Questions tagged [cve]
Common Vulnerabilities and Exposures (CVE) is a dictionary to describe known vulnerabilities.
243 questions
0
votes
0
answers
54
views
how to check usages of a class method in open source code
I detected in a codeline usage of a bouncy castle that is vulnerable to the cve CVE-2023-33201.
The CVE seems to come from the guilty class X509LDAPCertStoreSpi.java, and in specific the method search(...
- 187
3
votes
1
answer
99
views
PCI DSS SAQ A qualification - what counts as a 'found' vulnerability?
This Q pertains to PCI DSS v4.0 SAQ A - previous Q&A only touched on previous versions of PCI.
Since 4.0, merchants that accept credit card payment, even if they only iframe or link to their ...
- 131
1
vote
0
answers
45
views
RedHat get list of CVE afecting specific software [closed]
I need to build a tool to get list of CVE impacting specific software of a given RedHat system.
I am aware that there is online RedHat API but i does not want to go there because :
My systems do not ...
- 213
3
votes
1
answer
983
views
CVE-2022-29190 due to telegraf?
I am working on finding workaround for CVE-2022-29190 in my application.
My application makes use of telegraf.
It also states this:
Telegraf is written in Go and compiles into a single binary with no ...
- 133
0
votes
0
answers
136
views
Does using a VPN to allow ssh connections provide better security, especially after seeing how CVE-2024-3094 (XZ backdoor) is done?
For my own (public) servers, is it considered a good idea to only allow ssh connections from VPN connections (OpenVPN, Wireguard or otherwise), to mitigate any possible attacks in the future on ssh?
...
- 1,109
0
votes
0
answers
87
views
Should Maven Central artifacts containing known vulnerable artifacts be reported?
I have developed a tool that can find Maven Central JAR artifacts that contain classes from known vulnerable JAR artifacts. This includes but is not limited to fat (uber) JARs, JAR bundles, and ...
- 113
4
votes
1
answer
601
views
Current (Feb 2024) High-Severity unfixed Linux Kernel CVEs
[Originally posted on ServerFault, was told it would fit better here]
Our vulnerability scanner (AWS Inspector V2) in the last couple of weeks started reporting ~10 High severity CVEs with the Linux ...
- 43
0
votes
1
answer
255
views
If a library has a vulnerable function, but my code doesn't call it, is my code at risk? Do I need to update?
I am trying to analyze CVE-2023-34453. As per the NVD description, there is an integer overflow error in snappy-java, specifically in the method shuffle(int[] input) in BitShuffle.java.
In a huge ...
- 187
1
vote
0
answers
94
views
What are the security concerns from failing to unpin memory?
I am trying to understand the implication of CVE-2023-40791. The CVE reads:
"Linux kernel before 6.4.12 fails to unpin pages in certain situations".
NetApp says this could lead to ...
- 11
2
votes
1
answer
1k
views
Should the use of the HTTP 'ETag' header be avoided for security and privacy concerns?
I'm looking into the risks associated with the use of the HTTP 'Etag' header and found the following relevant information already.
Information Disclosure (inodes)
This article titled: "...
- 7,125
0
votes
2
answers
156
views
Not requiring POST requests... results in a CSRF vulnerability?
I'm setting up a Jenkins server, and ran across a reported vulnerability, SECURITY-3033, also identified as CVE-2023-37954:
Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier does not require POST
...
2
votes
1
answer
278
views
Where to query for CVEs present in a version of a software project like npm packages of python modules?
In node, I can run npm audit and it will show me known vulnerabilities for the versions my dependencies are using.
That's cool and all, but I'd like to be able to do the following, on some website or ...
- 21
0
votes
1
answer
133
views
How can I get CISA weekly summary sorted by vendor rather than by CVE? [closed]
I subscribe to the CISA's weekly vulnerability summary email.
This USED to come sorted by vendor/product, so I could quickly skip over the Cisco and Wordpress vulnerabilities to check the stuff I care ...
1
vote
1
answer
706
views
Vulnerability scanning on target Android device
Is there an nmap vulnerability scanning script (vuln, vulscan, nmap-vulners etc) for scanning target Android devices on the network?
If not, is there any specific scanning tool that scans for CVE on ...
