#CVE
IBM Db2 command execution | CVE-2023-38003 - https://www.redpacketsecurity.com/ibm-db2-command-execution-cve-2023-38003/
IBM Db2 denial of service | CVE-2023-40687 - https://www.redpacketsecurity.com/ibm-db2-denial-of-service-cve-2023-40687/
Apple Safari, macOS Sonoma, iOS and iPadOS information disclosure | CVE-2023-42916 - https://www.redpacketsecurity.com/apple-safari-macos-sonoma-ios-and-ipados-information-disclosure-cve-2023-42916-4/
PTC KEPServerEX, ThingWorx, and OPC-Aggregator information disclosure | CVE-2023-5909 - https://www.redpacketsecurity.com/ptc-kepserverex-thingworx-and-opc-aggregator-information-disclosure-cve-2023-5909-3/
IBM Db2 denial of service | CVE-2023-43020 - https://www.redpacketsecurity.com/ibm-db2-denial-of-service-cve-2023-43020/
IBM Db2 denial of service | CVE-2023-40692 - https://www.redpacketsecurity.com/ibm-db2-denial-of-service-cve-2023-40692/
IBM Db2 denial of service | CVE-2023-47701 - https://www.redpacketsecurity.com/ibm-db2-denial-of-service-cve-2023-47701/
IBM Db2 denial of service | CVE-2023-38727 - https://www.redpacketsecurity.com/ibm-db2-denial-of-service-cve-2023-38727/
IBM Db2 denial of service | CVE-2023-45178 - https://www.redpacketsecurity.com/ibm-db2-denial-of-service-cve-2023-45178/
IBM Db2 denial of service | CVE-2023-46167 - https://www.redpacketsecurity.com/ibm-db2-denial-of-service-cve-2023-46167/
IBM Db2 denial of service | CVE-2023-29258 - https://www.redpacketsecurity.com/ibm-db2-denial-of-service-cve-2023-29258/
Tesla: Security Vulnerabilities
https://www.cvedetails.com/vulnerability-list/vendor_id-16203/Tesla.html?page=1&order=1&trc=13&sha=73e27d3898b2b240263e0f443513b5e8f9073841
#ycombinator #security #cve #nvd #security_vulnerability #vulnerability #exploit #cvss #cwe #information_security #vulnerability_database
SimpleSAMLphp xml-security security bypass | CVE-2023-49087 - https://www.redpacketsecurity.com/simplesamlphp-xml-security-security-bypass-cve-2023-49087/
Pimcore Customer Management Framework cross-site request forgery | CVE-2023-49076 - https://www.redpacketsecurity.com/pimcore-customer-management-framework-cross-site-request-forgery-cve-2023-49076/
Sentry Symbolicator server-side request forgery | CVE-2023-49094 - https://www.redpacketsecurity.com/sentry-symbolicator-server-side-request-forgery-cve-2023-49094/
Catalis CMS360 information disclosure | CVE-2023-6341 - https://www.redpacketsecurity.com/catalis-cms360-information-disclosure-cve-2023-6341/
Perl buffer overflow | CVE-2023-47038 - https://www.redpacketsecurity.com/perl-buffer-overflow-cve-2023-47038/
ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49701 - https://www.redpacketsecurity.com/asr-asr1803-and-asr1806-chipsets-code-execution-cve-2023-49701/
Perl code execution | CVE-2023-47039 - https://www.redpacketsecurity.com/perl-code-execution-cve-2023-47039/
Yokogawa STARDOM denial of service | CVE-2023-5915 - https://www.redpacketsecurity.com/yokogawa-stardom-denial-of-service-cve-2023-5915/
ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49699 - https://www.redpacketsecurity.com/asr-asr1803-and-asr1806-chipsets-code-execution-cve-2023-49699/
Henschen & Associates court document management software information disclosure | CVE-2023-6376 - https://www.redpacketsecurity.com/henschen-associates-court-document-management-software-information-disclosure-cve-2023-6376/
Apple Safari, macOS Sonoma, iOS and iPadOS information disclosure | CVE-2023-42916 - https://www.redpacketsecurity.com/apple-safari-macos-sonoma-ios-and-ipados-information-disclosure-cve-2023-42916-3/
PTC KEPServerEX, ThingWorx, and OPC-Aggregator information disclosure | CVE-2023-5909 - https://www.redpacketsecurity.com/ptc-kepserverex-thingworx-and-opc-aggregator-information-disclosure-cve-2023-5909-2/
Schweitzer Engineering Laboratories SEL-411L code execution | CVE-2023-2264 - https://www.redpacketsecurity.com/schweitzer-engineering-laboratories-sel-411l-code-execution-cve-2023-2264/
ASR ASR1803 and ASR1806 Chipsets code execution | CVE-2023-49700 - https://www.redpacketsecurity.com/asr-asr1803-and-asr1806-chipsets-code-execution-cve-2023-49700/
