6 hours ago

Patch analysis, vulnerability bug identification and exploit development for CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability)

#infosec #cybersecurity #cve #exploit

La combo d'onglet parfaite pour le monitoring #CVE

(dans la trousse #infosec )

monitor 🖥️​

( by )

search 🔎​


Michał Górny
1 day ago

Z annałów śmieciowych #CVE:

> W paczce Advancecomp odnaleziono błąd segmentacji. Może to spowodować obniżenie dostępności. (tłum. własne)

Dlaczego jest to tak wielki śmieć?

1. Mówimy o błędzie pamięci w przypadkowym programie, który nie jest nawet popularny, a co dopiero używany w kontekście związanym z bezpieczeństwem.

2. Zgłoszenie jest całkowicie bezużyteczne. Nie ma tam słowa o tym rzekomym błędzie.

New in the annals of junk #CVE:

> A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.

Just to emphasize how much junk this is:

1. It's a segfault in a random program that's not even very popular, let alone used in a security-relevant context.

2. The linked bug report is absolutely useless, it doesn't say anything about the alleged segfault.

3 days ago

CVE-2023-34108: Manipulation interner Dovecot-Variablen in mailcow durch speziell gestaltete Passwörter #CVE-2023-34108 #Security #dovecot #mailcow

5 days ago

Replaced one router for a customer this evening as a remote hand. The redundant one got hit by the CVE-2022-22209 bug as we shitted the old one. Patching the boxes now…
#neteng #junos #maintenance #cve

RedPacket Security
6 days ago
RedPacket Security
1 week ago
Africa Center
1 week ago

The #Sahel accounts for 40% of all violent activity by militant #Islamist groups in Africa, more than any other region in Africa.

The timeframe of this worsening security is strikingly the same as the period since several Sahelian militaries overthrew their governments and seized power.

#CVE #terrorism #Mali #BurkinaFaso #Chad

Da ist mir doch glatt eine 7.5er #CVE in #traefik entgangen...

Gut, jetzt nicht sooo schlimm, aber doof.

Ich warte immernoch auf die V3, aber ich glaube ja, die ist tot...

CyberGladius :verified:
1 week ago

Find out what you need to know to defend against the KeePass vulnerability CVE-2023-32784!

& find out why CVE-2023-32784 does not matter!

#KeePass #cve-2023-32784 #BlueTeam #cybersecurity

1 week ago

Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment, while our team produces a patch.

#CVE #Vulnerability #Moveit

@bagder 100% agreed that the CVSS scoring system and "assume the worst" guidance makes for scores that do not accurately reflect importance. Especially for very broad-use things.

My take on this is that. like it or not, more open source projects of note need to become "CNA" (certificate numbering authorities) of their own which I understand can given them some control over the content of CVEs filed against their project.

#cve #cvss #cna #oss

Dearest Lazyweb --

Here is an archive snapshot of all ~400k #CVE references. Took about two weeks for #ArchiveBot to scrape.

Please can you build me a #classifier to tell the difference between a good archive and a bad archive? Like, tell the difference between "HTTP 200: This page is gone!" kind of archives and "HTTP 200: Here's some good vuln info!"


Also: no, I don't have rolling archives yet, and I don't know how to make these practically useful. If you want to help, though, we're documenting on the ArchiveTeam wiki now.

Alexandre Dulaunoy
2 weeks ago

We are developing vulnerability-lookup which is a rewrite of cve-search to support and improve various requirements which came during the past years:

  • Improve the NVD NIST feeders to support the new API v2
  • Allow multiple source of vulnerability feeds to be ingested even if there is no associated CVE id
  • Support of GSD feeds (mainly where the Linux kernelvulnerabilities are described) and GitHub security vulnerabilities (more to come very soon)
  • Easily find the overlaps or differences between vulnerabilities allocated
  • A very fast API (we got rid of MongoDB and replaced it with kvrocks) to get the original vulnerability description from the different feeds

This is still pretty alpha but an initial release is coming in the next weeks.

If you want to contribute, test or have any ideas of additional feeds to add, let us know.

#opensource #threatintel #cvd #vulnerability #cve


Jun Nergahak 🌺🌺🌺
2 weeks ago


Windows Protocol TestSuites is to trigger BSoD (full #exploit).

#cve #cybersecurity #infosec

2 weeks ago


I find many websites that give very short summaries on #CVE (s).

Does anybody (or any service) provide a bit more info to explain the product, its users and the impact the CVE could have?

(or does nobody really read CVEs and everybody just patches?)

@threatresearch @micahflee oh super. I’ve had a three month rolling delete on my tweets for years and years, before I scrubbed it all.

