{"page":1,"per_page":25,"total_vulns":23,"total_pages":1,"vulnerabilities":[{"_id":"66c6115b4e9f0a3ebd6cee74","cveID":"CVE-2021-31196","dateAdded":"2024-08-21","dueDate":"2024-09-11","notes":"https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-31196","product":"Exchange Server","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Exchange Server Information Disclosure Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.2,"baseScore":7.2,"nvdReferences":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31196","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["IRGC"],"malwareFamiles":[],"affectedIndustries":["Critical infrastructure"],"communityAdversaries":["Lazarus Group"],"communityMalwareFamilies":[],"communityAffectedIndustries":["Healthcare","Government","Critical infrastructure","Education","Technology"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"6508a5fce37dcd1cff0624b0","cveID":"CVE-2014-8361","dateAdded":"2023-09-18","dueDate":"2023-10-09","notes":"https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055","product":"SDK","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","shortDescription":"Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.","vendorProject":"Realtek","vulnerabilityName":"Realtek SDK Improper Input Validation Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":10.0,"baseScore":10.0,"nvdReferences":[{"url":"http://jvn.jp/en/jp/JVN47580234/index.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://jvn.jp/en/jp/JVN67456944/index.html","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/74330","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-15-155/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/","source":"cve@mitre.org"},{"url":"https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/37169/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":["Zerobot","Mirai","Satori","Robinbot","Moobot","Fbot","Zhtrap","Gitpaste","Mirai (elf)"],"affectedIndustries":[],"communityAdversaries":["Lazarus Group","DEV-1061"],"communityMalwareFamilies":["Zerobot","Wannacryptor","Nanocore","Maas","Shlayer","Dridex","Phishing","Ziggy","Netwalker","Vyveva","Cerber","Linux","Mozi","Eset","Doppelpaymer","Houdrat","Hiddad","Ursnif","Kobalos","Qbot","Fonix","Fraud","Agent","Trickbot","Trojansms.agent","Emotet","Phobos","Ryuk","Mirai","Android banking","Iis","Ctblocker","Skynet","Nephilim","’m","Shadowpad","Diseases","Agent tesla","Cryptowall","Lazarus","Vools","Ranumbot","Winnti","Gandcrab","Turla","Webshell","Triada","Formbook","Luckymouse","Psw.fareit","Xdspy"],"communityAffectedIndustries":["Transportation","Oil","Finance","Manufacturing","Construction","Government","Defense","Healthcare","Bitcoin","Cryptocurrency","Financial services","Hospitality","Retail","Telecommunications"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e625a311c8283e48a9be7a","cveID":"CVE-2021-45046","dateAdded":"2023-05-01","dueDate":"2023-05-22","notes":"https://logging.apache.org/log4j/2.x/security.html","product":"Log4j2","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.","vendorProject":"Apache","vulnerabilityName":"Apache Log4j2 Deserialization of Untrusted Data Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"HIGH","baseSeverity":"CRITICAL","exploitabilityScore":2.2,"baseScore":9.0,"nvdReferences":[{"url":"http://www.openwall.com/lists/oss-security/2021/12/14/4","source":"security@apache.org","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2021/12/15/3","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2021/12/18/1","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/","source":"security@apache.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/","source":"security@apache.org"},{"url":"https://logging.apache.org/log4j/2.x/security.html","source":"security@apache.org","tags":["Mitigation","Release Notes","Vendor Advisory"]},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202310-16","source":"security@apache.org"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-44228","source":"security@apache.org","tags":["Not Applicable"]},{"url":"https://www.debian.org/security/2021/dsa-5022","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/930724","source":"security@apache.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.oracle.com/security-alerts/alert-cve-2021-44228.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security@apache.org","tags":["Third Party Advisory"]}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/taise-hub/log4j-poc","https://github.com/CaptanMoss/Log4Shell-Sandbox-Signature","https://github.com/lijiejie/log4j2_vul_local_scanner","https://github.com/lukepasek/log4jjndilookupremove","https://github.com/mergebase/log4j-samples","https://github.com/tejas-nagchandi/CVE-2021-45046","https://github.com/BobTheShoplifter/CVE-2021-45046-Info","https://github.com/cckuailong/Log4j_CVE-2021-45046","https://github.com/X1pe0/Log4J-Scan-Win","https://github.com/ifconfig-me/Log4Shell-Payloads"],"openThreatData":[{"adversaries":["Cluster B","IRGC","MERCURY"],"malwareFamiles":["Drokbk","Mercury"],"affectedIndustries":["Critical infrastructure"],"communityAdversaries":["Conti","Cluster B","Mint Sandstorm","MuddyWater","MERCURY","Lazarus Group","Conti Ransomware"],"communityMalwareFamilies":["Drokbk","Avos","Slf:win32/dumplsass","Cobalt mirage","Hacktool:win32/remoteexec","Avoslocker","Mercury","Cobalt strike"],"communityAffectedIndustries":["Technology","Healthcare","Government","Education","Critical infrastructure"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"64e625a311c8283e48a9bdea","cveID":"CVE-2022-41128","dateAdded":"2022-11-08","dueDate":"2022-12-09","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128","product":"Windows","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Windows Scripting Languages Remote Code Execution Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128","source":"secure@microsoft.com"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["APT37"],"malwareFamiles":["Rokrat - s0240"],"affectedIndustries":["Defense","Education","Media","Government","Software"],"communityAdversaries":["APT37","Lazarus Group"],"communityMalwareFamilies":["Rokrat - s0240"],"communityAffectedIndustries":["Defense","Education","Media","Government","Healthcare","Technology"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e625a111c8283e48a9bcc2","cveID":"CVE-2016-7256","dateAdded":"2022-05-25","dueDate":"2022-06-15","notes":"","product":"Windows","requiredAction":"Apply updates per vendor