Schweitzer Engineering Laboratories SEL-411L cross-site scripting | CVE-2023-2266 - https://www.redpacketsecurity.com/schweitzer-engineering-laboratories-sel-411l-cross-site-scripting-cve-2023-2266/
Schweitzer Engineering Laboratories SEL-411L information disclosure | CVE-2023-2267 - https://www.redpacketsecurity.com/schweitzer-engineering-laboratories-sel-411l-information-disclosure-cve-2023-2267/
Schweitzer Engineering Laboratories SEL-411L clickjacking | CVE-2023-2265 - https://www.redpacketsecurity.com/schweitzer-engineering-laboratories-sel-411l-clickjacking-cve-2023-2265/
IBM InfoSphere Information Server cross-site scripting | CVE-2023-46174 - https://www.redpacketsecurity.com/ibm-infosphere-information-server-cross-site-scripting-cve-2023-46174/
PHPGurukul Nipah Virus Testing Management System SQL injection | CVE-2023-6402 - https://www.redpacketsecurity.com/phpgurukul-nipah-virus-testing-management-system-sql-injection-cve-2023-6402/
IBM InfoSphere Information Server information disclosure | CVE-2023-42019 - https://www.redpacketsecurity.com/ibm-infosphere-information-server-information-disclosure-cve-2023-42019/
IBM InfoSphere Information Server cross-site scripting | CVE-2023-42022 - https://www.redpacketsecurity.com/ibm-infosphere-information-server-cross-site-scripting-cve-2023-42022/
IBM InfoSphere Information Server cross-site request forgery | CVE-2023-38268 - https://www.redpacketsecurity.com/ibm-infosphere-information-server-cross-site-request-forgery-cve-2023-38268/
IBM InfoSphere Information Server cross-site scripting | CVE-2023-42009 - https://www.redpacketsecurity.com/ibm-infosphere-information-server-cross-site-scripting-cve-2023-42009/
Voovi Social Networking Script SQL injection | CVE-2023-6416 - https://www.redpacketsecurity.com/voovi-social-networking-script-sql-injection-cve-2023-6416/
Notepad++ code execution | CVE-2023-6401 - https://www.redpacketsecurity.com/notepad-code-execution-cve-2023-6401/
BigProf Online Invoicing System cross-site scripting | CVE-2023-6426 - https://www.redpacketsecurity.com/bigprof-online-invoicing-system-cross-site-scripting-cve-2023-6426/
IBM InfoSphere Information Server denial of service | CVE-2023-40699 - https://www.redpacketsecurity.com/ibm-infosphere-information-server-denial-of-service-cve-2023-40699/
NETGEAR ProSAFE NMS300 privilege escalation | CVE-2023-49694 - https://www.redpacketsecurity.com/netgear-prosafe-nms300-privilege-escalation-cve-2023-49694/
IBM InfoSphere Information Server cross-site scripting | CVE-2023-43015 - https://www.redpacketsecurity.com/ibm-infosphere-information-server-cross-site-scripting-cve-2023-43015/
IBM InfoSphere Information Server information disclosure | CVE-2023-43021 - https://www.redpacketsecurity.com/ibm-infosphere-information-server-information-disclosure-cve-2023-43021/
ZenTao PMS cross-site scripting | CVE-2023-6439 - https://www.redpacketsecurity.com/zentao-pms-cross-site-scripting-cve-2023-6439/
BigProf Online Inventory Manager cross-site scripting | CVE-2023-6433 - https://www.redpacketsecurity.com/bigprof-online-inventory-manager-cross-site-scripting-cve-2023-6433/
Voovi Social Networking Script SQL injection | CVE-2023-6418 - https://www.redpacketsecurity.com/voovi-social-networking-script-sql-injection-cve-2023-6418/
IBM Planning Analytics on Cloud Pak for Data information disclosure | CVE-2023-26024 - https://www.redpacketsecurity.com/ibm-planning-analytics-on-cloud-pak-for-data-information-disclosure-cve-2023-26024/
Discovering MLflow Framework Zero-day Vulnerability | Machine Language Model Security | Contrast Security – Source: securityboulevard.com https://ciso2ciso.com/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #Analytics&Intelligence #CyberSecurityNews #SecurityBoulevard #machinelearning #MLflow #APIs #CVE
#iOS 17.1.2 and #macOS Sonoma 14.1.2 patch 2 actively exploited vulnerabilities
Both are #WebKit vulnerabilities. Apparently there is indication these were exploited in the wild.
CVE-2023-42916 - out-of-bounds read. Processing web content may disclose sensitive information.