Looks like everything since Jun/2022 was restored (for me).

otoh, this undermining of user intention might make my #cve reference archiving project just a smidge easier in the short term. I know we lost a bunch of unique CVE references in October.

Kevin Payravi
2 weeks ago

Here's a fun #exploit (CVE-2023-33248): "Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing)."

#CVE Listing:


A graphic displaying how the "Near-Ultrasound Inaudible Trojan" vulnerability can be exploited. A user visits a website that plays an inaudible voice command, "Alexa, open the door", causing Alexa to open the victim's door without the victim's knowledge.
Wade Baker
2 weeks ago

Did you know that following the advice of several security standards to remediate all vulnerabilities with a CVSS score of 7 or above would barely address half of those known to be exploited and almost 70% of that effort would be wasted on things that don't represent real risk right now?

Seem impossible to believe? Check our math in Prioritization to Prediction, Volume 1:

Coverage measures the completeness of remediation. Of all vulnerabilities that should be remediated, what percentage was correctly identified for remediation?

Efficiency measures the precision of remediation. Of all vulnerabilities identified for remediation, what percentage should have been remediated?

#vulnerabilitymanagement #vulnerabilityassessment #cybersecurity #vulnerabilities #cvss #cve

GitLab 更新 16.0.1,修复了一个致命 (critical) 级别的任意文件读取漏洞。

建议 GitLab 16.0.0 用户尽快更新至 16.0.1 版本。

CVE: CVE-2023-2825
CVSS: 10 (GitLab)
Affected: 16.0.0

#CVE #GitLab

Telegram 原文

3 weeks ago

Voici un outil qui permet de tester la configuration du noyau Linux et de voir si vous êtes concernés par la CVE-2023-32233 (et d'autres ...) qui affecte Netfilter. Si CONFIG_USER_NS_UNPRIVILEGED est défini sur Y, vous êtes vulnérable. Apparemment cet option a été activée aussi sur le kernel hardened. Sur Debian vous pouvez modifier l'option du noyau en définissant sysctl kernel.unprivileged_userns_clone=1 sur 0
#linux #kernel #cve #vulnérabilité

David Runge
3 weeks ago

Today's prize for worst #CVE handling goes to #ncurses for bulk releasing a huge patchset (;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56) for CVE-2023-29491 (probably(?), as it is never mentioned in the NEWS file...) instead of providing atomic patches for changes. Why do people not use git repositories properly, if they have them? 😭

For downstreams this is extremely painful to deal with.

#ArchLinux #packagerlife

3 weeks ago

Nice blog post showing how to analyze and produce a PoC for CVE-2022-42475 (heap-based buffer overflow vulnerability in FortiOS SSL-VPN)

#cve #infosec #exploit #cybersecurity

3 weeks ago

Example of buffer overflow in Linux kernel (6.2.0-rc1) with exploit PoC by Davide Ornaghi
(CVE-2023-0179 affecting nftables)

#Linux #kernel #infosec #cybersecurity #cve

Marco Ivaldi
3 weeks ago

This is awesome!

#Linux #kernel #CVE #exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.

Matthieu Herrb
3 weeks ago

Some may be wondering what's the story behind this commit : in #freetype

Here it is: earlier this month #Ubuntu released a security update for libfreetype:,
mentioning a #CVE:

Looking closer the patch included in this security update is

I was wondering if this is worth an #OpenBSD errata. What we found is that the patch has no effect on the generated code. It only shuts up the undefined behavior sanitizer.

So if the integer overflow here
matters, it's still not fixed (in Ubuntu and everywhere else)...

The accidentally committed version was from a tree where I worked on this.

adingbatponder :mastodon:
3 weeks ago

#linux #kernelpanic #cve # This article is very well written and funny but worrying because it seems that Linux is a wee bit too complex for me. Is this not a great example of the power of open source? #cve2023 #CVE20232156

3 weeks ago

The latest #KeePass discoveries can help a digital forensics investigator to solve cases.
Here is a volatility3 plugin to extract potential KeePass 2.X passwords from memory.

Blog Article :
Happy hunting!

El Dis :verified:
3 weeks ago

#Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone, or video recording via the DYLD_INSERT_LIBRARIES flag.

#cybersecurite #CyberSec

Jessica D Dooley
3 weeks ago

"A new #KeePass #vulnerability tracked as #CVE-2023-3278 makes it possible to recover the KeePass master password, apart from the first one or two characters, in cleartext form, regardless of whether the KeePass workspace is locked, or possibly, even if the program is closed... No code execution on the target system is required, just a memory dump... The flaw exists because the software uses a custom password entry box named "SecureTextBoxEx," which leaves traces of each character the user types in the memory."