instructions.","shortDescription":"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Windows Open Type Font Remote Code Execution Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"MEDIUM","baseSeverity":"HIGH","exploitabilityScore":8.6,"baseScore":9.3,"nvdReferences":[{"url":"http://www.securityfocus.com/bid/94156","source":"secure@microsoft.com"},{"url":"http://www.securitytracker.com/id/1037243","source":"secure@microsoft.com"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132","source":"secure@microsoft.com"},{"url":"https://twitter.com/da5ch0/status/820161895269277696","source":"secure@microsoft.com"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["Lazarus Group"],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e625a111c8283e48a9bca8","cveID":"CVE-2017-8291","dateAdded":"2022-05-24","dueDate":"2022-06-14","notes":"","product":"Ghostscript","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile.","vendorProject":"Artifex","vulnerabilityName":"Artifex Ghostscript Type Confusion Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"MEDIUM","baseSeverity":"MEDIUM","exploitabilityScore":8.6,"baseScore":6.8,"nvdReferences":[{"url":"http://openwall.com/lists/oss-security/2017/04/28/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3838","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/98476","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1230","source":"cve@mitre.org"},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697808","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1446063","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1036453","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201708-06","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/41955/","source":"cve@mitre.org"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/hkcfs/PIL-CVE-2017-8291"],"openThreatData":[{"adversaries":["Kimsuki","RedEyes","APT37","Lazarus","Lazarus Group"],"malwareFamiles":["M2rat","Crat"],"affectedIndustries":["Technology","Entertainment"],"communityAdversaries":["APT37","RedEyes","Qbot","APT37, ScarCruuft, RedEyes"],"communityMalwareFamilies":["Worm:win32/acint","Meterpreter","Pony","Redeyes","Tulach malware","Trojanspy","Xorist","Hacktool:win32/crack","Virus:dos/better_tomorrow","Roblox","Map2","M2rat","Alf:pua:win32/opencandy","Clipper","Redline stealer","Bu","Phishingms.abc","Worm:win32/nimda","Beep","Brontok","D26a","Trojan:win32/fuery","Troj_frs.vsn1ea19","Network rat","Hacktool:powershell/mimikatz","Virus.html.gen03","Emotet","Raccoon","Alf:jasyp:pua:win32/systweak","Malicious.35bb6b","Trojan:win32/presenoker","Go","Unruy","Quasar rat","Skynet","Filerepmetagen [pup]","Agent.3132311","M2rat, map2rat","Lumma stealer","Chinotto","Trojanx","Adwind rat","Slimware.a","Alf:pua:win32/funshion","Formbook","Mimikatz","Webtoolbar","Alf:heraklezeval:trojandownloader:win32/unruy","Ransom:win32/wannacrypt","Qakbot","Laplas clipper","Alf:pua:win32/iobit","Alf:cert:installpack","Trojan:win32/swrort","Trojan:win32/wacatac","Blacknet rat","Opencandy","Backdoor:win32/zbot","Trojan:win32/qbot","Xrat","#lowfi:siga:trojanspy:msil/keylogger","Trojan:win32/tiggre","Alf:pua:win32/rostpay","Trojan:win32/filetour","Pe.heur","Nircmd","Alf:program:win32/mediaget","Maltiverse"],"communityAffectedIndustries":["Cryptocurrency","Healthcare","Government","Education","Defense"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e625a011c8283e48a9bbfe","cveID":"CVE-2018-10562","dateAdded":"2022-03-31","dueDate":"2022-04-21","notes":"","product":"Gigabit Passive Optical Network (GPON) Routers","requiredAction":"The impacted product is end-of-life and should be disconnected if still in use.","shortDescription":"Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.","vendorProject":"Dasan","vulnerabilityName":"Dasan GPON Routers Command Injection Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":10.0,"baseScore":7.5,"nvdReferences":[{"url":"http://www.securityfocus.com/bid/107053","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/44576/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/ATpiu/CVE-2018-10562","https://github.com/c0ld1/GPON_RCE","https://github.com/Choudai/GPON-LOADER","https://github.com/649/Pingpon-Exploit","https://github.com/f3d0x0/GPON","https://github.com/ExiaHan/GPON","https://github.com/mr-won/backdoor.mirai.helloworld"],"openThreatData":[{"adversaries":[],"malwareFamiles":["Mirai","Robinbot","Liquorbot"],"affectedIndustries":[],"communityAdversaries":["Vulnerability Advisory","Lazarus Group"],"communityMalwareFamilies":["Dridex","Agent tesla","Turla","Iis","Eset","Hiddad","Cerber","Trickbot","Ryuk","Nanocore","Fraud","Phobos","Nephilim","Ziggy","Kobalos","Winnti","Trojansms.agent","Emotet","Phishing","Formbook","Gandcrab","Webshell","Agent","Wannacryptor","Triada","Ranumbot","Xdspy","Shlayer","Android banking","Vyveva","Mirai","Ursnif","Mozi","Doppelpaymer","Houdrat","Lazarus","Shadowpad","Ctblocker","Maas","Linux","Luckymouse","Qbot","Psw.fareit","Netwalker","Cryptowall","Fonix","Vools"],"communityAffectedIndustries":["Cryptocurrency","Telecommunications","Defense","Financial services","Government","Finance","Manufacturing","Oil","Transportation","Construction","Bitcoin","Healthcare","Hospitality","Retail"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"64e6259e11c8283e48a9babc","cveID":"CVE-2015-2545","dateAdded":"2022-03-03","dueDate":"2022-03-24","notes":"","product":"Office","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Office Malformed EPS File Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"MEDIUM","baseSeverity":"HIGH","exploitabilityScore":8.6,"baseScore":9.3,"nvdReferences":[{"url":"http://blog.morphisec.com/exploit-bypass-emet-cve-2015-2545","source":"secure@microsoft.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1033488","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099","source":"secure@microsoft.com"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["Lazarus Group"],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":["Kimsuky"],"communityMalwareFamilies":["Sweetdrop","Appleseed","Babyshark","Socradar xti"],"communityAffectedIndustries":["Banks","Nuclear","Foreign","Critical infrastructure","Cryptocurrency","Political","Journalists","Government"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e6259e11c8283e48a9baaa","cveID":"CVE-2016-5195","dateAdded":"2022-03-03","dueDate":"2022-03-24","notes":"","product":"Kernel","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.","vendorProject":"Linux","vulnerabilityName":"Linux Kernel Race Condition Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":7.8,"nvdReferences":[{"url":"http://fortiguard.com/advisory/FG-IR-16-063","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2098.