CVE-2023-42917 - memory corruption #vulnerablity. Processing web content may lead to arbitrary code execution.
Update your devices ASAP.
#cybersecurity #infosec #security #cve #exploit
https://9to5mac.com/2023/11/30/ios-17-1-2-fixes-actively-exploited-vulnerabilities/
#zyxel #security advisory for authentication bypass and command injection vulnerabilities in #NAS products
CVE-2023-35137 - improper authentication
CVE-2023-35138 - command injection
CVE-2023-37927 - improper neutralization of special elements
CVE-2023-37928 - post auth command injection
CVE-2023-4473 - command injection
CVE-2023-4474 - improper neutralization of special elements
Fortunately, Zyxel has released patches for these. Update to the latest #firmware.
#cybersecurity #infosec #cve #vulnerability
https://www.techspot.com/news/101025-zyxel-warns-users-against-new-critical-vulnerabilities-nas.html
Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability https://gbhackers.com/cactus-ransomware-qlik/ #CVE/vulnerability #CyberSecurityNews #computersecurity #Vulnerability #Ransomware #Malware
Streaming now: #CiscoSystems and #OASISOpen's AI Security Summit. Up now: an all-star team of PSIRT leaders talks about #AI #vulnerability reporting. NVIDIA's Amy Rose, Dell's Lisa Bradley, Microsoft's Jay White, and Cisco's Omar Santos.
Do AI vulns even fit within conventional CVE practices? For example: what does remediation advice look like, for an LLM training data vulnerability?
https://aisecuritysummit.org
#AIsecurity #CVE
Streaming now (and live in North Carolina): #CiscoSystems and #OASISOpen's AI Security Summit. Up now: Kojin Oshiba, Co-Founder, Robust Intelligence, on how to secure your #AI models and data. Kojin has a little chat with DALL-E, live on screen, and leads it astray. #promptinjection
https://aisecuritysummit.org
#AIsecurity #CVE
I’m still surprised by some projects who complain about the burden to deal with security vulnerability disclosure. If a project used by many orgs has zero vulnerability documented and especially didn’t publish anything about security disclosure. There is maybe something to be fixed.
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files:
#cve #exploitation #informationsecurity #infosec #vulnerability #webapplicationsecurity
Google addressed the sixth Chrome Zero-Day vulnerability in 2023 – Source: securityaffairs.com https://ciso2ciso.com/google-addressed-the-sixth-chrome-zero-day-vulnerability-in-2023-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2023-6345 #BreakingNews #SecurityNews #hackingnews #Security #hacking #zeroday #Chrome
Critical ownCloud vulnerability lets attackers steal admin passwords
https://stackdiary.com/critical-owncloud-vulnerability-lets-attackers-steal-admin-passwords/
Integer overflow in Skia: Chrome releases 0-day advisory
https://stackdiary.com/integer-overflow-in-skia-chrome-releases-0-day-advisory/
Threat actors started exploiting critical ownCloud flaw CVE-2023-49103 – Source: securityaffairs.com https://ciso2ciso.com/threat-actors-started-exploiting-critical-owncloud-flaw-cve-2023-49103-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2023-49103 #BreakingNews #SecurityNews #hackingnews #ownCloud #hacking
CVE-2023-49103 is a vulnerability in #ownCloud that exposes the PHP environment. In containerized deployments, this includes the ownCloud admin password, mail server credentials, and license key.
Patch before your ownCloud instance becomes an ownedCloud instance :blobcatphoto:
#CVE202349103 #Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE
Exploit & Debug Looney Tunables CVE-2023-4911 Local Privilege Escalation in the glibc's ld.so:
https://flex0geek.blogspot.com/2023/11/exploit-debug-looney-tunables-cve-2023.html
New #microcode being released for #Intel #CPU to fix a serious vulnerability
Severity rating: 8.8 / HIGH
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
117 Vulnerabilities Discovered in Microsoft 365 Apps https://gbhackers.com/117-vulnerabilities-microsoft-365-apps/ #CVE/vulnerability #CyberSecurityNews #computersecurity #Microsoft365Apps #cybersecurity #Microsoft
117 Vulnerabilities Discovered in Microsoft 365 Apps https://gbhackers.com/117-vulnerabilities-microsoft-365-apps/ #CVE/vulnerability #CyberSecurityNews #computersecurity #Microsoft365Apps #cybersecurity #Microsoft
A lot of folks are going to have a bad time with this
https://nvd.nist.gov/vuln/detail/CVE-2023-45853
It’s a critical #CVE in zlib
Except it’s not critical
And doesn’t affect zlib
The whole CVE system is too broken to fix
Б значит не Безумие, а Безопасность: часть 1
Кибербезопасность сейчас в тренде, безопасность инфраструктуры и ПО, располагаемого в ней, тоже. В рамках серии статей хотелось бы поговорить об этом и поделиться нашим опытом. В первой части я расскажу про проект, который недавно пришел к нам с таким ТЗ: 1. Замкнутый контур; 2. Отсутствие CVE во всех используемых продуктах; 3. Контроль безопасности уже имеющейся инфраструктуры; 4. Контроль доступа до среды; 5. Автоматизация процессов. Давайте посмотрим, что из этого вышло.
