CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
5 results · Page 1/1
GNU InetUtils Argument Injection Vulnerability
GNU · InetUtils
GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
GNU Bash OS Command Injection Vulnerability
GNU · GNU Bash
GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
GNU C Library Buffer Overflow Vulnerability
GNU · GNU C Library
GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
GNU · Bourne-Again Shell (Bash)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.
Required Action
Apply updates per vendor instructions.
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
GNU · Bourne-Again Shell (Bash)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271.
Required Action
Apply updates per vendor instructions.