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2105.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2106.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2107.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2110.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2118.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2120.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2124.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2126.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2127.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2128.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2132.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2133.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3696","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3","source":"chrome-cve-admin@google.com","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/21/1","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/26/7","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/27/13","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/1","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/03/7","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/03/07/1","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/08/08/1","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/08/08/2","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/08/08/7","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/08/08/8","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/08/09/4","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/08/15/1","source":"chrome-cve-admin@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","source":"chrome-cve-admin@google.com","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539611/100/0/threaded","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540252/100/0/threaded","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540344/100/0/threaded","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540736/100/0/threaded","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/93793","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037078","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3104-1","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3104-2","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3105-1","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3105-2","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3106-1","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3106-2","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3106-3","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3106-4","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3107-1","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3107-2","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:0372","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/cve-2016-5195","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/vulnerabilities/2706661","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa134","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1384344","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1004418","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://dirtycow.ninja","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10176","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10177","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10222","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/","source":"chrome-cve-admin@google.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/","source":"chrome-cve-admin@google.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/","source":"chrome-cve-admin@google.com"},{"url":"https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://security-tracker.debian.org/tracker/CVE-2016-5195","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20161025-0001/","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://security.paloaltonetworks.com/CVE-2016-5195","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/2016-11-01.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/2016-12-01.html","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/40611/","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40616/","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40839/","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40847/","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.kb.cert.org/vuls/id/243144","source":"chrome-cve-admin@google.com","tags":["Third Party Advisory","US Government Resource"]}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/LinuxKernelContent/DirtyCow","https://github.com/flux10n/dirtycow","https://github.com/1equeneRise/scumjr9","https://github.com/malinthag62/The-exploitation-of-Dirty-Cow-CVE-2016-5195","https://github.com/passionchenjianyegmail8/scumjrs","https://github.com/ArkAngeL43/CVE-2016-5195","https://github.com/gurpreetsinghsaluja/dirtycow","https://github.com/vinspiert/scumjrs","https://github.com/r1is/CVE-2022-0847","https://github.com/ellietoulabi/Dirty-Cow","https://github.com/ASUKA39/CVE-2016-5195","https://github.com/sakilahamed/Linux-Kernel-Exploit-LAB","https://github.com/LiEnby/PSSRoot","https://github.com/0x3n19m4/CVE-2016-5195","https://github.com/Samuel-G3/Escalamiento-de-Privilegios-usando-el-Kernel-Exploit-Dirty-Cow","https://github.com/mohammadamin382/dirtycow-lab","https://github.com/MarioAlejos-Cs/dirtycow-lab","https://github.com/pardhu045/linux-privilege-escalation","https://github.com/arturomartinvegue/escalada-privilegios-kernel-exploit-dirty-cow","https://github.com/th3-5had0w/DirtyCOW-PoC","https://github.com/talsim/root-dirtyc0w","https://github.com/arttnba3/CVE-2016-5195","https://github.com/DanielEbert/CVE-2016-5195","https://github.com/KaviDk/dirtyCow","https://github.com/dulanjaya23/Dirty-Cow-CVE-2016-5195-","https://github.com/zakariamaaraki/Dirty-COW-CVE-2016-5195-","https://github.com/imust6226/dirtcow","https://github.com/jas502n/CVE-2016-5195","https://github.com/Brucetg/DirtyCow-EXP","https://github.com/xpcmdshell/derpyc0w","https://github.com/titanhp/Dirty-COW-CVE-2016-5195-Testing","https://github.com/arbll/dirtycow","https://github.com/FloridSleeves/os-experiment-4","https://github.com/droidvoider/dirtycow-replacer","https://github.com/hyln9/VIKIROOT","https://github.com/esc0rtd3w/org.cowpoop.moooooo","https://github.com/ndobson/inspec_CVE-2016-5195","https://github.com/firefart/dirtycow","https://github.com/whu-enjoy/CVE-2016-5195","https://github.com/ldenevi/CVE-2016-5195","https://github.com/aishee/scan-dirtycow","https://github.com/DavidBuchanan314/cowroot","https://github.com/gbonacini/CVE-2016-5195","https://github.com/scumjr/dirtycow-vdso","https://github.com/sideeffect42/DirtyCOWTester","https://github.com/pgporada/ansible-role-cve","https://github.com/istenrot/centos-dirty-cow-ansible","https://github.com/xlucas/dirtycow.cr","https://github.com/timwr/CVE-2016-5195","https://github.com/KosukeShimofuji/CVE-2016-5195","https://github.com/ramahmdr/dirtycow","https://github.com/elhaddadalaa788-alt/kernel-exploit-dirtycow-project-subm","https://github.com/Nathanloupy/42adv_boot2root"],"openThreatData":[{"adversaries":["Lazarus