https://habr.com/ru/companies/nixys/articles/771290/
#devops #devsecops #security #security_os #wazuh #trivy #awx #cve #кибербезопасность #замкнутый_контур
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies – Source: securityaffairs.com https://ciso2ciso.com/russia-linked-apt29-group-exploited-winrar-0day-in-attacks-against-embassies-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2023-38831 #BreakingNews #SecurityNews #hackingnews #hacking #WinRAR #APT29 #APT
DarkCasino joins the list of APT groups exploiting WinRAR zero-day – Source: securityaffairs.com https://ciso2ciso.com/darkcasino-joins-the-list-of-apt-groups-exploiting-winrar-zero-day-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2023-38831 #BreakingNews #SecurityNews #hackingnews #DarkCasino #hacking #Malware #WinRAR #APT
Microsoft .NET, .NET Framework and Visual Studio privilege escalation | CVE-2023-36049 - https://www.redpacketsecurity.com/microsoft-net-net-framework-and-visual-studio-privilege-escalation-cve-2023-36049-5/
💁 CVECROWD UPDATE
https://cvecrowd.com has just been updated to show an indicator of whether a #CVE is in the #CISA #KEV catalog.
The catalog contains vulnerabilities that **have been exploited** in the wild and is a great resource for vulnerability management prioritization.
The indicator on cvecrowd is placed in the header of each affected CVE column and links to the catalog entry.
I hope you find this useful!
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CveCrowd
Zimbra zero-day exploited to steal government emails by four groups – Source: securityaffairs.com https://ciso2ciso.com/zimbra-zero-day-exploited-to-steal-government-emails-by-four-groups-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2023-37580 #BreakingNews #SecurityNews #hackingnews #GoogleTAG #hacking #Zimbra #APT #XSS
Not sure, what Adobe is trying to tell me?
So they are the Vendor but what they offer is "not a product"?!?
FortiSIEM Injection Flaw: Let Attackers Execute Malicious Commands https://gbhackers.com/fortisiem-injection-flaw/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity
FortiSIEM Injection Flaw: Let Attackers Execute Malicious Commands https://gbhackers.com/fortisiem-injection-flaw/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity
Teaser!
#KEV indicators on https://cvecrowd.com coming soon!
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE #CveCrowd
🚨 #Cisco #IOSXE #CVE-2023-20198 #CVE-2023-20273
It's been a while, exploit activity has decreased || mostly consists of Auth Bypass + simple recon.
However, we recently found a new version of the Implant 👀 No clear #attribution for now, original TA or copycat? #IoC ⬇️
Since the MO and Implant code of the original TA are widely known by now we can't tie it to them confidently.
What stands out in this case:
1. new path (84c8bc4.html) + 404 return
2. separation of the Implant delivery and C2 infra:
138.122.193[.]157📥
134.122.75[.]64📣
The commands issued during the Implant delivery stayed the same for the most part, although now the attacker calculated SHA-1 hashsums of dropped files to read back and verify their integrity.
/var/www/f099.css
/tmp/pvp_coco
/tmp/pvp_wd_run
Did anyone spot similar activity? We'd love to hear from you!
Thanks for reading today's thread 🍪
ManageEngine Information Disclosure Flaw Exposes Encryption Keys https://gbhackers.com/manageengine-information-disclosure-flaw/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity
ManageEngine Information Disclosure Flaw Exposes Encryption Keys https://gbhackers.com/manageengine-information-disclosure-flaw/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity
I'm happy to share the attribution of my first #CVE!
Authenticated Static Code Injections in #OpenCart (CVE-2023-47444)
You can find the details and PoCs about the two vulnerabilities on my blog:
https://0xbro.red/disclosures/disclosed-vulnerabilities/opencart-cve-2023-47444/
Reptar – A New CPU Vulnerability Affects Intel and AMD CPUs https://gbhackers.com/reptar-a-new-cpu-vulnerability/ #CVE/vulnerability #CyberSecurityNews #computersecurity #Vulnerability
Reptar – A New CPU Vulnerability Affects Intel and AMD CPUs https://gbhackers.com/reptar-a-new-cpu-vulnerability/ #CVE/vulnerability #CyberSecurityNews #computersecurity #Vulnerability
WP Fastest Cache plugin SQLi
CVE-2023-6063
https://www.bleepingcomputer.com/news/security/wp-fastest-cache-plugin-bug-exposes-600k-wordpress-sites-to-attacks/
vuln versions: < 1.2.2 (all before 1.2.2)
patch quickly!
