Skip to content

Commit

Permalink
Merge pull request #656 from e-m-b-a/known_exploited_update
Browse files Browse the repository at this point in the history 
CISA known exploited database update
  • Loading branch information
@m-1-k-3
m-1-k-3 authored Jun 11, 2023
2 parents 73f6001 + 5027869 commit caa005d
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion config/known_exploited_vulnerabilities.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
"CVE-2020-3452","Cisco","Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)","Cisco ASA and FTD Read-Only Path Traversal Vulnerability","2021-11-03","Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.","Apply updates per vendor instructions.","2022-05-03",""
"CVE-2020-3580","Cisco","Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)","Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability","2021-11-03","Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting (XSS) in the context of the interface or access sensitive browser-based information.","Apply updates per vendor instructions.","2022-05-03",""
"CVE-2021-1497","Cisco","HyperFlex HX","Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability","2021-11-03","Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the?root?user.","Apply updates per vendor instructions.","2021-11-17",""
"CVE-2021-1498","Cisco","HyperFlex HX","Cisco HyperFlex HX Data Platform Command Injection Vulnerability","2021-11-03","Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the?tomcat8?user.","Apply updates per vendor instructions.","2021-11-17",""
"CVE-2021-1498","Cisco","HyperFlex HX","Cisco HyperFlex HX Data Platform Command Injection Vulnerability","2021-11-03","Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.","Apply updates per vendor instructions.","2021-11-17",""
"CVE-2018-0171","Cisco","IOS and IOS XE","Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability","2021-11-03","Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.","Apply updates per vendor instructions.","2022-05-03",""
"CVE-2020-3118","Cisco","IOS XR","Cisco IOS XR Software Discovery Protocol Format String Vulnerability","2021-11-03","Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.","Apply updates per vendor instructions.","2022-05-03",""
"CVE-2020-3566","Cisco","IOS XR","Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability","2021-11-03","Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.","Apply updates per vendor instructions.","2022-05-03",""
Expand Down Expand Up @@ -941,3 +941,6 @@
"CVE-2023-2868","Barracuda Networks","Email Security Gateway (ESG) Appliance","Barracuda Networks ESG Appliance Improper Input Validation Vulnerability","2023-05-26","Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.","Apply updates per vendor instructions.","2023-06-16","https://status.barracuda.com/incidents/34kx82j5n4q9"
"CVE-2023-28771","Zyxel","Multiple Firewalls","Zyxel Multiple Firewalls OS Command Injection Vulnerability","2023-05-31","Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.","Apply updates per vendor instructions.","2023-06-21","https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls"
"CVE-2023-34362","Progress","MOVEit Transfer","Progress MOVEit Transfer SQL Injection Vulnerability","2023-06-02","Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.","Apply updates per vendor instructions.","2023-06-23","https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023"
"CVE-2023-33009","Zyxel","Multiple Firewalls","Zyxel Multiple Firewalls Buffer Overflow Vulnerability","2023-06-05","Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.","Apply updates per vendor instructions.","2023-06-26","https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
"CVE-2023-33010","Zyxel","Multiple Firewalls","Zyxel Multiple Firewalls Buffer Overflow Vulnerability","2023-06-05","Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.","Apply updates per vendor instructions.","2023-06-26","https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
"CVE-2023-3079","Google","Chromium V8 Engine","Google Chromium V8 Type Confusion Vulnerability","2023-06-07","Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.","Apply updates per vendor instructions.","2023-06-28","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html"

0 comments on commit caa005d

Please sign in to comment.