Group","FinSpy","Outlaw","Anunak"],"malwareFamiles":["Trojan.linux.sshbrute","Backdoor.sh.shellbot","Coinminer.linux","Trojan.sh.malxmr"],"affectedIndustries":["Finance","Manufacturing","Ngo"],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e6259e11c8283e48a9ba9a","cveID":"CVE-2017-11826","dateAdded":"2022-03-03","dueDate":"2022-03-24","notes":"","product":"Office","requiredAction":"Apply updates per vendor instructions.","shortDescription":"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Office Remote Code Execution Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"MEDIUM","baseSeverity":"HIGH","exploitabilityScore":8.6,"baseScore":9.3,"nvdReferences":[{"url":"http://www.securityfocus.com/bid/101219","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039541","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/","source":"secure@microsoft.com","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/","source":"secure@microsoft.com"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/thatskriptkid/CVE-2017-11826"],"openThreatData":[{"adversaries":["Lazarus Group","Molerats"],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e6259d11c8283e48a9ba28","cveID":"CVE-2018-20250","dateAdded":"2022-02-15","dueDate":"2022-08-15","notes":"","product":"WinRAR","requiredAction":"Apply updates per vendor instructions.","shortDescription":"WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution","vendorProject":"RARLAB","vulnerabilityName":"WinRAR Absolute Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"MEDIUM","baseSeverity":"MEDIUM","exploitabilityScore":8.6,"baseScore":6.8,"nvdReferences":[{"url":"http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html","source":"cve@checkpoint.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace","source":"cve@checkpoint.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/106948","source":"cve@checkpoint.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/blau72/CVE-2018-20250-WinRAR-ACE","source":"cve@checkpoint.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://research.checkpoint.com/extracting-code-execution-from-winrar/","source":"cve@checkpoint.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/46552/","source":"cve@checkpoint.com","tags":["Exploit","VDB Entry","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/46756/","source":"cve@checkpoint.com","tags":["Exploit","VDB Entry","Third Party Advisory"]},{"url":"https://www.win-rar.com/whatsnew.html","source":"cve@checkpoint.com","tags":["Vendor Advisory"]}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/zeronohacker/CVE-2018-20250","https://github.com/lxg5763/cve-2018-20250","https://github.com/eastmountyxz/CVE-2018-20250-WinRAR","https://github.com/DANIELVISPOBLOG/WinRar_ACE_exploit_CVE-2018-20250","https://github.com/joydragon/Detect-CVE-2018-20250","https://github.com/arkangel-dev/CVE-2018-20250-WINRAR-ACE-GUI","https://github.com/Ektoplasma/ezwinrar","https://github.com/technicaldada/hack-winrar","https://github.com/n4r1b/WinAce-POC","https://github.com/easis/CVE-2018-20250-WinRAR-ACE","https://github.com/H4xl0r/WinRar_ACE_exploit_CVE-2018-20250","https://github.com/blunden/UNACEV2.DLL-CVE-2018-20250","https://github.com/QAX-A-Team/CVE-2018-20250","https://github.com/WyAtu/CVE-2018-20250"],"openThreatData":[{"adversaries":["APT33","Lazarus Group","Goldmouse"],"malwareFamiles":["Responder - s0174","Hacktool:win32/chromepass","Dbll dropper","Dratzarus"],"affectedIndustries":["Finance","Telecommunucations","Education","Chemical","Satellite and communications","Manufacturing","Research","Aerospace","Engineering","Consulting","Energy","Defense","Government"],"communityAdversaries":["Vulnerability Advisory"],"communityMalwareFamilies":["Azure ad"],"communityAffectedIndustries":["Aerospace","Chemical","Petrochemical","Defense"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"64e6259d11c8283e48a9ba22","cveID":"CVE-2022-0609","dateAdded":"2022-02-15","dueDate":"2022-03-01","notes":"","product":"Chrome","requiredAction":"Apply updates per vendor instructions.","shortDescription":"The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome.","vendorProject":"Google","vulnerabilityName":"Google Chrome Use-After-Free Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html","source":"chrome-cve-admin@google.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://crbug.com/1296150","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":["Lazarus","Vulnerability Advisory","Threat","Lazarus Group"],"communityMalwareFamilies":["Webstore api","Macos","Cobalt strike","Applejeus (windows)","Veiledsignal","Deadbolt ransomware","Lazarus’use","Coldcat","Metastealer","Vidar","Racoon stealer","Conti ransomware","Mars stealer","Poolrat","Sharpext","Kimsuky","Dreamjob","Applejeus (os x)","Lazarus","Blackguard","Carbanak","Fallchill","Pegasus - mob-s0005","Loadout","Emotet","Threat analysis","Redline"],"communityAffectedIndustries":["Cryptocurrency","Financial services","Nuclear","Media","Journalists","Banks","Social engineering","Aerospace","Defence","Diplomacy","Technology","Financial","Crypto"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e6259d11c8283e48a9ba16","cveID":"CVE-2015-2051","dateAdded":"2022-02-10","dueDate":"2022-08-10","notes":"","product":"DIR-645 Router","requiredAction":"The impacted product is end-of-life and should be disconnected if still in use.","shortDescription":"D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.","vendorProject":"D-Link","vulnerabilityName":"D-Link DIR-645 Router Remote Code