#cve
Patch analysis, vulnerability bug identification and exploit development for CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability)
https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
La combo d'onglet parfaite pour le monitoring #CVE
(dans la trousse #infosec )
monitor 🖥️
👇
https://cvetrends.com/
( by https://sjbell.com/ )
search 🔎
👇
https://cvexploits.io/
Z annałów śmieciowych #CVE:
> W paczce Advancecomp odnaleziono błąd segmentacji. Może to spowodować obniżenie dostępności. (tłum. własne)
Dlaczego jest to tak wielki śmieć?
1. Mówimy o błędzie pamięci w przypadkowym programie, który nie jest nawet popularny, a co dopiero używany w kontekście związanym z bezpieczeństwem.
2. Zgłoszenie jest całkowicie bezużyteczne. Nie ma tam słowa o tym rzekomym błędzie.
https://bugzilla.redhat.com/show_bug.cgi?id=2210768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2961
New in the annals of junk #CVE:
> A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.
Just to emphasize how much junk this is:
1. It's a segfault in a random program that's not even very popular, let alone used in a security-relevant context.
2. The linked bug report is absolutely useless, it doesn't say anything about the alleged segfault.
https://bugzilla.redhat.com/show_bug.cgi?id=2210768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2961
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
#InternationalComputerScienceInstitute #EmailSecurityGateway #BarracudaNetworks #LatestWarnings #NicholasWeaver #CaitlinCondon #CVE-2023-2868 #TimetoPatch #Mandiant #Rapid7
Kroniki Shodana: Kibana ( https://nfsec.pl/pentest/6192 ) #kibana #elasticsearch #cve #exploit #security #twittermigration
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways https://krebsonsecurity.com/2023/06/barracuda-urges-replacing-not-patching-its-email-security-gateways/ #InternationalComputerScienceInstitute #EmailSecurityGateway #BarracudaNetworks #LatestWarnings #NicholasWeaver #CaitlinCondon #CVE-2023-2868 #TimetoPatch #Mandiant #Rapid7
CVE-2023-34108: Manipulation interner Dovecot-Variablen in mailcow durch speziell gestaltete Passwörter https://dasnetzundich.de/cve-2023-34108-manipulation-interner-dovecot-variablen-in-mailcow-durch-speziell-gestaltete-passwoerter/ #CVE-2023-34108 #Security #dovecot #mailcow
Do you want to own a domain that is referenced in multiple #CVE entries? I registered some expired domains a while ago, and they'll be lapsing in 3 days so then's your chance. https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=youfucktard.com&search_type=all&isCpeNameSearch=false and https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=avenir-geopolitique.net+&search_type=all&isCpeNameSearch=false
Replaced one router for a customer this evening as a remote hand. The redundant one got hit by the CVE-2022-22209 bug as we shitted the old one. Patching the boxes now…
#neteng #junos #maintenance #cve
Advantech WebAccss/SCADA code execution | CVE-2023-32628 - https://www.redpacketsecurity.com/advantech-webaccss-scada-code-execution-cve-2023-32628-3/
Mitsubishi Electric MELSEC iQ-R information disclosure | CVE-2023-2062 - https://www.redpacketsecurity.com/mitsubishi-electric-melsec-iq-r-information-disclosure-cve-2023-2062/
Advantech WebAccss/SCADA code execution | CVE-2023-22450 - https://www.redpacketsecurity.com/advantech-webaccss-scada-code-execution-cve-2023-22450-3/
Mitsubishi Electric MELSEC iQ-R file upload | CVE-2023-2063 - https://www.redpacketsecurity.com/mitsubishi-electric-melsec-iq-r-file-upload-cve-2023-2063/
Mitsubishi Electric MELSEC iQ-R default account | CVE-2023-2061 - https://www.redpacketsecurity.com/mitsubishi-electric-melsec-iq-r-default-account-cve-2023-2061/