Félix Brezo
3 weeks ago
3 weeks ago

From the "the 's' in #IoT stands for 'security'" department: Belkin Wemo Mini Smart Plug V2 has a remote code execution #vulnerability (CVE-2023-27217) that will **NOT** be patched because the product is EOL:

#infosec #rce #cve

Alright so this is happening:

Gonna give #ArchiveBot a whirl at grabbing (checks wc -l) 485,790 unique #CVE references

If you want them, they're here:

Zeljka Zorz
3 weeks ago

A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory.

The bad news is that the vulnerability is still unfixed and that a PoC exploitation tool – aptly named KeePass 2.X Master Password Dumper – is publicly available, but the good news is that the password can't be extracted remotely just by exploiting this flaw.

#Cybersecurity #CVE #KeePass

Amit Serper :donor:
4 weeks ago

I'm very happy to share with you all my latest research #blogpost along with my awesome team mate Reuven Yakar. Reuven and I found a critical vulnerability in the popular Wemo smart electrical socket by Belkin. This research had all the fun stuff - software AND hardware hacking and reverse engineering and I'm super excited to finally be able to share it. Note that Belkin WILL NOT be releasing a patch to this vulnerability:

#iot #security #securityresearch #belkin #wemo #vulnerability #cve

Phil Tanner
1 month ago

"#WordPress users with the Advanced Custom Fields plugin on their website should upgrade after the discovery of a vulnerability in the code that could open up sites and their visitors to cross-site scripting (#XSS) attacks.


It's recommended users update their plugin to at least version 6.1.6.

The flaw, tracked as #CVE-2023-30777 and with a CVSS score of 6.1 out of 10 in severity"

@internetarchive incidentally, if you have better ideas for #archiving #CVE references, by all means, go for it. Here are my notes so far, patches accepted etc.

All right, gonna start an experiment with firing about 5k archive requests at the @internetarchive today to see if it’ll work. This is to ensure that every #CVE reference that’s on the KEV list from #CISA is archived.

HP Laserjet: Sicherheitsleck mit hohem Risiko

Die Lücken betreffen HP zufolge die Drucker-Baureihen
HP Color LaserJet MFP M478-M479,
HP Color LaserJet Pro M453-M454,
HP LaserJet Pro M304-M305 und M404-M405 sowie
HP LaserJet Pro MFP M428-M429 und die zugehörige f-Baureihe davon.

#sicherheitsluecke #cve

1 month ago

It turns out some versions of #vmware #esxi run an #SLP daemon by default. Turn it off if you're not using it, or make sure you firewall udp:427 at the border if you are, to mitigate the reflective amplification attack that's using it #CVE-2023-29552

2 months ago

Finally someone put some respeck on my name :coolhhHHAAAHHH:​



An article about the road to remote code execution will follow in the next weeks.

I'm so happy, you people! 🤗​

#firsttime #cve #jellyfin #birdman

Another #CVE in #Spring #SpEL fixed:, joining: CVE-2011-2730
CVE-2016-4977 (RCE)
CVE-2021-45029 (RCE)
CVE-2021-23258 (RCE)
CVE-2022-22963 (RCE)

2 months ago

Patch analysis, vulnerability bug identification and exploit development for CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability)

#infosec #cybersecurity #cve #exploit

Liran Tal :verified:
2 months ago

Woah, so, I'm publishing a new book! 🚀🎁

This book is going to teach you about Command Injection vulnerabilities in Node.js

It's Friday so we can raise a toast to celebrate and use the LAUNCHYAY25OFF coupon gift when you check out. Thanks in advance for the support!

#security #vulnerability #cve #nodejs #books

Elias Mårtenson
2 months ago

I don't know if this is a controversial opinion, but I will state it anyway:

I believe that the CVE system has some serious deficiencies. In particular, using the same system for both user-facing products and third-party libraries is problematic to the point of actually reducing overall security in the industry.

Let me give an example: Let's say you run a self-hosted piece of server-software written in Java. Let's call the product "Foo". You use something like Sonatype to monitor vulnerabilities in the software you use.

You happily run Foo for a few months and CVE-2023-0001 is reported on product Foo with a CVSS score of 9.9. In this case the system works great because you can now patch Foo as soon as possible, and in the meantime you can look at the remediation procedure documented in the CVE report to determine how much of a hurry you are in.

But that's unfortunately not what happens. What you are actually going to see is hundreds of vulnerabilities of varying severity reported not just on Foo as a product, but on every single third-party library that the product Foo happens to use.