Execution Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":10.0,"baseScore":10.0,"nvdReferences":[{"url":"http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/72623","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/74870","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/37171/","source":"cve@mitre.org"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":["Mirai","Robinbot","Moobot","Enemybot","Liquorbot"],"affectedIndustries":[],"communityAdversaries":["Vulnerability Advisory","Lazarus Group","Malware Advisory","Keksec"],"communityMalwareFamilies":["Ctblocker","Phobos","Eset","Agent","Houdrat","Moobot","Android banking","Ziggy","Enemybot","Gandcrab","Shadowpad","Zbot","Winnti","Qbot","Kobalos","Trojansms.agent","Maas","Netwalker","Linux","Botenago","Mirai","Webshell","Triada","Fraud","Lazarus","Xdspy","Mozi","B7ee57a42c6a4545ac6d6c29e1075fa1628e1d09b8c1572c848a70112d4c90a1","Hiddad","Vyveva","Doppelpaymer","Ursnif","Trickbot","Formbook","Shlayer","Nephilim","Iis","Turla","Emotet","Vools","Phishing","Luckymouse","Cryptowall","Fonix","Dridex","Agent tesla","Wannacryptor","Cerber","Ranumbot","Shell script","Psw.fareit","Ryuk","Nanocore"],"communityAffectedIndustries":["Government","Oil","Hospitality","Retail","Defense","Healthcare","Cryptocurrency","Financial services","Transportation","Telecommunications","Bitcoin","Manufacturing","Finance","Construction"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e6259d11c8283e48a9ba12","cveID":"CVE-2017-0144","dateAdded":"2022-02-10","dueDate":"2022-08-10","notes":"","product":"SMBv1","requiredAction":"Apply updates per vendor instructions.","shortDescription":"The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft SMBv1 Remote Code Execution Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"MEDIUM","baseSeverity":"HIGH","exploitabilityScore":8.6,"baseScore":9.3,"nvdReferences":[{"url":"http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html","source":"secure@microsoft.com"},{"url":"http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html","source":"secure@microsoft.com"},{"url":"http://www.securityfocus.com/bid/96704","source":"secure@microsoft.com"},{"url":"http://www.securitytracker.com/id/1037991","source":"secure@microsoft.com"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf","source":"secure@microsoft.com"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf","source":"secure@microsoft.com"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41891/","source":"secure@microsoft.com"},{"url":"https://www.exploit-db.com/exploits/41987/","source":"secure@microsoft.com"},{"url":"https://www.exploit-db.com/exploits/42030/","source":"secure@microsoft.com"},{"url":"https://www.exploit-db.com/exploits/42031/","source":"secure@microsoft.com"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/quynhold/Detect-CVE-2017-0144-attack","https://github.com/Ali-Imangholi/EternalBlueTrojan","https://github.com/kimocoder/eternalblue","https://github.com/peterpt/eternal_scanner","https://github.com/ducanh2oo3/Vulnerability-Research-CVE-2017-0144","https://github.com/sethwhy/BlueDoor","https://github.com/AtithKhawas/autoblue","https://github.com/MedX267/EternalBlue-Vulnerability-Scanner","https://github.com/pelagornisandersi/WIndows-7-automated-exploitation-using-metasploit-framework-","https://github.com/AdityaBhatt3010/VAPT-Report-on-SMB-Exploitation-in-Windows-10-Finance-Endpoint","https://github.com/nivedh-j/EternalBlue-Explained","https://github.com/B1ack4sh/Blackash-CVE-2017-0144","https://github.com/Mitsu-bis/Eternal-Blue-CVE-2017-0144-THM-Write-Up","https://github.com/FireTemple/Blackash-CVE-2017-0144","https://github.com/althany/CVE-2017-0144_Lab-Guide"],"openThreatData":[{"adversaries":["Lazarus Group","InvisiMole Group","Bluenoroff","Emissary Panda","WannaCry"],"malwareFamiles":["Ramnit","Lemonduck","Win64/invisimole","Rudeminer","Win32/invisimole","Lemoncat","Blacksquid","Msil/pterodo","Gozi isfb","Lolsnif","Lucifer","Ursnif - s0386","Invisimole - s0260"],"affectedIndustries":["Manufacturing","Insurance","Legal","Finance","Defense","Government"],"communityAdversaries":["Vulnerability Advisory","Malware Advisory","Emissary Panda"],"communityMalwareFamilies":["Ramnit","Lemonduck","Mimikatz","Xml","Lemon duck","Lemoncat","Agent tesla","Victorygate","China chopper","New encoder"],"communityAffectedIndustries":["Manufacturing","Financial","Government"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"64e6259d11c8283e48a9ba10","cveID":"CVE-2017-0145","dateAdded":"2022-02-10","dueDate":"2022-08-10","notes":"","product":"SMBv1","requiredAction":"Apply updates per vendor instructions.","shortDescription":"The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft SMBv1 Remote Code Execution Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"MEDIUM","baseSeverity":"HIGH","exploitabilityScore":8.6,"baseScore":9.3,"nvdReferences":[{"url":"http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html","source":"secure@microsoft.com"},{"url":"http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html","source":"secure@microsoft.com"},{"url":"http://www.securityfocus.com/bid/96705","source":"secure@microsoft.com"},{"url":"http://www.securitytracker.com/id/1037991","source":"secure@microsoft.com"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf","source":"secure@microsoft.com"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf","source":"secure@microsoft.com"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41891/","source":"secure@microsoft.com"},{"url":"https://www.exploit-db.com/exploits/41987/","source":"secure@microsoft.com"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/MelonSmasher/chef_tissues"],"openThreatData":[{"adversaries":["Lazarus Group"],"malwareFamiles":["Rudeminer","Blacksquid","Lucifer"],"affectedIndustries":["Legal","Insurance","Manufacturing","Finance"],"communityAdversaries":["Vulnerability Advisory"],"communityMalwareFamilies":["Agent tesla"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Known"},{"_id":"64e6259d11c8283e48a9b9d6","cveID":"CVE-2021-33766","dateAdded":"2022-01-18","dueDate":"2022-02-01","notes":"","product":"Exchange Server","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Exchange Server Information Disclosure","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.3,"nvdReferences":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33766","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-798/","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/demossl/CVE-2021-33766-ProxyToken","https://github.com/bhdresh/CVE-2021-33766"],"openThreatData":[{"adversaries":["Manic Menagerie","IRGC"],"malwareFamiles":["Manic menagerie"],"affectedIndustries":["Critical infrastructure"],"communityAdversaries":["Lazarus Group"],"communityMalwareFamilies":[],"communityAffectedIndustries":["Critical infrastructure","Technology","Government","Education","Healthcare"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e6259b11c8283e48a9b866","cveID":"CVE-2020-0688","dateAdded":"2021-11-03","dueDate":"2022-05-03","notes":"","product":"Exchange Server","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html","source":"secure@microsoft.