Microsoft Patch Tuesday, November 2023 Edition
https://krebsonsecurity.com/2023/11/microsoft-patch-tuesday-november-2023-edition/
#MicrosoftPatchTuesdayNovember2023 #sansinternetstormcenter #CVE-2023-36025 #CVE-2023-36033 #CVE-2023-36036 #CVE-2023-36038 #CVE-2023-36050 #CVE-2023-36413 #CVE-2023-36439 #SecurityTools #TimetoPatch
Microsoft Patch Tuesday, November 2023 Edition https://krebsonsecurity.com/2023/11/microsoft-patch-tuesday-november-2023-edition/ #MicrosoftPatchTuesdayNovember2023 #sansinternetstormcenter #CVE-2023-36025 #CVE-2023-36033 #CVE-2023-36036 #CVE-2023-36038 #CVE-2023-36050 #CVE-2023-36413 #CVE-2023-36439 #SecurityTools #TimetoPatch
Thank you #Apple! We were rewarded a bounty of $5,000 for reporting this bug.
🙏
CVE-2023-42846
#privacy #cybersecurity #CVE #iOS #PrivacyMatters #cybersecurity #infosec
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CVE-2023-47246 SysAid Server Path Traversal
CVE-2023-36844 Juniper Junos OS EX Series PHP External Variable Modification
CVE-2023-36845 Juniper Junos OS EX Series and SRX Series PHP External Variable Modification
CVE-2023-36846 Juniper Junos OS SRX Series Missing Authentication for Critical Function
CVE-2023-36847 Juniper Junos OS EX Series Missing Authentication for Critical Function
CVE-2023-36851 Juniper Junos OS SRX Series Missing Authentication for Critical Function
#cybersecurity #security #infosec #cve #exploit #vulnerability
Boffins from ETH Zurich have devised a novel #fuzzer for finding bugs in #RISCV chips and have used it to find more than three dozen.
When applied to six actual RISC-V #CPU – #VexRiscv, #PicoRV32, #Kronos, #CVA6, Rocket, and BOOM – Cascade found 37 new bugs (translating to 29 #CVE) in five of these six designs. https://www.theregister.com/2023/10/24/cascade_fuzzer_zurich/
CISA Adds One Known Exploited #Vulnerability to Catalog
CVE-2023-29552 Service Location Protocol (SLP) Denial-of-Service
(Atlassian Confluence data center/server according to initial version of the advisory but NIST NVD says otherwise)
This novel web shell “hijacks the underlying Apache Tomcat webserver and silently inserts itself between Confluence and Tomcat–making itself available on every webpage ...”
Interesting CVE-2023-22515 post-exploit behavior discovered by Aon's Stroz Friedberg Incident Response practice.
“… patching Confluence to address CVE-2023-22515 and CVE-2023-22518 will not remediate the web shell if it has been deployed.”
See the blog post for insights on identification of this web shell on your #Confluence server.
#QNAP Releases Patch for 2 Critical Flaws Threatening Your #NAS Devices
If you've got a QNAP NAS, time to update.
This security patch fixes two command injection vulnerabilities. (CVE-2023-23368 and CVE-2023-23369)
#cybersecurity #networkstorage #security #cve
https://thehackernews.com/2023/11/qnap-releases-patch-for-2-critical.html
Hinweis: Wenn ihr Links direkt in den Seitentext schreibt und nicht nur im PDF versteckt erhöht sich die Nutzbarkeit eures Hinweis.
Oder gleich im Social Media Post (hier auf Mastodon hat man ja mehr Platz):
[ATLA23a] Security Advisory #CVE-2023-22518
https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-
center-and-server-1311473907.html[ATLA23b] FAQ 2023-22518
https://confluence.atlassian.com/kb/faq-for-cve-2023-22518-1311474094.html[NVD23] National Vulnerability Database - NVD - CVE-2023-22518
https://nvd.nist.gov/vuln/detail/CVE-2023-22518
CISA Adds One Known Exploited #Vulnerability to Catalog
CVE-2023-46604 Apache ActiveMQ Deserialization of Untrusted Data
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks, tracked as CVE-2023-46604.
#CVE #InfoSec #CyberSecurity #Pentesting #CveCrowd https://infosec.exchange/@BleepingComputer/111364334736406686
Exploit Activity for #CVE-2023-22518, #Atlassian #Confluence Data Center and Server #cve202322518 https://i5c.us/d30376
https://cvecrowd.com has received several updates in the past week that I would like to share with you:
• Moved from cve.mitre.org to cve.org (!)
