Kwetsbaarheden - Week 03

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Netdata

https://nvd.nist.gov/vuln/detail/CVE-2023-22496 (8.1)

https://nvd.nist.gov/vuln/detail/CVE-2023-22497 (6.5)

Oracle VM VirtualBox

https://nvd.nist.gov/vuln/detail/CVE-2023-21886 (8.1)

https://nvd.nist.gov/vuln/detail/CVE-2023-21898 (5.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-21899 (5.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-21884 (4.4)

Juniper Networks Junos OS

https://nvd.nist.gov/vuln/detail/CVE-2023-22396 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22395 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22405 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22404 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22409 (5.5)

ACX2K Series

https://nvd.nist.gov/vuln/detail/CVE-2023-22391 (7.5)

SRX Series / MX Series

https://nvd.nist.gov/vuln/detail/CVE-2023-22394 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22412 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22415 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22416 (7.5)

QFX10K Series

https://nvd.nist.gov/vuln/detail/CVE-2023-22399 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22403 (7.5)

SRX 5000 Series

https://nvd.nist.gov/vuln/detail/CVE-2023-22408 (7.5)

MX Series

https://nvd.nist.gov/vuln/detail/CVE-2023-22410 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22413 (7.5)

SRX Series

https://nvd.nist.gov/vuln/detail/CVE-2023-22411 (7.5)

PTX Series / QFX10000 Series

https://nvd.nist.gov/vuln/detail/CVE-2023-22414 (6.5)

Juniper Networks Junos OS Evolved

https://nvd.nist.gov/vuln/detail/CVE-2023-22400 (7.5)

Juniper Networks Junos OS / Junos OS Evolved

https://nvd.nist.gov/vuln/detail/CVE-2023-22393 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22406 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22407 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-22402 (5.9)

https://nvd.nist.gov/vuln/detail/CVE-2023-22398 (5.3)

PTX10008 / PTX10016

https://nvd.nist.gov/vuln/detail/CVE-2023-22401 (7.5)

PTX10003 Series

https://nvd.nist.gov/vuln/detail/CVE-2023-22397 (6.1)

Zoho ManageEngine Exchange Reporter Plus

https://nvd.nist.gov/vuln/detail/CVE-2023-21899 (high)

VMware Harbor

https://nvd.nist.gov/vuln/detail/CVE-2022-46463 (n/a)

Medium

Hitachi Tuning Manager

https://nvd.nist.gov/vuln/detail/CVE-2020-36611 (6.6)

GitHub Enterprise Server

https://nvd.nist.gov/vuln/detail/CVE-2022-46258 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-23739 (n/a)

GitLab CE/EE

https://nvd.nist.gov/vuln/detail/CVE-2022-4037 (6.4)

https://nvd.nist.gov/vuln/detail/CVE-2023-0042 (6.1)

https://nvd.nist.gov/vuln/detail/CVE-2022-3613 (5.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-2907 (5.7)

https://nvd.nist.gov/vuln/detail/CVE-2022-4342 (5.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-4365 (5.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-3870 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2022-4167 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2022-3514 (4.3)

https://nvd.nist.gov/vuln/detail/CVE-2022-4131 (4.1)

Zyxel AX7501-B0

https://nvd.nist.gov/vuln/detail/CVE-2022-45439 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2022-45440 (4.4)

GitLab Runner

https://nvd.nist.gov/vuln/detail/CVE-2022-2251 (4.8)

HAProxy

https://access.redhat.com/security/cve/cve-2023-0056 (medium)

FreeRADIUS

https://nvd.nist.gov/vuln/detail/CVE-2022-41859 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2022-41860 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2022-41861 (n/a)

Technitium DNS Server

https://nvd.nist.gov/vuln/detail/CVE-2022-48256 (n/a)