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html","source":"secure@microsoft.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-258/","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/chudamax/CVE-2020-0688-Exchange2010","https://github.com/TheKickPuncher/CVE-2020-0688-Python3","https://github.com/7heKnight/CVE-2020-0688","https://github.com/ann0906/proxylogon","https://github.com/MrTiz/CVE-2020-0688","https://github.com/SLSteff/CVE-2020-0688-Scanner","https://github.com/zyn3rgy/ecp_slap","https://github.com/murataydemir/CVE-2020-0688","https://github.com/w4fz5uck5/cve-2020-0688-webshell-upload-technique","https://github.com/ktpdpro/CVE-2020-0688","https://github.com/W01fh4cker/CVE-2020-0688-GUI","https://github.com/tvdat20004/CVE-2020-0688","https://github.com/mahyarx/Exploit_CVE-2020-0688","https://github.com/ravinacademy/CVE-2020-0688","https://github.com/cert-lv/CVE-2020-0688","https://github.com/justin-p/PSForgot2kEyXCHANGE","https://github.com/zcgonvh/CVE-2020-0688","https://github.com/youncyb/CVE-2020-0688","https://github.com/onSec-fr/CVE-2020-0688-Scanner","https://github.com/truongtn/cve-2020-0688","https://github.com/righter83/CVE-2020-0688","https://github.com/Yt1g3r/CVE-2020-0688_EXP","https://github.com/Ridter/cve-2020-0688","https://github.com/Jumbo-WJB/CVE-2020-0688","https://github.com/random-robbie/cve-2020-0688","https://github.com/iamwajd/Cyber-Attack-Analysis"],"openThreatData":[{"adversaries":["Dark Halo","MuddyWater","APT34","Iron Tiger APT","APT41","Chinese APT","Berserk Bear","OceanLotus"],"malwareFamiles":["Cobalt strike - s0154","Mimikatz - s0002","Pandora","Viewstate","Rgdoor - s0258","China chopper - s0020","Highshell","Trojandownloader:win32/sysupdate","Starwhale","Appleseed","Hacktool.linux.reverseproxy","Muddywater","Keyplug","Daumbot","Small sieve","Soldier","Focusfjord","Hyperbro - s0398","Powgoop","Hyperssl","Apt41","Metasploit","Powerstats","Trojan.win32.sysupdate"],"affectedIndustries":["Think tank","Gambling","Gaming","Finance","Defense","Government","Aviation","Telecommunications","Energy"],"communityAdversaries":["Forest Blizzard (STRONTIUM)","MuddyWater","FIN7","APT41","APT35","Vulnerability Advisory","Lazarus Group"],"communityMalwareFamilies":["Kobalos","Doppelpaymer","Maas","Cobalt strike - s0154","Ranumbot","Netwalker","Cerber","Trickbot","Trojansms.agent","Agent","Viewstate","Hiddad","Triada","Ryuk","Shadowpad","Mercury","Vyveva","Vools","Iis","Formbook","Mozi","Wannacryptor","Starwhale","Nanocore","Next blackcat","Linux","Turla","Webshell","Muddywater","Python","Nephilim","Psw.fareit","Keyplug","Cryptowall","Eset","Ursnif","Fraud","Static kitten","Android banking","Houdrat","Winnti","Qbot","Ctblocker","Small sieve","Lazarus","Xdspy","Phobos","Agent tesla","Emotet","Powgoop","Fonix","Mirai","Powerstats","Apt41","Shlayer","Phishing","Dridex","Gandcrab","Ziggy","Luckymouse"],"communityAffectedIndustries":["Manufacturing","Construction","Technology","Aviation","Bitcoin","Ics","Critical infrastructure","Hospitality","Defense","Government","Telecommunication","Retail","Transportation","Electrical","Oil","Cryptocurrency","Finance","Financial services","Healthcare","Telecommunications","Legal","Energy"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"64e6259b11c8283e48a9b860","cveID":"CVE-2017-7269","dateAdded":"2021-11-03","dueDate":"2022-05-03","notes":"","product":"Internet Information Services (IIS)","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with \"If: <http://\" in a PROPFIND request.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Windows Server Buffer Overflow Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":10.0,"baseScore":10.0,"nvdReferences":[{"url":"http://www.securityfocus.com/bid/97127","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1038168","source":"cve@mitre.org"},{"url":"https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html","source":"cve@mitre.org"},{"url":"https://github.com/danigargu/explodingcan","source":"cve@mitre.org"},{"url":"https://github.com/edwardz246003/IIS_exploit","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/rapid7/metasploit-framework/pull/8162","source":"cve@mitre.org"},{"url":"https://medium.com/%40iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812","source":"cve@mitre.org"},{"url":"https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/41738/","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/41992/","source":"cve@mitre.org"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/denchief1/CVE-2017-7269","https://github.com/denchief1/CVE-2017-7269_Python3","https://github.com/mirrorblack/CVE-2017-7269","https://github.com/zcgonvh/cve-2017-7269-tool","https://github.com/xiaovpn/CVE-2017-7269","https://github.com/slimpagey/IIS_6.0_WebDAV_Ruby","https://github.com/g0rx/iis6-exploit-2017-CVE-2017-7269","https://github.com/zcgonvh/cve-2017-7269","https://github.com/M1a0rz/CVE-2017-7269","https://github.com/caicai1355/CVE-2017-7269-exploit","https://github.com/OmarSuarezDoro/CVE-2017-7269","https://github.com/Cappricio-Securities/CVE-2017-7269","https://github.com/AxthonyV/GenWebDavIISExploit","https://github.com/geniuszlyy/CVE-2017-7269","https://github.com/nika0x38/CVE-2017-7269","https://github.com/lcatro/CVE-2017-7269-Echo-PoC","https://github.com/eliuha/webdav_exploit"],"openThreatData":[{"adversaries":["Lazarus Group"],"malwareFamiles":["China chopper - s0020","Earthworm","Iisspy","Moriya","Bouncer","Termite"],"affectedIndustries":["Government"],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e6259a11c8283e48a9b7ec","cveID":"CVE-2020-12812","dateAdded":"2021-11-03","dueDate":"2022-05-03","notes":"","product":"FortiOS","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.","vendorProject":"Fortinet","vulnerabilityName":"Fortinet FortiOS SSL VPN Improper Authentication Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://fortiguard.com/psirt/FG-IR-19-283","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":["Play","IRGC"],"malwareFamiles":["Play"],"affectedIndustries":["Critical