Kramer VIA GO² file disclosure | CVE-2023-33507 - https://www.redpacketsecurity.com/kramer-via-go%c2%b2-file-disclosure-cve-2023-33507/
Atlassian Inline Table Editing application for Confluence cross-site scripting | CVE-2023-33287 - https://www.redpacketsecurity.com/atlassian-inline-table-editing-application-for-confluence-cross-site-scripting-cve-2023-33287/
Advantech WebAccss/SCADA code execution | CVE-2023-32540 - https://www.redpacketsecurity.com/advantech-webaccss-scada-code-execution-cve-2023-32540-3/
IBM Maximo Asset Management information disclosure | CVE-2023-32334 - https://www.redpacketsecurity.com/ibm-maximo-asset-management-information-disclosure-cve-2023-32334/
Kramer VIA GO² file upload | CVE-2023-33508 - https://www.redpacketsecurity.com/kramer-via-go%c2%b2-file-upload-cve-2023-33508/
Dell OS Recovery Tool privilege escalation | CVE-2023-28066 - https://www.redpacketsecurity.com/dell-os-recovery-tool-privilege-escalation-cve-2023-28066/
IBM Security Guardium session fixation | CVE-2023-0041 - https://www.redpacketsecurity.com/ibm-security-guardium-session-fixation-cve-2023-0041/
Mitsubishi Electric MELSEC iQ-R information disclosure | CVE-2023-2060 - https://www.redpacketsecurity.com/mitsubishi-electric-melsec-iq-r-information-disclosure-cve-2023-2060/
Kramer VIA GO² SQL injection | CVE-2023-33509 - https://www.redpacketsecurity.com/kramer-via-go%c2%b2-sql-injection-cve-2023-33509/
IBM Aspera information disclosure | CVE-2023-22862 - https://www.redpacketsecurity.com/ibm-aspera-information-disclosure-cve-2023-22862/
IBM Maximo Application Suite information disclosure | CVE-2023-27861 - https://www.redpacketsecurity.com/ibm-maximo-application-suite-information-disclosure-cve-2023-27861/
Dell Secure Connect Gateway information disclosure | CVE-2023-28043 - https://www.redpacketsecurity.com/dell-secure-connect-gateway-information-disclosure-cve-2023-28043/
Advantech WebAccss/SCADA code execution | CVE-2023-22450 - https://www.redpacketsecurity.com/advantech-webaccss-scada-code-execution-cve-2023-22450/
Advantech WebAccss/SCADA code execution | CVE-2023-32628 - https://www.redpacketsecurity.com/advantech-webaccss-scada-code-execution-cve-2023-32628/
GPAC denial of service | CVE-2023-3013 - https://www.redpacketsecurity.com/gpac-denial-of-service-cve-2023-3013/
Progress MOVEit Transfer SQL injection | CVE-2023-34362 - https://www.redpacketsecurity.com/progress-moveit-transfer-sql-injection-cve-2023-34362/
Advantech WebAccess/SCADA code execution | CVE-2023-2866 - https://www.redpacketsecurity.com/advantech-webaccess-scada-code-execution-cve-2023-2866-4/
Splunk Enterprise Splunk Enterprise and Splunk Cloud Platform security bypass | CVE-2023-32717 - https://www.redpacketsecurity.com/splunk-enterprise-splunk-enterprise-and-splunk-cloud-platform-security-bypass-cve-2023-32717/
Find out what you need to know to defend against the KeePass vulnerability CVE-2023-32784!
& find out why CVE-2023-32784 does not matter!
https://cybergladius.com/defend-keepass-against-cve-2023-32784
#KeePass #cve-2023-32784 #BlueTeam #cybersecurity
Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment, while our team produces a patch.
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
@bagder 100% agreed that the CVSS scoring system and "assume the worst" guidance makes for scores that do not accurately reflect importance. Especially for very broad-use things.
My take on this is that. like it or not, more open source projects of note need to become "CNA" (certificate numbering authorities) of their own which I understand can given them some control over the content of CVEs filed against their project. https://www.cve.org/ProgramOrganization/CNAs
Dearest Lazyweb --
Here is an archive snapshot of all ~400k #CVE references. Took about two weeks for #ArchiveBot to scrape.