• Implemented limit on exclusive CVE columns per user
• Frontend changes to the home and about pages
Read more below 🧵
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE #CveCrowd
#CveCrowd users, I am currently undecided on how to display posts with multiple CVEs in them (the screenshot is an example).
These alternatives exist:
• List them under each CVE column they mention - means the same post is listed multiple times.
• List them only once. Which CVE column should they be assigned to?
• Don't list them at all.
What do you think?
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE
Tonight was productive!
11 files changed, 141 insertions(+), 227 deletions(-)
Gonna post release notes tomorrow 😀
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE #CveCrowd
🚨 #Cisco #IOSXE #CVE-2023-20198 #CVE-2023-20273
We updated our #IoC for exploit attempts that hit our honeypot. You can find them on #GitHub: https://github.com/SIFalcon/research/blob/main/CVE-2023-20198/ioc.txt
Based on modus operandi and infrastructure we managed to cluster certain attacking hosts togehter ⬇️
We also saw new traffic to the Implant, this time from 107.175.229[.]142, again via the user "cisco_support". Executed recon commands include:
show ip interface brief
show ip dns view
show ip name-servers
In practice, #DevOps is an Ops engineer who uses infrastructure as code, #DevSecOps is someone who sets up a #CVE scanner in the delivery pipeline, and only few folks think about the silobreaking mentality of mutual understanding that it all was supposed to entail.”
Critical bug allows data destruction in all versions of Confluence Server and Data Center
https://stackdiary.com/critical-bug-in-confluence-server-and-data-center-cve-2023-22518/
#infosec #cve #security #cybersecurity #confluence #atlassian
Since the launch of https://cvecrowd.com last Thursday, I have received a lot of feedback and ideas for improvements.
I've been busy and have already implemented a few things:
• Added vendor and product information to CVEs
• Enabled the use of opt-out hashtags in posts
• Created a GitHub repository for issues
• Implemented removal of deleted posts
Learn more below 🧵
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE #CveCrowd
New exploit out in the wild, this time it affects ActiveMQ:
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
It's recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, to fix this issue.
Does anyone know how I can find vendor and product from CPEs in the correct capitalization?
Example: CVE-2023-4966 affects citrix:netscaler_application_delivery_controller:*:
I would like the following result:
"Citrix NetScaler Application Delivery Controller" or even better "Citrix NetScaler ADC".
Another example is CVE-2023-32434 for apple:ipados, which should read "Apple iPadOS"
I want to improve the values on https://cvecrowd.com
@simontsui Good question. It's not that simple :)
I agree with all of your observations. Personally, I like #CVE_2023_4966 the best for readability.
The cvecrowd crawler searches for #CVE20234966, #CVE2023_4966, #CVE_20234966, #CVE_2023_4966 just to not miss anything. However, the thing that makes it complicated is searching for the hashtags used. There are too many CVE numbers to search for all of them regularly.
When searching for #CVE results do not include ANY of the above formats. Ironically, what it does find is #CVE-2023-4966.
In addition to hashtags, I also use full text search. When searching for "CVE" it finds CVE-2023-4966, but not when its written as a hashtag.
So a reliable way to get my crawler to find CVE posts is to use either the word "CVE", perhaps in combination with a CVE ID as described above, or the hashtag #CVE.
@kpwn do you have a preference for how the hashtags should be written? Prior to Mastodon toots being searchable (and a lot of people still haven't allowed for public searching of their toots), the only way to link the vulnerabilities was to hashtag them. I realized within the first try that #CVE-2023-4966 breaks and would have be typed as #CVE20234966 ... and I even see #CVE_2023_4966. While less commonly used, I admit that it's easier to read than #CVE20234966.
This site shows the power of open / opensource API's , this is impossible on X today https://cvecrowd.com/
#cybersecurity #cve
🚨 NEW: Private Wi-Fi addresses had been useless ever since they were introduced in iOS 14. When an iPhone joins a network, it sends multicast requests to discover AirPlay devices in the network. In these requests, iOS sends the device's real Wi-Fi MAC address.
🎬 Watch the video for details
Exposure of a device's real Wi-Fi MAC address makes it vulnerable to tracking across Wi-Fi networks.
It's fixed in iOS 17.1 (CVE-2023-42846)
#privacy #cybersecurity #CVE #iOS #PrivacyMatters #cybersecurity #infosec
Wondering what CVEs are being discussed on Mastodon right now?
I've just launched https://cvecrowd.com, a website that shows you exactly that!
Learn more below 🧵
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE #CveCrowd
Anybody hyped?
I'm posting the URL in an hour!
https://infosec.exchange/@kpwn/111297439313372552
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE
I finally deployed what I've been working on for the last couple of weeks.
It is a web app that (hopefully) provides valuable information for IT security professionals.
Best of all, each of you can help fill it with content.