- 41
1
vote
1
answer
143
views
Github repos with CVEs mentioned and no real content
When I look for proof-of-concepts of a security vulnerability, I often see this kind of Github repositories:
https://github.com/Satheesh575555/linux-4.19.72_CVE-2023-0386
https://github.com/nidhi7598/...
- 252
2
votes
1
answer
530
views
How to Approach CVEs Marked as "DISPUTED" and "WON'T FIX" in PCI-DSS Pentest
When conducting penetration testing in a PCI-DSS compliance context, we found a known security vulnerability that's identified by a CVE number.
In this case, the finding in question is CVE-2016-20012, ...
- 21
0
votes
1
answer
674
views
CVSS v3 and v3.1 Missing temporal metrics (Exploit Code Maturity and Remediation Level) in all CVEs using NVD API
I have been working with the NIST - NVD API v2 and I have noticed that the temporal metrics "remediationLevelType" and "exploitCodeMaturityType" are missing in ALL CVEs that I have ...
- 1
0
votes
1
answer
285
views
Filter CVEs by affected OS
Is it possible to filter CVEs by affected platform/OS?
Some sources do provide this, like exploit-db, but the main vulnerability source NVD, National Vulnerability Database, doesn't seem to have such ...
- 1
1
vote
0
answers
310
views
Am I exploitable to CVE-2023-20862?
I am trying to analyze whether I am exploitable to the new CVE in spring security.
As per Spring they mention the following:
Specifically, an application is vulnerable when any of the following is ...
- 105
1
vote
2
answers
158
views
How to monitor for vulnerabilities across your company stack?
Let's say a software company XYZ is using a variety of 3rd party vendors - as an example, it could use:
Lastpass as a company password manager;
Azure B2C as the authentication framework for the ...
2
votes
0
answers
354
views
Is there a database that classifies NPM library vulnerabilities as exploitable vs. benign in the browser?
I maintain several Angular apps, which contain thousands of dependencies on NPM packages. GitHub's Dependabot notifies me of new known vulnerabilities every week (from the CVE database).
For example, ...
- 121
2
votes
1
answer
173
views
What're the most common vulnerabilities/weaknesses an attacker would exploit to gain SSH access to a container?
Fair warning - I am a security newbie.
In all container escape/breakout vulnerability scenarios I've read (CVE-2022-0185), the author assumes or states that the attacker already had shell or SSH ...
2
votes
1
answer
345
views
Is CVE-2023-24055 applicable to other password managers using the same format as the original KeePass?
CVE-2023-24055 is a known vulnerability that enables an attacker to recover plaintext user credentials from the KeePass application.
However, due to the original KeePass being Windows-specific, I've ...
- 374
2
votes
1
answer
211
views
Does downstream software that inherits vulnerable code need its own CVE submission?
A vulnerability could spread from one software to downstream software projects that import/use the software. If the original software has already requested a CVE ID and disclosed the vulnerability to ...
- 31
1
vote
0
answers
391
views
Different results for CPE search on NVD
I usually stick to finding the right CPE candidate for product-version I am interested in by using the Search Vulnerability Database with Search Type selected as Advanced and then narrowing down from ...
- 305
1
vote
1
answer
215
views
What is the attack surface of CVE-2014-3802?
CVE-2014-3802 says that it
allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
The ZDI page says that:
User interaction is ...
- 111
-1
votes
1
answer
323
views
Vulnerable Components CVSS Score
How do you map vulnerable components' CVSS scores?
Do you use the CVE CVSS score? Do you calculate again?
For example: A host is using a component that has a CVE for a high vulnerability.
Do you ...
- 1
2
votes
0
answers
272
views
What is missing to reproduce CVE-2022-32250?
I want to reproduce CVE-2022-32250. I found this this git repo as a repository for the exploit and a code proof of concept provided here.
So I installed Ubuntu 22.04 on VM, and installed kernel ...
- 31
1
vote
1
answer
184
views
Get in depth information about vulnerability from a CVE
I'm trying to understand how to get more information about a vulnerability given a CVE. I noticed that some CVEs, on websites like https://www.cvedetails.com, have got references to articles or to ...
- 13
0
votes
0
answers
779
views
CVE 2022-21661 - WP Injection replication
I'm trying to replicate the vulnerability CVE 2022-21661 on my own website that is resulted vulnerable as according the versions involved, as according wp-scan.
I'm trying to submit a POST request ...