Please can you build me a #classifier to tell the difference between a good archive and a bad archive? Like, tell the difference between "HTTP 200: This page is gone!" kind of archives and "HTTP 200: Here's some good vuln info!"
kthx!
Also: no, I don't have rolling archives yet, and I don't know how to make these practically useful. If you want to help, though, we're documenting on the ArchiveTeam wiki now.
We are developing vulnerability-lookup which is a rewrite of cve-search to support and improve various requirements which came during the past years:
- Improve the NVD NIST feeders to support the new API v2
- Allow multiple source of vulnerability feeds to be ingested even if there is no associated CVE id
- Support of GSD feeds (mainly where the Linux kernelvulnerabilities are described) and GitHub security vulnerabilities (more to come very soon)
- Easily find the overlaps or differences between vulnerabilities allocated
- A very fast API (we got rid of MongoDB and replaced it with kvrocks) to get the original vulnerability description from the different feeds
This is still pretty alpha but an initial release is coming in the next weeks.
If you want to contribute, test or have any ideas of additional feeds to add, let us know.
CVE-2020-0796
Windows Protocol TestSuites is to trigger BSoD (full #exploit).
@threatresearch @micahflee oh super. I’ve had a three month rolling delete on my tweets for years and years, before I scrubbed it all.
Looks like everything since Jun/2022 was restored (for me).
otoh, this undermining of user intention might make my #cve reference archiving project just a smidge easier in the short term. I know we lost a bunch of unique CVE references in October.
Here's a fun #exploit (CVE-2023-33248): "Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing)."
#CVE Listing: https://nvd.nist.gov/vuln/detail/CVE-2023-33248
Whitepaper: https://www.usenix.org/system/files/sec23fall-prepub-261-xia-qi.pdf
Did you know that following the advice of several security standards to remediate all vulnerabilities with a CVSS score of 7 or above would barely address half of those known to be exploited and almost 70% of that effort would be wasted on things that don't represent real risk right now?
Seem impossible to believe? Check our math in Prioritization to Prediction, Volume 1: https://lnkd.in/eyKzzX25
***
Coverage measures the completeness of remediation. Of all vulnerabilities that should be remediated, what percentage was correctly identified for remediation?
Efficiency measures the precision of remediation. Of all vulnerabilities identified for remediation, what percentage should have been remediated?
#vulnerabilitymanagement #vulnerabilityassessment #cybersecurity #vulnerabilities #cvss #cve
GitLab 更新 16.0.1,修复了一个致命 (critical) 级别的任意文件读取漏洞。
建议 GitLab 16.0.0 用户尽快更新至 16.0.1 版本。
https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/
CVE: CVE-2023-2825
CVSS: 10 (GitLab)
Affected: 16.0.0
#CVE #GitLab
Telegram 原文
Voici un outil qui permet de tester la configuration du noyau Linux et de voir si vous êtes concernés par la CVE-2023-32233 (et d'autres ...) qui affecte Netfilter. Si CONFIG_USER_NS_UNPRIVILEGED est défini sur Y, vous êtes vulnérable. Apparemment cet option a été activée aussi sur le kernel hardened. Sur Debian vous pouvez modifier l'option du noyau en définissant sysctl kernel.unprivileged_userns_clone=1 sur 0
https://hacker-gadgets.com/blog/2021/06/18/kconfig-hardened-check-a-tool-for-checking-the-hardening-options-in-the-linux-kernel-config/
#linux #kernel #cve #vulnérabilité
Today's prize for worst #CVE handling goes to #ncurses for bulk releasing a huge patchset (http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56) for CVE-2023-29491 (probably(?), as it is never mentioned in the NEWS file...) instead of providing atomic patches for changes. Why do people not use git repositories properly, if they have them? 😭
For downstreams this is extremely painful to deal with.