infrastructure","Transportation","Government","Healthcare"],"communityAdversaries":["Lapsus$","Sponsor","Lazarus Group","Play"],"communityMalwareFamilies":["Cobalt mirage","Saudegroup","Nokoyawa","Sponsoring access","Play","Svcready","Conti","Blackmatter","Macos","Powerless","Winscp","Blackcat","Domain administrators","Hellokitty","Lapsus$","Sponsor","Playcrypt","Hive","Revil","Ballistic bobcat","Emotet","Kaseya","Cobalt strike","Sample hive"],"communityAffectedIndustries":["Medical","Human rights","Ballistic","Foreign affairs","Pharmaceuticals","Political","Telecommunications","Airline","Insurance","Tech","Telecommunication","Health","Critical infrastructure","Information technology","Transportation","Manufacturing","Media","Legal","Logistics","Education","Journalists","Shipping","Retail","Finance","Construction","Auto","Financial","Healthcare","Critical industries","Academics","Government"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"64e6259a11c8283e48a9b7ea","cveID":"CVE-2019-5591","dateAdded":"2021-11-03","dueDate":"2022-05-03","notes":"","product":"FortiOS","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.","vendorProject":"Fortinet","vulnerabilityName":"Fortinet FortiOS Default Configuration Vulnerability","nvdData":[{"attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":6.5,"nvdReferences":[{"url":"https://www.fortiguard.com/psirt/FG-IR-19-037","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/ayewo/fortios-ldap-mitm-poc-CVE-2019-5591"],"openThreatData":[{"adversaries":["IRGC"],"malwareFamiles":[],"affectedIndustries":["Healthcare","Government","Transportation","Critical infrastructure"],"communityAdversaries":["Lazarus Group","Sponsor","Lapsus$"],"communityMalwareFamilies":["Revil","Lapsus$","Saudegroup","Conti","Powerless","Cobalt strike","Hellokitty","Blackcat","Sponsor","Blackmatter","Ballistic bobcat","Kaseya","Cobalt mirage","Sponsoring access"],"communityAffectedIndustries":["Insurance","Health","Construction","Pharmaceuticals","Financial","Government","Political","Telecommunication","Retail","Critical industries","Critical infrastructure","Manufacturing","Human rights","Academics","Media","Auto","Journalists","Healthcare","Telecommunications","Foreign affairs","Legal","Transportation","Education","Medical","Ballistic","Airline"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e6259a11c8283e48a9b78c","cveID":"CVE-2021-30657","dateAdded":"2021-11-03","dueDate":"2021-11-17","notes":"","product":"macOS","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.","vendorProject":"Apple","vulnerabilityName":"Apple macOS Unspecified Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":1.8,"baseScore":5.5,"nvdReferences":[{"url":"https://support.apple.com/en-us/HT212325","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/HT212326","source":"product-security@apple.com","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/shubham0d/CVE-2021-30657"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":["Lazarus Group"],"communityMalwareFamilies":["Hiddad","Kobalos","Qbot","Fonix","Ryuk","Maas","Houdrat","Android banking","Ursnif","Wannacryptor","Dridex","Webshell","Lazarus","Emotet","Agent tesla","Trickbot","Mirai","Winnti","Agent","Doppelpaymer","Nanocore","Fraud","Phishing","Nephilim","Linux","Luckymouse","Vyveva","Psw.fareit","Gandcrab","Formbook","Ranumbot","Eset","Cryptowall","Mozi","Ctblocker","Cerber","Ziggy","Vools","Xdspy","Turla","Iis","Shadowpad","Netwalker","Phobos","Triada","Shlayer","Trojansms.agent"],"communityAffectedIndustries":["Retail","Transportation","Bitcoin","Defense","Healthcare","Financial services","Telecommunications","Construction","Finance","Hospitality","Oil","Government","Cryptocurrency","Manufacturing"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"64e6259911c8283e48a9b766","cveID":"CVE-2017-5638","dateAdded":"2021-11-03","dueDate":"2022-05-03","notes":"","product":"Struts","requiredAction":"Apply updates per vendor instructions.","shortDescription":"Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.","vendorProject":"Apache","vulnerabilityName":"Apache Struts Remote Code Execution Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":10.0,"baseScore":10.0,"nvdReferences":[{"url":"http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html","source":"security@apache.org","tags":["Technical Description","Third Party Advisory"]},{"url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/","source":"security@apache.org","tags":["Technical Description","Third Party Advisory"]},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt","source":"security@apache.org"},{"url":"http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html","source":"security@apache.org","tags":["Press/Media Coverage"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","source":"security@apache.org"},{"url":"http://www.securityfocus.com/bid/96729","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037973","source":"security@apache.org"},{"url":"https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/","source":"security@apache.org","tags":["Press/Media Coverage"]},{"url":"https://cwiki.apache.org/confluence/display/WW/S2-045","source":"security@apache.org","tags":["Mitigation","Vendor Advisory"]},{"url":"https://cwiki.apache.org/confluence/display/WW/S2-046","source":"security@apache.org"},{"url":"https://exploit-db.com/exploits/41570","source":"security@apache.org","tags":["Exploit","VDB Entry"]},{"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a","source":"security@apache.org"},{"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228","source":"security@apache.org"},{"url":"https://github.com/mazen160/struts-pwn","source":"security@apache.org","tags":["Exploit"]},{"url":"https://github.com/rapid7/metasploit-framework/issues/8064","source":"security@apache.org","tags":["Exploit"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us","source":"security@apache.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us","source":"security@apache.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us","source":"security@apache.org"},{"url":"https://isc.sans.edu/diary/22169","source":"security@apache.