December 6, 2023

The U.S. CISA added three new vulnerabilities to its Known Exploited Vulnerabilities catalog.

Below is the list of the three added vulnerabilities:

  • CVE-2023-36584 Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
  • CVE-2023-1671 Sophos Web Appliance Command Injection Vulnerability. This fflaw is a pre-auth command injection issue that resides in the warn-proceed handler. It affects appliances older than version 4.3.10.4.
  • CVE-2023-2551 Oracle Fusion Middleware Unspecified Vulnerability. The issue is a PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1
Advertisements

CISA orders federal agencies to fix these vulnerabilities by November 17, 2023

Tags:

2 thoughts on “CISA KEV Update Part III – November 2023

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023

LogoFAIL Firmware Attack

December 3, 2023

Proliance Surgeons Discloses a Data Breach

December 3, 2023
%d