Nice blog post showing how to analyze and produce a PoC for CVE-2022-42475 (heap-based buffer overflow vulnerability in FortiOS SSL-VPN)
https://blog.scrt.ch/2023/03/14/producing-a-poc-for-cve-2022-42475-fortinet-rce/
Example of buffer overflow in Linux kernel (6.2.0-rc1) with exploit PoC by Davide Ornaghi
(CVE-2023-0179 affecting nftables)
Demystifying risk using CVEs and CVSS https://www.redhat.com/en/blog/demystifying-risk-using-cves-and-cvss
#Security #cve
Some may be wondering what's the story behind this commit : https://marc.info/?l=openbsd-cvs&m=168467061327976&w=2 in #freetype
Here it is: earlier this month #Ubuntu released a security update for libfreetype: https://ubuntu.com/security/notices/USN-6062-1,
mentioning a #CVE:
https://ubuntu.com/security/CVE-2023-2004
Looking closer the patch included in this security update is https://gitlab.freedesktop.org/freetype/freetype/-/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611
I was wondering if this is worth an #OpenBSD errata. What we found is that the patch has no effect on the generated code. It only shuts up the undefined behavior sanitizer.
So if the integer overflow here
matters, it's still not fixed (in Ubuntu and everywhere else)...
The accidentally committed version was from a tree where I worked on this.
#linux #kernelpanic #cve # This article is very well written and funny but worrying because it seems that Linux is a wee bit too complex for me. Is this not a great example of the power of open source? #cve2023 #CVE20232156 https://www.interruptlabs.co.uk/articles/linux-ipv6-route-of-death
The latest #KeePass discoveries can help a digital forensics investigator to solve cases.
Here is a volatility3 plugin to extract potential KeePass 2.X passwords from memory.
https://github.com/forensicxlab/volatility3_plugins/blob/main/keepass.py
Blog Article : https://www.forensicxlab.com/posts/keepass/
Happy hunting!
#CVE-2023-32784
#Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone, or video recording via the DYLD_INSERT_LIBRARIES flag.
#CVE-2023-26818
#cybersecurite #CyberSec
"A new #KeePass #vulnerability tracked as #CVE-2023-3278 makes it possible to recover the KeePass master password, apart from the first one or two characters, in cleartext form, regardless of whether the KeePass workspace is locked, or possibly, even if the program is closed... No code execution on the target system is required, just a memory dump... The flaw exists because the software uses a custom password entry box named "SecureTextBoxEx," which leaves traces of each character the user types in the memory."
Wow.
Ufff. De esta, CVE-2023-32784, me libro: https://www.helpnetsecurity.com/2023/05/17/cve-2023-32784/ De momento. #infosec #CVE #passwordmanager
From the "the 's' in #IoT stands for 'security'" department: Belkin Wemo Mini Smart Plug V2 has a remote code execution #vulnerability (CVE-2023-27217) that will **NOT** be patched because the product is EOL:
https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html
KeePass vulnerability enables master password theft
Alright so this is happening:
https://wiki.archiveteam.org/?title=ArchiveBot/CVE
Gonna give #ArchiveBot a whirl at grabbing (checks wc -l) 485,790 unique #CVE references
If you want them, they're here:
https://github.com/todb/junkdrawer/blob/main/cve-kev-refs/all-refs-2023-05-17.json.zip
A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory.
The bad news is that the vulnerability is still unfixed and that a PoC exploitation tool – aptly named KeePass 2.X Master Password Dumper – is publicly available, but the good news is that the password can't be extracted remotely just by exploiting this flaw.
I'm very happy to share with you all my latest research #blogpost along with my awesome team mate Reuven Yakar. Reuven and I found a critical vulnerability in the popular Wemo smart electrical socket by Belkin. This research had all the fun stuff - software AND hardware hacking and reverse engineering and I'm super excited to finally be able to share it. Note that Belkin WILL NOT be releasing a patch to this vulnerability:
https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/
#iot #security #securityresearch #belkin #wemo #vulnerability #cve
So every month for a year there's been a Windows CVE under active attack at patch tuesday. https://www.zerodayinitiative.com/blog/2023/5/8/the-may-2023-security-update-review
https://www.theregister.com/2023/05/08/wordpress_plugin_vulnerability/
"#WordPress users with the Advanced Custom Fields plugin on their website should upgrade after the discovery of a vulnerability in the code that could open up sites and their visitors to cross-site scripting (#XSS) attacks.
