1074-2
- USN-1083-1
- USN-1093-1
- USN-1119-1
- USN-2196-1
- USN-2197-1
- USN-2198-1
- USN-2199-1
- USN-2200-1
- USN-2201-1
- USN-2202-1
- USN-2203-1
- USN-2204-1
- USN-2227-1
- USN-2260-1
- USN-2963-1
- USN-2964-1
- USN-2972-1
- USN-3177-1
- USN-4557-1
- USN-4980-1
- VU:362983
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |