Security News > 2023 > November > CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
2023-11-17 05:57
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerabilities are as follows - CVE-2023-36584 (CVSS score: 5.4) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability CVE-2023-1671 (CVSS score: 9.8) -
News URL
https://thehackernews.com/2023/11/cisa-adds-three-security-flaws-with.html
Related news
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 (source)
- Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA (source)
- Ransomware criminals love CISA's KEV list – and that's a bug, not a feature (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- FCC stands up Council on National Security to fight China in ways that CISA used to (source)
- CISA fires, now rehires and immediately benches security crew on full pay (source)
- CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-36584 | Unspecified vulnerability in Microsoft products Windows Mark of the Web Security Feature Bypass Vulnerability | 0.0 |
| 2023-04-04 | CVE-2023-1671 | Command Injection vulnerability in Sophos web Appliance A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | 9.8 |