Kwetsbaarheden - Week 03

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Netdata
https://nvd.nist.gov/vuln/detail/CVE-2023-22496 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-22497 (6.5)

Oracle VM VirtualBox
https://nvd.nist.gov/vuln/detail/CVE-2023-21886 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-21898 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-21899 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-21884 (4.4)

Juniper Networks Junos OS
https://nvd.nist.gov/vuln/detail/CVE-2023-22396 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22395 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22405 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22404 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22409 (5.5)
ACX2K Series
https://nvd.nist.gov/vuln/detail/CVE-2023-22391 (7.5)
SRX Series / MX Series
https://nvd.nist.gov/vuln/detail/CVE-2023-22394 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22412 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22415 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22416 (7.5)
QFX10K Series
https://nvd.nist.gov/vuln/detail/CVE-2023-22399 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22403 (7.5)
SRX 5000 Series
https://nvd.nist.gov/vuln/detail/CVE-2023-22408 (7.5)
MX Series
https://nvd.nist.gov/vuln/detail/CVE-2023-22410 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22413 (7.5)
SRX Series
https://nvd.nist.gov/vuln/detail/CVE-2023-22411 (7.5)
PTX Series / QFX10000 Series
https://nvd.nist.gov/vuln/detail/CVE-2023-22414 (6.5)

Juniper Networks Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2023-22400 (7.5)

Juniper Networks Junos OS / Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2023-22393 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22406 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22407 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22402 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2023-22398 (5.3)
PTX10008 / PTX10016
https://nvd.nist.gov/vuln/detail/CVE-2023-22401 (7.5)
PTX10003 Series
https://nvd.nist.gov/vuln/detail/CVE-2023-22397 (6.1)

Zoho ManageEngine Exchange Reporter Plus
https://nvd.nist.gov/vuln/detail/CVE-2023-21899 (high)

VMware Harbor
https://nvd.nist.gov/vuln/detail/CVE-2022-46463 (n/a)

Medium

Hitachi Tuning Manager
https://nvd.nist.gov/vuln/detail/CVE-2020-36611 (6.6)

GitHub Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2022-46258 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-23739 (n/a)

GitLab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2022-4037 (6.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-0042 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-3613 (5.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-2907 (5.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-4342 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-4365 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-3870 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-4167 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-3514 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-4131 (4.1)

Zyxel AX7501-B0
https://nvd.nist.gov/vuln/detail/CVE-2022-45439 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-45440 (4.4)

GitLab Runner
https://nvd.nist.gov/vuln/detail/CVE-2022-2251 (4.8)

HAProxy
https://access.redhat.com/security/cve/cve-2023-0056 (medium)

FreeRADIUS
https://nvd.nist.gov/vuln/detail/CVE-2022-41859 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-41860 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-41861 (n/a)

Technitium DNS Server
https://nvd.nist.gov/vuln/detail/CVE-2022-48256 (n/a)