[...]
It's recommended users update their plugin to at least version 6.1.6.
The flaw, tracked as #CVE-2023-30777 and with a CVSS score of 6.1 out of 10 in severity"
@internetarchive incidentally, if you have better ideas for #archiving #CVE references, by all means, go for it. Here are my notes so far, patches accepted etc.
All right, gonna start an experiment with firing about 5k archive requests at the @internetarchive today to see if it’ll work. This is to ensure that every #CVE reference that’s on the KEV list from #CISA is archived.
Achtung!
HP Laserjet: Sicherheitsleck mit hohem Risiko
Die Lücken betreffen HP zufolge die Drucker-Baureihen
HP Color LaserJet MFP M478-M479,
HP Color LaserJet Pro M453-M454,
HP LaserJet Pro M304-M305 und M404-M405 sowie
HP LaserJet Pro MFP M428-M429 und die zugehörige f-Baureihe davon.
Finally someone put some respeck on my name :coolhhHHAAAHHH:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30626
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30627
An article about the road to remote code execution will follow in the next weeks.
I'm so happy, you people! 🤗
Another #CVE in #Spring #SpEL fixed: https://spring.io/security/cve-2023-20863, joining: CVE-2011-2730
CVE-2016-4977 (RCE)
CVE-2020-9301
CVE-2021-45029 (RCE)
CVE-2021-23258 (RCE)
CVE-2022-22963 (RCE)
CVE-2023-20863
Patch analysis, vulnerability bug identification and exploit development for CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability)
https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
Woah, so, I'm publishing a new book! 🚀🎁
PREORDER: https://nodejs-secure-coding.lemonsqueezy.com/checkout?cart=83325ac9-7ea9-498b-adfd-21dd57a3470b
This book is going to teach you about Command Injection vulnerabilities in Node.js
It's Friday so we can raise a toast to celebrate and use the LAUNCHYAY25OFF coupon gift when you check out. Thanks in advance for the support!
I don't know if this is a controversial opinion, but I will state it anyway:
I believe that the CVE system has some serious deficiencies. In particular, using the same system for both user-facing products and third-party libraries is problematic to the point of actually reducing overall security in the industry.
Let me give an example: Let's say you run a self-hosted piece of server-software written in Java. Let's call the product "Foo". You use something like Sonatype to monitor vulnerabilities in the software you use.
You happily run Foo for a few months and CVE-2023-0001 is reported on product Foo with a CVSS score of 9.9. In this case the system works great because you can now patch Foo as soon as possible, and in the meantime you can look at the remediation procedure documented in the CVE report to determine how much of a hurry you are in.
But that's unfortunately not what happens. What you are actually going to see is hundreds of vulnerabilities of varying severity reported not just on Foo as a product, but on every single third-party library that the product Foo happens to use.
Let's say that Foo generates SVG from a template and then uses a library to convert said SVG into images before sending them to the client (never mind that seems like a stupid solution, just go with it). And then a CVSS 10.0 appears because there is an RCE when passing specially crafted SVG data to the library.
Now you have Sonatype reporting that you have a severity 10 issue with the workaround static "upgrade this library". This information would be useful for the developer of Foo, but not for the user.
In fact, the developer may already have investigated this and downgraded the score since the library is never used to process untrusted input.
What this means is that as a user of some piece of software you will feel a lot of pressure internally to pursue CVE reports that are in fact not relevant, but since it shows up in your scan you have an obligation to do this, and check with the vendor to ask about the root cause of these results. This takes time and energy away from your real job: To keep your infrastructure secure.
I lay the blame for this happening squarely on the bad organisation of the CVE database, and I really wish there was a better way. Unfortunately right now it's all we have.