Want to know what it's all about?
You won't have to wait long.
I'll post the URL tomorrow :)
🔔 Follow me to not miss a bit!
🔁 Also, boost this toot to spread the word!
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE
Look like a nice theme is building out for recently disclosed security vulnerabilities on the Snyk website:
Our CERT team is sharing the script they wrote to perform some of the mass scanning for the Cisco IOS XE exploitation #CVE-2023-20198 https://github.com/cert-orangecyberdefense/Cisco_CVE-2023-20198 It was modified from Atea Redteam's version to work better at scale https://github.com/Atea-Redteam/CVE-2023-20198
Wait, so Rust had already identified the H/2 Rapid Reset vulnerability (what became #CVE-2023-44487) back in April as CVE-2023-26964?
Shame that this didn't get recognized as a protocol flaw rather than an h2/hyper implementation issue back then.
https://rustsec.org/advisories/RUSTSEC-2023-0034.html
https://github.com/advisories/GHSA-f8vr-r385-rh5r
A proof of concept (PoC) for the zero-day WebKit vulnerability patched end of September 2023 has been published on Github :github: by po6ix
- 📌POC-for-CVE-2023-41993
- 📌CVE-2023-41993 — fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14
#InfoSec #Cybersecurity #CVE #CVE202341993 #PoC #Webkit #Vulnerability #️⃣CatSalad
This is your regular reminder that CVSSv3 base scores are information-poor, and taken alone are not fit for the purpose of evaluating appropriate actions to take for a given security vulnerability.
I am hoping that CVSSv4 helps improve industry practices. It's badly needed.
#InfoSec #CVSS #CVE
https://csrc.nist.gov/csrc/media/Presentations/2023/update-on-cvss-4-0/jan-25-2023-ssca-dugal-rich.pdf
Until recently, I'd always been under the impression that #cURL is "just" a #CLI tool for making #WebRequests, and therefore probably quite simple under the hood, with only a few (if any) very small #AttackSurfaces. Then I started following some #infosec / #cybersecurity researchers, and all of a sudden, I started hearing about a new cURL #CVE, almost every week it seemed.
Two lessons learned:
1. Nothing is ever as simple as it seems.
2. Security researchers are unbelievably smart.
The new confluence bug sounds very similar or a variation on a vulnerability I reported to them (*.atlassian.net) back in August 2014 whereby you could sign up an admin user by visiting the /admin/users/sign-up endpoint, the default was to have this signup form enabled instead of disabled 😆
.
#AtlassianConfluence #CVE #CVE202322515
CVEs reported without version, and/or never updated to limit their CPEs to exclude versions where the vulnerability is fixed;
and now I get false positives every single time I update that dependency 😭
(in this case, specifically, Keycloak's CVE-2020-1717, CVE-2022-1438 and CVE-2023-0105, both still reported on version 22.0.4 by Dependency Track; the GitHub Advisories have the accurate information, but not the NVD 😡)
Big shoutout goes to @tfiebig for his more than awesome blogpost about running a postfix proxy in front of exim: https://doing-stupid-things.as59645.net/mail/2023/09/30/postfix-proxy-setup.html
The !@metalab mail server is successfully behind a proxy postfix now.
@datacop and me invested the whole evening for it, due to infrastructure hassles...
So apparently there is a RCE bug in exim - details yet to be disclosed (https://www.zerodayinitiative.com/advisories/ZDI-23-1469/). No updated version available yet.
Suggested Mitigation: Do not expose Exim to the internet.
How not helpful. It's an MTA!
But not doing anything feels wrong. So I put exim behind NGINX using its mail proxy. Took about 20 minutes of RTFM and ~10 lines of nginx / exim config changes.
Does it help? No idea, we don't have details of the exploit. But it feels better. Does that count? ;-)
Visit https://www.cve.org/ and see: "We're sorry but cve-website doesn't work properly without JavaScript enabled. Please enable it to continue." Are you kidding me? Shouldn't that place care about security and security-conscious visitors, if any does? :catAngry: #CVE
In my earlier thread I should have recommended that folks be on the lookout for end of life(EoL) versions of Electron that are bundled with software that is itself updated to the latest version. I've observed a case where fully updated software was using Electron 22.x.x that isn't EoL yet, but will be in 2 weeks. In those cases I strongly suggest you notify your vendor and, if it is paid software, pressure them to migrate to a supported version ASAP.
Note: There IS a patched version of 22.x.x which is 22.3.24.
Reference: https://www.electronjs.org/docs/latest/tutorial/electron-timelines
#Security #Electron #SBOM #CVE20234863 #CVE-2023-4863 #CVE_2023_4863
Roughly 2 weeks ago Google patched a critical vulnerability, CVE-2023-4863, that was being exploited in the wild. The broad impact of the root cause of the vuln and the fact that it will have a long tail of unpatched software has been poorly communicated. You can read more in @dangoodin 's excellent article on Ars Technica.