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","source":"security@apache.org"},{"url":"https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt","source":"security@apache.org","tags":["Exploit","VDB Entry"]},{"url":"https://security.netapp.com/advisory/ntap-20170310-0001/","source":"security@apache.org"},{"url":"https://struts.apache.org/docs/s2-045.html","source":"security@apache.org"},{"url":"https://struts.apache.org/docs/s2-046.html","source":"security@apache.org"},{"url":"https://support.lenovo.com/us/en/product_security/len-14200","source":"security@apache.org"},{"url":"https://twitter.com/theog150/status/841146956135124993","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41614/","source":"security@apache.org"},{"url":"https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/","source":"security@apache.org"},{"url":"https://www.kb.cert.org/vuls/id/834067","source":"security@apache.org"},{"url":"https://www.symantec.com/security-center/network-protection-security-advisories/SA145","source":"security@apache.org"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/FredBrave/CVE-2017-5638-ApacheStruts2.3.5","https://github.com/mritunjay-k/CVE-2017-5638","https://github.com/mfdev-solution/Exploit-CVE-2017-5638","https://github.com/readloud/CVE-2017-5638","https://github.com/testpilot031/vulnerability_struts-2.3.31","https://github.com/jptr218/struts_hack","https://github.com/jongmartinez/CVE-2017-5638","https://github.com/sonatype-workshops/struts2-rce","https://github.com/ludy-dev/XworkStruts-RCE","https://github.com/pasannirmana/Aspire","https://github.com/kloutkake/CVE-2017-5638-PoC","https://github.com/Nithylesh/web-application-firewall-","https://github.com/Xernary/CVE-2017-5638-POC","https://github.com/haxerr9/CVE-2017-5638","https://github.com/joidiego/Detection-struts-cve-2017-5638-detector","https://github.com/iampetru/PoC-CVE-2017-5638","https://github.com/kaylertee/Computer-Security-Equifax-2017","https://github.com/FozilCV/Apache-Struts2-CVE-2017-5638","https://github.com/timothyjxhn/DeliberatelyVulnerableWebApp","https://github.com/louislafosse/CVE-2017-5638-assignement","https://github.com/injcristianrojas/cve-2017-5638","https://github.com/colorblindpentester/CVE-2017-5638","https://github.com/andypitcher/check_struts","https://github.com/Iletee/struts2-rce","https://github.com/win3zz/CVE-2017-5638","https://github.com/ggolawski/struts-rce","https://github.com/Greynad/struts2-jakarta-inject","https://github.com/m3ssap0/struts2_cve-2017-5638","https://github.com/0x00-0x00/CVE-2017-5638","https://github.com/cafnet/apache-struts-v2-CVE-2017-5638","https://github.com/pr0x1ma-byte/cybersecurity-struts2","https://github.com/donaldashdown/Common-Vulnerability-and-Exploit","https://github.com/c002/Apache-Struts","https://github.com/invisiblethreat/strutser","https://github.com/R4v3nBl4ck/Apache-Struts-2-CVE-2017-5638-Exploit-","https://github.com/eeehit/CVE-2017-5638","https://github.com/riyazwalikar/struts-rce-cve-2017-5638","https://github.com/jpacora/Struts2Shell","https://github.com/SpiderMate/Stutsfi","https://github.com/Aasron/Struts2-045-Exp","https://github.com/payatu/CVE-2017-5638","https://github.com/tahmed11/strutsy","https://github.com/opt9/Strutscli","https://github.com/gsfish/S2-Reaper","https://github.com/KarzsGHR/S2-046_S2-045_POC","https://github.com/jas502n/st2-046-poc","https://github.com/falcon-lnhg/StrutsShell","https://github.com/opt9/Strutshock","https://github.com/jrrdev/cve-2017-5638","https://github.com/oktavianto/CVE-2017-5638-Apache-Struts2","https://github.com/lolwaleet/ExpStruts","https://github.com/ret2jazzy/Struts-Apache-ExploitPack","https://github.com/mazen160/struts-pwn","https://github.com/initconf/CVE-2017-5638_struts","https://github.com/random-robbie/CVE-2017-5638","https://github.com/sjitech/test_struts2_vulnerability_CVE-2017-5638","https://github.com/aljazceru/CVE-2017-5638-Apache-Struts2","https://github.com/Masahiro-Yamada/OgnlContentTypeRejectorValve","https://github.com/immunio/apache-struts2-CVE-2017-5638","https://github.com/xsscx/cve-2017-5638","https://github.com/btamburi/strutszeiro","https://github.com/mthbernardes/strutszeiro","https://github.com/jas502n/S2-045-EXP-POC-TOOLS","https://github.com/Flyteas/Struts2-045-Exp","https://github.com/PolarisLab/S2-045","https://github.com/soufiane-benchahyd/vulhub-struts2","https://github.com/AIPEAC/SC3010-Computer-Security"],"openThreatData":[{"adversaries":["Lazarus Group"],"malwareFamiles":["Gitpaste"],"affectedIndustries":[],"communityAdversaries":["GOLD MELODY"],"communityMalwareFamilies":["Xmrig","Ramnit","Phorpiex","Figura","Necro","Totsee","Formbook","Trickbot","Egregor","Keksec","Motivated","Gold melody","Nanocore","Mirai","Muhstik","Agenttesla","Kaiten","Lokibot","Emotet","Snakekeylogger","Vidar","Qbot","Connect","Remcos","Glupteba","Irc","Cryptodefense","Gibson"],"communityAffectedIndustries":["Communications","Financial","Military","Government","Healthcare","Education"]}],"knownRansomwareCampaignUse":"Known"},{"_id":"64e6259911c8283e48a9b74e","cveID":"CVE-2018-4878","dateAdded":"2021-11-03","dueDate":"2022-05-03","notes":"","product":"Flash Player","requiredAction":"The impacted product is end-of-life and should be disconnected if still in use.","shortDescription":"Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.","vendorProject":"Adobe","vulnerabilityName":"Adobe Flash Player Use-After-Free Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html","source":"psirt@adobe.com","tags":["Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/102893","source":"psirt@adobe.com","tags":["Broken Link"]},{"url":"http://www.securitytracker.com/id/1040318","source":"psirt@adobe.com","tags":["Broken Link"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0285","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://github.com/vysec/CVE-2018-4878","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/","source":"psirt@adobe.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139","source":"psirt@adobe.com","tags":["Press/Media Coverage","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/44412/","source":"psirt@adobe.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets","source":"psirt@adobe.com","tags":["Technical Description","Third Party Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/HuanWoWeiLan/SoftwareSystemSecurity-2019","https://github.com/B0fH/CVE-2018-4878","https://github.com/ydl555/CVE-2018-4878","https://github.com/SyFi/CVE-2018-4878","https://github.com/KathodeN/CVE-2018-4878","https://github.com/vysecurity/CVE-2018-4878","https://github.com/hybridious/CVE-2018-4878","https://github.com/ydl555/CVE-2018-4878-","https://github.com/demonsec666/CVE-2018-4878"],"openThreatData":[{"adversaries":["Lazarus Group","Kimsuky","Group 123"],"malwareFamiles":["Trojan:win32/kimsuk","Njrat","Capesand"],"affectedIndustries":["Government","Ngo","Military","Finance"],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Known"}]}