For anyone wondering the #chatgpt flaw they're talking about in https://openai.com/blog/march-20-chatgpt-outage is https://github.com/redis/redis-py/commit/66a4d6b2a493dd3a20cc299ab5fef3c14baad965 no #CVE or #GSD yet. But that's ok, the word security never appears so it's not a security flaw right? It's normal for users to see each other's data...
@kubikpixel LMAO.
Wetten die kriegen es nichtmals hin die #CVE - #DB nach #Android & #iOS zu durchsuchen und dazugehörigen #ProofOfConcept - Code zu archivieren?!?
So beschissen wie @bka@social.bund.de / #BKA zahlt ist das auch kein Wunder...
Dass diese ohne Abstimmung #Exploits sammeln ist noch harmlos, anders als ohne Richterbeschluss Zeug anzuzapfen...
I've been messing around about how to parse MSG files to identify exploitation attempts of #CVE-2023-23397 and as a result I've ended working on this detection POC which I have quite presumptuously (:D) called #EmailHunter: https://github.com/febrezo/email-hunter
You'd prefer the Yara Rules from Florian (https://github.com/Neo23x0/signature-base/search?q=cve-2023-23397) but it's been a nice exercise to try pyproject.toml Python packaging. I know that it's supposed to be safer, but I haven't enjoyed the experience TBH.
At SUSE, we from the Kernel Livepatching team need to make sure that live patches work properly, but how to test a live patch when you don't have a vulnerability reproducer for the bug? You create one!
Example of buffer overflow in Linux kernel (6.2.0-rc1) with exploit PoC by Davide Ornaghi
(CVE-2023-0179 affecting nftables)
Time between #CVE #disclosure and #exploitation has decreased steadily over the past three years. In 2022, 56% of report CVEs were #exploited in the wild within a week of disclosure, compared with 50% in 2021 and only 30% in 2020.
For this excellent article by @euractiv I explain risks of #Islamophobia in #ShamimaBegum case - “It raises questions over why the case of Islamic extremism should be treated so differently to white nationalist #extremist grooming,” said Briant. https://www.euractiv.com/section/politics/opinion/uk-thinks-begum-may-have-been-a-trafficking-victim-so-why-is-she-a-threat/ #extremism #terrorism #UK #cve #counterterrorism
Git Users Urged to Update Software to Prevent Remote Code Execution Attacks
#security #cve #git https://thehackernews.com/2023/01/git-users-urged-to-update-software-to.html
Two critical issues were found in Git during a security review. The vulnerabilities can be exploited through the "--format" parameter and by providing a malformed .gitattributes file.
Full announcement: https://www.openwall.com/lists/oss-security/2023/01/17/4
Security audit with examples:
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/
Git security vulnerabilities announced | The GitHub Blog
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/
2022 had many things going but one of the proudest activities have been that I invested in active security research and have disclosed security vulnerabilities.
More have been disclosed but not all have been publishd yet
I learned a lot and going to share this with y'all soon
What’s the logic behind the halt of JSON data feeds in late 2023 for the NIST NVD (National Vulnerability Database)? This means that all the tools which were using the data feeds in JSON will need then to rely on the NIST API 2.0. Then this will increase the load on the NIST API endpoint and lack the ability to do local searches for many organisations.
https://nvd.nist.gov/vuln/data-feeds#JSON_FEED
#opendata #vulnerabilities #cve #opensource
Of course, I can update cve-search https://github.com/cve-search/cve-search to pull from the new API 2.0 but then all the local instances will do the same. A static JSON dump was clearly more efficient to update all the instances. But I suppose complexity is selling better than simplicity nowadays…
A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group.
https://www.helpnetsecurity.com/2022/12/13/cve-2022-42475/
@GossiTheDog @ewenmcneill
@wdormann
#Fortinet #FortiOS #CVE #cybersecurity #infosec #ransomware #Enterprise #IOC #ZeroDay #SSLVPN
very excited that the #CVE program republished my article aiming to debunk common myths surrounding CVE assignment! 🙌 CVEs aren't a bad thing so let's stop treating them like they are!
https://www.cve.org/Media/News/item/news/2022/12/06/5-Myths-about-CVEs-by
These are the top 10 Vulnerabilities exploited this year.
