Updated EPSS Score to CVE Templates

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
patch-1
GwanYeong Kim 2023-07-10 09:25:11 +09:00
parent c3a5b64e62
commit 0e5fcfa57e
10 changed files with 23 additions and 0 deletions

View File

@ -13,6 +13,7 @@ info:
cvss-score: 7.4
cve-id: CVE-2001-1473
cwe-id: CWE-310
epss-score: 0.002580000
remediation: Upgrade to SSH 2.4 or later.
tags: cve,cve2001,network,ssh,openssh
metadata:

View File

@ -13,6 +13,7 @@ info:
Update to the latest version of VSFTPD, which does not contain the backdoor.
classification:
cve-id: CVE-2011-2523
epss-score: 0.981440000
metadata:
max-request: 2
verified: true

View File

@ -16,6 +16,7 @@ info:
cvss-score: 10
cve-id: CVE-2015-3306
cwe-id: CWE-284
epss-score: 0.969110000
tags: cve,cve2015,ftp,rce,network,proftpd,edb
metadata:
max-request: 2

View File

@ -15,6 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2016-2004
cwe-id: CWE-306
epss-score: 0.067930000
tags: cve,cve2016,network,iot,hp,rce,edb
metadata:
max-request: 2

View File

@ -8,6 +8,12 @@ info:
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
reference:
- https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2016-3510
cwe-id: CWE-119
epss-score: 0.0162000000.016200000
metadata:
max-request: 2
verified: true

View File

@ -10,7 +10,11 @@ info:
- https://github.com/vulhub/vulhub/tree/master/log4j/CVE-2017-5645
- https://nvd.nist.gov/vuln/detail/CVE-2017-5645
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2017-5645
cwe-id: CWE-502
epss-score: 0.768230000
metadata:
max-request: 2
tags: vulhub,network,apache,log4j,rce,deserialization,oast

View File

@ -16,6 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2018-2628
cwe-id: CWE-502
epss-score: 0.975310000
tags: cve,cve2018,oracle,weblogic,network,deserialization,kev
metadata:
max-request: 1

View File

@ -15,6 +15,7 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-2893
epss-score: 0.973460000
metadata:
max-request: 2
tags: cve,cve2018,weblogic,network,deserialization,rce,oracle

View File

@ -14,6 +14,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-11981
cwe-id: CWE-78
epss-score: 0.936930000
metadata:
max-request: 2
shodan-query: product:"redis"

View File

@ -10,6 +10,12 @@ info:
- https://www.exploit-db.com/exploits/50914
- https://github.com/sadshade/CVE-2022-24706-CouchDB-Exploit/blob/main/CVE-2022-24706-Exploit.py
- https://nvd.nist.gov/vuln/detail/CVE-2022-24706
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-24706
cwe-id: CWE-1188
epss-score: 0.974070000
metadata:
max-request: 2
shodan-query: product:"CouchDB"