Sunday, November 24, 2024
CISA Exploit List

CISA Update for July 2023

by Artie Kaye

Here’s an updated list of the CISA active exploits that should be addressed as soon as possible.  The list may contain issues that were patched in previous years.  These vulnerabilities remain open and exploitable because the devices in question are not updated and thus remain insecure.  While this list is mandatory only for government agencies and certain organizations, it is good practice to address the items which are listed to keep your information safe.

    Company                  CVE                        Platform                                                                  Details                                                        
AppleCVE-2023-32434iOS15.7.7 and iPadOS 15.7.7 https://support.apple.com/en-us/HT213811
16.5.1 and iPadOS 16.5.1 https://support.apple.com/en-us/HT213814
macOS
Big Sur 11.7.8 https://support.apple.com/en-us/HT213809
Monterey 12.6.7 https://support.apple.com/en-us/HT213810
Ventura 13.4.1 https://support.apple.com/en-us/HT213813
watchOS
8.8.1 https://support.apple.com/en-us/HT213808
9.5.2 https://support.apple.com/en-us/HT213812
CVE-2023-32435iOS15.7.7 and iPadOS 15.7.7 https://support.apple.com/en-us/HT213811
16.4 and iPadOS 16.4 https://support.apple.com/en-us/HT213676
macOSVentura 13.3 https://support.apple.com/en-us/HT213670
Safari16.4 https://support.apple.com/en-us/HT213671
CVE-2023-32439iOS15.7.7 and iPadOS 15.7.7 https://support.apple.com/en-us/HT213811
16.5.1 and iPadOS 16.5.1 https://support.apple.com/en-us/HT213814
macOSVentura 13.4.1 https://support.apple.com/en-us/HT213813
Safari16.5.1 https://support.apple.com/en-us/HT213816
D-LinkCVE-2019-17621DIR-859 Routerhttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147
CVE-2019-20500DWL-2600AP Access Pointhttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113
FortinetCVE-2023-27997FortiOS and FortiProxy SSL-VPNhttps://www.fortiguard.com/psirt/FG-IR-23-097
GoogleCVE-2023-3079Chromium V8 Enginehttps://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
MicrosoftCVE-2016-0165Win32khttps://learn.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039
MozillaCVE-2016-9079Firefox, Firefox ESR, Thunderbirdhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079
RoundcubeCVE-2020-35730Roundcube Webmailhttps://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2.13
CVE-2020-12641https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
CVE-2021-44026https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released
SamsungCVE-2021-25487
CVE-2021-25489
Mobile Deviceshttps://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10
CVE-2021-25394
CVE-2021-25395
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5
CVE-2021-25371
CVE-2021-25372
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=3
VMwareCVE-2023-20867Toolshttps://www.vmware.com/security/advisories/VMSA-2023-0013.html
CVE-2023-20887Aria Operations for Networkshttps://www.vmware.com/security/advisories/VMSA-2023-0012.html
ZyxelCVE-2023-27992Multiple NAS Deviceshttps://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products
CVE-2023-33009
CVE-2023-33010
Multiple Firewallshttps://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls

For a more comprehensive list of all vulnerabilities, visit cisa.gov (Opens in a new tab/window.)