From 25d6e5c0f658bfd1fde4577a44590b4667343b81 Mon Sep 17 00:00:00 2001 From: m-1-k-3 Date: Sun, 21 May 2023 00:23:49 +0000 Subject: [PATCH] Update CISA known exploited vulnerability database --- config/known_exploited_vulnerabilities.csv | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv index 96d34e604..a77b2c7ec 100644 --- a/config/known_exploited_vulnerabilities.csv +++ b/config/known_exploited_vulnerabilities.csv @@ -932,3 +932,6 @@ "CVE-2015-5317","Jenkins","Jenkins User Interface (UI)","Jenkins User Interface (UI) Information Disclosure Vulnerability","2023-05-12","Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the ""Fingerprints"" pages.","Apply updates per vendor instructions.","2023-06-02","https://www.jenkins.io/security/advisory/2015-11-11/" "CVE-2016-3427","Oracle","Java SE and JRockit","Oracle Java SE and JRockit Unspecified Vulnerability","2023-05-12","Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.","Apply updates per vendor instructions.","2023-06-02","https://www.oracle.com/security-alerts/cpuapr2016v3.html" "CVE-2016-8735","Apache","Tomcat","Apache Tomcat Remote Code Execution Vulnerability","2023-05-12","Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.","Apply updates per vendor instructions.","2023-06-02","https://tomcat.apache.org/security-9.html" +"CVE-2004-1464","Cisco","IOS","Cisco IOS Denial-of-Service Vulnerability","2023-05-19","Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device.","Apply updates per vendor instructions.","2023-06-09","https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040827-telnet" +"CVE-2016-6415","Cisco","IOS, IOS XR, and IOS XE","Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability","2023-05-19","Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure.","Apply updates per vendor instructions.","2023-06-09","https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1" +"CVE-2023-21492","Samsung","Mobile Devices","Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability","2023-05-19","Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.","Apply updates per vendor instructions.","2023-06-09","https://security.samsungmobile.com/securityUpdate.smsb"