Let's say that Foo generates SVG from a template and then uses a library to convert said SVG into images before sending them to the client (never mind that seems like a stupid solution, just go with it). And then a CVSS 10.0 appears because there is an RCE when passing specially crafted SVG data to the library.

Now you have Sonatype reporting that you have a severity 10 issue with the workaround static "upgrade this library". This information would be useful for the developer of Foo, but not for the user.

In fact, the developer may already have investigated this and downgraded the score since the library is never used to process untrusted input.

What this means is that as a user of some piece of software you will feel a lot of pressure internally to pursue CVE reports that are in fact not relevant, but since it shows up in your scan you have an obligation to do this, and check with the vendor to ask about the root cause of these results. This takes time and energy away from your real job: To keep your infrastructure secure.

I lay the blame for this happening squarely on the bad organisation of the CVE database, and I really wish there was a better way. Unfortunately right now it's all we have.

#cve #infosec #cvss

kurtseifried (he/him)
2 months ago

For anyone wondering the #chatgpt flaw they're talking about in is no #CVE or #GSD yet. But that's ok, the word security never appears so it's not a security flaw right? It's normal for users to see each other's data...

@kubikpixel LMAO.

Wetten die kriegen es nichtmals hin die #CVE - #DB nach #Android & #iOS zu durchsuchen und dazugehörigen #ProofOfConcept - Code zu archivieren?!?

So beschissen wie / #BKA zahlt ist das auch kein Wunder...

Dass diese ohne Abstimmung #Exploits sammeln ist noch harmlos, anders als ohne Richterbeschluss Zeug anzuzapfen...

Félix Brezo
3 months ago

I've been messing around about how to parse MSG files to identify exploitation attempts of #CVE-2023-23397 and as a result I've ended working on this detection POC which I have quite presumptuously (:D) called #EmailHunter:

You'd prefer the Yara Rules from Florian ( but it's been a nice exercise to try pyproject.toml Python packaging. I know that it's supposed to be safer, but I haven't enjoyed the experience TBH.

#Infosec #ThreatHunting #DFIR

Marcos Paulo de Souza
3 months ago

At SUSE, we from the Kernel Livepatching team need to make sure that live patches work properly, but how to test a live patch when you don't have a vulnerability reproducer for the bug? You create one!

#linux #kernel #ltp #cve #livepatch

3 months ago

Example of buffer overflow in Linux kernel (6.2.0-rc1) with exploit PoC by Davide Ornaghi
(CVE-2023-0179 affecting nftables)

#Linux #kernel #infosec #cybersecurity #cve

Caitlin Condon
3 months ago

Time between #CVE #disclosure and #exploitation has decreased steadily over the past three years. In 2022, 56% of report CVEs were #exploited in the wild within a week of disclosure, compared with 50% in 2021 and only 30% in 2020.

For this excellent article by @euractiv I explain risks of #Islamophobia in #ShamimaBegum case - “It raises questions over why the case of Islamic extremism should be treated so differently to white nationalist #extremist grooming,” said Briant. #extremism #terrorism #UK #cve #counterterrorism

Over 500 breached devices and still growing #CVE-2021-21974 #ESXi

5 months ago

Serious privilege escalation bug was discovered in #sudoedit. Make sure to upgrade #Sudo to v1.9.12.p2 ASAP or revoke access to sudoedit until Sudo is patched for your #Linux distribution.

CVE-2023-22809: Sudoedit can edit arbitrary files

#security #cve

Alex Boten
5 months ago

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks

#security #cve #git

Robert Lemke
5 months ago

Two critical issues were found in Git during a security review. The vulnerabilities can be exploited through the "--format" parameter and by providing a malformed .gitattributes file.

Full announcement:

Security audit with examples:

#git #security #cve

Git security vulnerabilities announced | The GitHub Blog

#git #cve

Liran Tal :verified:
5 months ago

2022 had many things going but one of the proudest activities have been that I invested in active security research and have disclosed security vulnerabilities.

More have been disclosed but not all have been publishd yet

I learned a lot and going to share this with y'all soon

#bugbounty #cve

Alexandre Dulaunoy
5 months ago

What’s the logic behind the halt of JSON data feeds in late 2023 for the NIST NVD (National Vulnerability Database)? This means that all the tools which were using the data feeds in JSON will need then to rely on the NIST API 2.0. Then this will increase the load on the NIST API endpoint and lack the ability to do local searches for many organisations.