As pointed out in the article above, Electron is based on Chromium and is impacted. Electron is bundled in a ton of apps that people might overlook.
I threw together the following shell command to help macOS audit which versions of Electron apps are installed.
find /Applications -type f -name "*Electron Framework*" -exec \
sh -c "echo \"{}\" && strings \"{}\" | grep '^Chrome/[0-9.]* Electron/[0-9]' | head -n1 && echo " \;
When run, you should see something similar to the following:
/Applications/Visual Studio Code.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
Chrome/114.0.5735.289 Electron/25.8.1
/Applications/Slack.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
Chrome/116.0.5845.188 Electron/26.2.1
#Security #Electron #CVE20234863 #CVE-2023-4863
Uhoh, looks like #libwebp might have had additional security fixes _after_ the release of v1.3.2, which was what OS vendors use to address #CVE-2023-4863:
https://github.com/webmproject/libwebp/commit/95ea5226c870449522240ccff26f0b006037c520
https://www.openwall.com/lists/oss-security/2023/09/22/4
If so, then we're seeing the shellshock effect, where discovery of one issue gets everybody's attention on it to quickly discover additional problems, so maybe expect follow-up releases.
The tragedy of the #CVE tracking system:
Usually it’s clogged with low-quality spam (costly regex? Critical DoS! integer overflow? anything could happen!)
This time there’s a real 0day exploited vulnerability, in almost everything that has pixels, and nobody’s getting notified, because the report buried the impact.
I came across a weird CVE, and I wonder if the infosec community can help me out.
I'm talking about CVE-2014-0457. It has a 2014 date, but was modified last year.
In some places this has been scored a 10, but there is absolutely no information available about it. This issue was apparently fixed in certain versions of Java 6 and 7, but for Java 8 there is no minor version specified, so all Java 8 versions show up as vulnerable.
Does anyone know anything about this one? Boosts welcome of course.
Mastodon just released a new version fixing CVE-2023-42452 and CVE-2023-42451
However the CVE's aren't published yet and the GHSA's on Github are still set to private. Does anyone know the severity of these issues?
Is this a stop and upgrade right now, or can we properly schedule the maintenance?
EDIT:
The Advisories have been made public, updating with moderate urgency seems to be recommended
https://github.com/mastodon/mastodon/security/advisories/GHSA-v3xf-c9qf-j667
https://github.com/mastodon/mastodon/security/advisories/GHSA-2693-xr3m-jhqr
In 2017, Equifax experienced one of the largest data breaches in the world.
Here's how it happened:
https://blog.0x7d0.dev/history/how-equifax-was-breached-in-2017/
*sigh*
Inkscape is not effected by this libwebp #CVE because we don't read #webp files. You can have a go if you want, Inkscape tells you it doesn't understand the file.
We can *export* webp files using python and the Pillow Image library. But you can't exploit an exporter with this CVE.
What they've probably seen is that libwebp is linked because of Gdk, but it's not used in Inkscape.
Though we should probably patch it for 1.3.1 out an abundance of caution.
PostgreSQL and cURL aren't the only ones. Someone is faking security alerts for numerous open-source projects. https://opensourcewatch.beehiiv.com/p/now-postgresqls-turn-bogus-cve by @sjvn
But, it’s not just cURL and
#PostgreSQL being abused. The #CVE #security system itself is badly flawed.
Bogus CVE follow-ups
tldr: MITRE refused to take it down. NVD lowered the score by a lot.
https://daniel.haxx.se/blog/2023/09/05/bogus-cve-follow-ups/
Someone is taking the piss, first curl then this rubbish? Who’s out to ruin it for the rest of us? Incompetence or malice? #cve #appsec #infosec https://www.postgresql.org/about/news/cve-2020-21469-is-not-a-security-vulnerability-2701/
The #CVE system is broken by perverse incentives, CVSS is absurdly skewed by design, and #NVD is systematically failing to their job.
https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/
Heads up to #MastoAdmin, don't forget to update Puma to deal with the #CVE vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2023-40175
Upgrade to version 6.3.1 or 5.6.7 to be safe.
While exploring use of PKCS #11 devices in #OpenPGP contexts, I stumbled over a bug (and potential security issue) in the yubihsm_pkcs11.so driver for #YubiHSM devices.
Long form text by Christian Reitter (who walked me through the coordinated disclosure process with #Yubico, and did amazing work analyzing and writing up the issue):
https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/
Yubico advisory: https://www.yubico.com/support/security-advisories/ysa-2023-01/
#CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39908
(Thanks again to @sovtechfund for funding my #PKCS11 work)