Network Remediation - Update

patch-1
pussycat0x 2023-08-17 23:59:31 +05:30
parent 744ec172b1
commit c920bfef86
15 changed files with 22 additions and 0 deletions

View File

@ -11,6 +11,7 @@ info:
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-3306
remediation: Upgrade to ProFTPD 1.3.5a / 1.3.6rc1 or later.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10

View File

@ -11,6 +11,8 @@ info:
- http://www.kb.cert.org/vuls/id/267328
- https://www.exploit-db.com/exploits/39858/
- http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html
remediation: |
Upgrade to the most recent version of HP Data Protector.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

View File

@ -8,6 +8,8 @@ info:
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
reference:
- https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py
remediation: |
Install the relevant patch as per the advisory provided in the Oracle Critical Patch Update for July 2016.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

View File

@ -12,6 +12,7 @@ info:
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
- https://nvd.nist.gov/vuln/detail/CVE-2017-3881
- http://www.securitytracker.com/id/1038059
remediation: Deactivate a telnet connection or employ Access Control Lists (ACLs) to limit access.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

View File

@ -12,6 +12,8 @@ info:
- http://www.openwall.com/lists/oss-security/2019/12/19/2
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
remediation: |
Consider updating to Log4j 2.15.0 or a newer version, deactivating JNDI lookups, or implementing a Java Agent to safeguard against potentially harmful JNDI lookups.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

View File

@ -12,6 +12,7 @@ info:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://web.archive.org/web/20211207132829/https://securitytracker.com/id/1040696
- http://www.securitytracker.com/id/1040696
remediation: Install the suitable patch as per the Oracle Critical Patch Update advisory
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

View File

@ -11,6 +11,7 @@ info:
- https://vulners.com/nessus/WEBLOGIC_CVE_2018_2893.NASL
- https://nvd.nist.gov/vuln/detail/CVE-2018-2893
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
remediation: Install the suitable patch as per the Oracle Critical Patch Update advisory
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

View File

@ -9,6 +9,7 @@ info:
reference:
- https://github.com/apache/airflow/pull/9178
- https://github.com/vulhub/vulhub/tree/master/airflow/CVE-2020-11981
remediation: Upgrade apache-airflow to version 1.10.11 or higher.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

View File

@ -11,6 +11,9 @@ info:
- https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html
remediation:
- https://access.redhat.com/solutions/4851251
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

View File

@ -12,6 +12,7 @@ info:
- https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45
- http://www.openwall.com/lists/oss-security/2020/01/28/3
- http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html
remediation: Install patches for OpenBSD 6.6
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

View File

@ -11,6 +11,8 @@ info:
- https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/
- https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356
- http://www.openwall.com/lists/oss-security/2022/02/11/4
remediation:
- https://thesecmaster.com/how-to-fix-apache-cassandra-rce-vulnerability-cve-2021-44521/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9.1

View File

@ -15,6 +15,7 @@ info:
- https://bugs.debian.org/1005787
- https://www.debian.org/security/2022/dsa-5081
- https://lists.debian.org/debian-security-announce/2022/msg00048.html
remediation: Update to the most recent versions currently available.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10

View File

@ -12,6 +12,8 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2022-24706
- http://www.openwall.com/lists/oss-security/2022/04/26/1
- http://www.openwall.com/lists/oss-security/2022/05/09/1
remediation: |
Upgrade to versions 3.2.2 or newer. Starting from CouchDB 3.2.2, the previous default Erlang cookie value "monster" will be rejected upon startup. Upgraded installations will be required to select an alternative value.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

View File

@ -12,6 +12,7 @@ info:
- https://derekabdine.com/blog/2022-arris-advisory
- https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/
- http://inglorion.net/software/muhttpd/
remediation: Update the application to version 1.10
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5

View File

@ -12,6 +12,7 @@ info:
- http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html
- http://www.openwall.com/lists/oss-security/2023/07/12/1
- https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp
remediation: Update the RocketMQ application to version 5.1.1
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8