CISA Adds Three Known Exploited Vulnerabilities to Catalog (08/05)
- CVE-2020-25078 D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
- CVE-2020-25079 D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
- CVE-2022-40799 D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
上二つは難易度は低い。2020に発見され、今までカタログに載らずに済んでいたのが不思議なくらい。
CISA Adds Three Known Exploited Vulnerabilities to Catalog (07/28)
- CVE-2025-20281 Cisco Identity Services Engine Injection Vulnerability
『A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.』
- CVE-2025-20337 Cisco Identity Services Engine Injection Vulnerability
『A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.』
- CVE-2023-2533 PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
『A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.』
CISA Adds Four Known Exploited Vulnerabilities to Catalog (07/22)
- CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability
- CVE-2025-6558 Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
『Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)』
- CVE-2025-2776 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
- CVE-2025-2775 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
CISA Adds Two Known Exploited Vulnerabilities to Catalog (07/22)
- CVE-2025-49704 Microsoft SharePoint Code Injection Vulnerability
- CVE-2025-49706 Microsoft SharePoint Improper Authentication Vulnerability
CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell,” to Catalog (07/20)
- CVE-2025-53770: Microsoft SharePoint Server Remote Code Execution Vulnerability
No comments:
Post a Comment