---
As the end of the year approaches, we hope that no new vulnerabilities will emerge and become widely exploited
“It may be possible for a
malicious host to trigger remote code execution in [checks notes] ping.”— #CVE-2022-23093 — Update your FreeBSDs.
and Ruby 2.7.7, 3.0.5, and 3.1.3, have all been released containing the patched version of the cgi gem. Upgrading to those Ruby versions is a better option to eliminate CVE-2021-33621 entirely from your environment.
https://www.ruby-lang.org/en/news/2022/11/24/ruby-2-7-7-released/
https://www.ruby-lang.org/en/news/2022/11/24/ruby-3-0-5-released/
https://www.ruby-lang.org/en/news/2022/11/24/ruby-3-1-3-released/
#ruby #security #CVE-2021-33621
Minor correction: bundle-audit only checks the gems which are listed in `Gemfile.lock`. Since the `cgi` gem is part of the stdlib, it's unlikely that it will be in your `Gemfile.lock` because the `rack` gem does not explicitly depend on it.
If you want to ensure that you are running the latest patched `cgi` gem version, explicitly add the `cgi` gem dependency to your `Gemfile`:
gem 'cgi', '~> 0.3.5'
#CVE-2021-33621 has been added to ruby-advisory-db for the cgi gem. Update your ruby-advisory-db and check for the cgi gem in your `Gemfile` or `Gemfile.lock`:
To check if the cgi gem is part of your bundle:
$ bundle info cgi
To update bundler-audit's ruby-advisory-db and audit the `Gemfile.lock`:
$ bundle-audit --update
https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/
@hacks4pancakes the feasible Twitter alternative ladder has been moved up a few rungs 🙌
We gain the advantages of RSS everywhere but lose the CVE search, just #CVE and filtering the chaff could work
My take on CVEs and vulnerabilities is that the score is fairly meaningless, patching everything is not feasible and there’s no getting around about knowing the context of how it is used: https://beny23.github.io/posts/curating_vulnerabilities/
Okay! I've #archived all the extant #CVE references that are #Twitter links over on https://archive.today. So that's at something.
Example:
https://archive.ph/A94hH is the archive of https://twitter.com/d0tslash/status/1555326302462394370 which was referenced in CVE-2022-2675.
I'm pretty happy that a lot of the initial #Twitter thread started by KF was captured. It was a fun bug and it'd be a shame to lose this bit of history.
See the reference-to-archive mapping, or read the thrilling adventure.
There's still loads more #TODO but this avoids the imminent disaster of Tweets and Tweeters disappearing suddenly.
So, I woke up this morning with a thought: If #Twitter is going away, what's that going to do to all the #CVE references that link there?
Fast forward to now: I've found only 277 Twitter links that are (maybe) useful as CVE references. I talked with @erickgalinkin about this for maybe 15 minutes today and he gave me some good ideas, but sadly, all the #automation I tried to save this #vulnerability data off didn't really work out.
If you have good ideas to try, then let me know, or better, just do it, since we're in a race against Twitter falling over completely, and #infosec people getting mad (like me) and flipping their whole feeds to private and leaving.
I've learned two things:
One, this whole exercise really highlighted to me the link rot that's already afflicted the CVE list. We've always known this is the case, but boy, I feel like we could be a doing a lot better with snagging and safely #archiving these references.
Two, archiving internet ephemera is hard! Turns out, there's a reason why there's a whole #library #science!
So, here's my progress so far, saved off in my GitHub junk drawer. PR's accepted. If it becomes a real project, it'll get its own repo.
Announcement:
TL;DR: Invidious isn't affected by the OpenSSL 3.X security issues CVE-2022-3786 and CVE-2022-3602
Today, a "HIGH" severity openssl 3.X was released, this announcement is to tell you that Invidious isn't affected in any way: we either use OpenSSL 1.1.X or BoringSSL (this includes Invidious itself, and our docker images).
-TheFrenchGhosty