#opendata #vulnerabilities #cve #opensource

Of course, I can update cve-search to pull from the new API 2.0 but then all the local instances will do the same. A static JSON dump was clearly more efficient to update all the instances. But I suppose complexity is selling better than simplicity nowadays…

Zeljka Zorz
6 months ago

A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group.

@GossiTheDog @ewenmcneill

#Fortinet #FortiOS #CVE #cybersecurity #infosec #ransomware #Enterprise #IOC #ZeroDay #SSLVPN

6 months ago

very excited that the #CVE program republished my article aiming to debunk common myths surrounding CVE assignment! 🙌 CVEs aren't a bad thing so let's stop treating them like they are!

Astra Kernel :verified:
6 months ago

These are the top 10 Vulnerabilities exploited this year.
As the end of the year approaches, we hope that no new vulnerabilities will emerge and become widely exploited

#vulnerability #infosec #exploits #cve

Xe :verified:
6 months ago

OVE-20221101-0001: "private" account bypass

#CVE #security #CoSo #mastodon #infosec

“It may be possible for a
malicious host to trigger remote code execution in [checks notes] ping.”— #CVE-2022-23093 — Update your FreeBSDs.

7 months ago

and Ruby 2.7.7, 3.0.5, and 3.1.3, have all been released containing the patched version of the cgi gem. Upgrading to those Ruby versions is a better option to eliminate CVE-2021-33621 entirely from your environment.
#ruby #security #CVE-2021-33621

7 months ago

Minor correction: bundle-audit only checks the gems which are listed in `Gemfile.lock`. Since the `cgi` gem is part of the stdlib, it's unlikely that it will be in your `Gemfile.lock` because the `rack` gem does not explicitly depend on it.

If you want to ensure that you are running the latest patched `cgi` gem version, explicitly add the `cgi` gem dependency to your `Gemfile`:

gem 'cgi', '~> 0.3.5'

#ruby #security #infosec #CVE-2021-33621

7 months ago

#CVE-2021-33621 has been added to ruby-advisory-db for the cgi gem. Update your ruby-advisory-db and check for the cgi gem in your `Gemfile` or `Gemfile.lock`:

To check if the cgi gem is part of your bundle:

$ bundle info cgi

To update bundler-audit's ruby-advisory-db and audit the `Gemfile.lock`:

$ bundle-audit --update

#ruby #security #infosec

Ciarán McNally
7 months ago

@hacks4pancakes the feasible Twitter alternative ladder has been moved up a few rungs 🙌

We gain the advantages of RSS everywhere but lose the CVE search, just #CVE and filtering the chaff could work

Gerald Benischke
7 months ago

My take on CVEs and vulnerabilities is that the score is fairly meaningless, patching everything is not feasible and there’s no getting around about knowing the context of how it is used:

#AppSec #CVE #infosec #CVSSScore

Okay! I've #archived all the extant #CVE references that are #Twitter links over on So that's at something.

Example: is the archive of which was referenced in CVE-2022-2675.

I'm pretty happy that a lot of the initial #Twitter thread started by KF was captured. It was a fun bug and it'd be a shame to lose this bit of history.

See the reference-to-archive mapping, or read the thrilling adventure.

There's still loads more #TODO but this avoids the imminent disaster of Tweets and Tweeters disappearing suddenly.

So, I woke up this morning with a thought: If #Twitter is going away, what's that going to do to all the #CVE references that link there?

Fast forward to now: I've found only 277 Twitter links that are (maybe) useful as CVE references. I talked with @erickgalinkin about this for maybe 15 minutes today and he gave me some good ideas, but sadly, all the #automation I tried to save this #vulnerability data off didn't really work out.

If you have good ideas to try, then let me know, or better, just do it, since we're in a race against Twitter falling over completely, and #infosec people getting mad (like me) and flipping their whole feeds to private and leaving.

I've learned two things:

One, this whole exercise really highlighted to me the link rot that's already afflicted the CVE list. We've always known this is the case, but boy, I feel like we could be a doing a lot better with snagging and safely #archiving these references.

Two, archiving internet ephemera is hard! Turns out, there's a reason why there's a whole #library #science!

So, here's my progress so far, saved off in my GitHub junk drawer. PR's accepted. If it becomes a real project, it'll get its own repo.

7 months ago


TL;DR: Invidious isn't affected by the OpenSSL 3.X security issues CVE-2022-3786 and CVE-2022-3602

Today, a "HIGH" severity openssl 3.X was released, this announcement is to tell you that Invidious isn't affected in any way: we either use OpenSSL 1.1.X or BoringSSL (this includes Invidious itself, and our docker images).

#invidious #openssl #cve