Merge pull request #649 from e-m-b-a/known_exploited_update

CISA known exploited database update
e-m-b-a · Jun 4, 2023 · 38cb941 · 38cb941
2 parents 048900b + 9fb8cb5
commit 38cb941
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv
@@ -939,3 +939,5 @@
 "CVE-2023-28204","Apple","Multiple Products","Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability","2023-05-22","Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information.","Apply updates per vendor instructions.","2023-06-12","https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765"
 "CVE-2023-32373","Apple","Multiple Products","Apple Multiple Products WebKit Use-After-Free Vulnerability","2023-05-22","Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution.","Apply updates per vendor instructions.","2023-06-12","https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765"
 "CVE-2023-2868","Barracuda Networks","Email Security Gateway (ESG) Appliance","Barracuda Networks ESG Appliance Improper Input Validation Vulnerability","2023-05-26","Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.","Apply updates per vendor instructions.","2023-06-16","https://status.barracuda.com/incidents/34kx82j5n4q9"
+"CVE-2023-28771","Zyxel","Multiple Firewalls","Zyxel Multiple Firewalls OS Command Injection Vulnerability","2023-05-31","Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.","Apply updates per vendor instructions.","2023-06-21","https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls"
+"CVE-2023-34362","Progress","MOVEit Transfer","Progress MOVEit Transfer SQL Injection Vulnerability","2023-06-02","Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.","Apply updates per vendor instructions.","2023-06-23","https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023"