- 1
0
votes
1
answer
199
views
Gitlab CVE-2022-1175
I'm trying to get information about CVE-2022-1175 which is corrected in gitlab versions 14.9.2, 14.8.5 and 14.7.7 (https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-...
- 101
2
votes
1
answer
437
views
Can one security advisory affect more than one RPM package?
On RedHat and derived Linux distributions, vulnerability warnings are available in form of security advisories which are usually derived from CVEs.
The rules for the CVE numbering authorities state ...
- 123
0
votes
2
answers
922
views
Where to find detailed info of how to exploit known vulnerabilities?
With most vulnerabilities, I see just summaries and not much detail about what is happening.
Is there a good location where you can find demos of CVEs?
For example, a CVE would say that the router ...
- 140
0
votes
1
answer
320
views
Why is the fix for CVE-2022-0839 on a test class?
I am analyzing CVE-2022-0839.
When checking the commit, I don't understand why the commit is on a test class. I mean, how does a test class fix a vulnerable component? shouldn't the fix be done in the ...
- 105
0
votes
0
answers
534
views
how to know CVE affects which Jar/artifact?
When I'm trying to analyze CVEs to detect which jars are affected by the CVE, I getting confused.
Let's take as an example this CVE: CVE-2022-22978
In the description:
"In Spring Security ...
- 105
0
votes
1
answer
323
views
Kubernetes user impersonation to obtain exec privileges
I am exploring CVE 2018-1002105 about privilege escalation vulnerabilities in Kubernetes. As a remote unuauthenticated user, I would want to make use of a metrics server deployed on my cluster to exec ...
0
votes
1
answer
225
views
Stack vs Heap exploit, which have more CVE documented?
I tried to google this topic but most of them are conflicting each other. On the other side, I found a case where I can use either stack (local variable) or heap for a dynamic string. It's C by the ...
- 133
0
votes
0
answers
133
views
trying to test the vulnerability CVE 2015-0205 for university project
I'm trying to establish a TLS client-server connection with openssl 1.0.1x on ubuntu-14.04 in order to create a fix for CVE-2015-0205 for learning purposes.
I found this explanation of CVE-2015-0205:
...
1
vote
0
answers
84
views
Should vendors add their CPEs in the log4j NIST entry?
Software that has packaged a vulnerable version of the log4j library is considered vulnerable to CVE-2021-44228 or "log4shell". When I look at the NIST definition I can see that the ...
- 181
0
votes
0
answers
1k
views
Logback's CVE-2021-42550 - Is this really a vulnerability?
I'm really struggeling with understanding CVE-2021-42550. Logback says:
A successul RCE attack with CVE-2021-42550 requires all of the following conditions to be met:
write access to logback.xml
use ...
- 33
1
vote
1
answer
147
views
How can I be alerted for security breach, bulletin, CVE for a list of manufacturers
I'm trying to find a solution to be able to be alerted of security alerts for a list of software, hardware that we are using.
I've found https://www.secalerts.co, which looks good, but it seems that ...
- 13
10
votes
2
answers
2k
views
Does CVE-2021-42694 affect only compiled code?
A new critical issue was discovered in the character definitions of the Unicode Specification through 14.0.
Does it only affect code compiled from sources with disallowed unicode characters?
RHEL ...
- 1,479
-1
votes
1
answer
284
views
Ubuntu CVE Score - Gained acces level:None - Does it mean personal data is safe on ubuntu?
I was studying the following page listing all the vulnerabilities of ubuntu. CVE Ubuntu
What I found surprising is that all vulnerabilities report that "gained access level: None". Does that ...
- 183
1
vote
0
answers
332
views
Check website for deprecated libraries and known CVEs [closed]
I was curious if anyone knew of a tool, website, or browser extension that will tell you if a site has deprecated libraries and if there are CVEs related to that. I currently have burpsuite pro and ...
0
votes
1
answer
290
views
Determining applicability of CVEs without CPEs?
I am trying to build an automated pipeline to trigger certain inhouse-software events when relevant CVEs of products-of-interest are published. I am trying to utilise NIST NVD datafeeds for this ...
- 11
7
votes
2
answers
1k
views
Should CVE be assigned to an application even if the vulnerability is in a vulnerable 3rd-party library?
I found a vulnerability in a library of vendor A, I reported it, they fixed it and I received a CVE.
We noticed that some application (let's call it vendor B), contained the library of vendor A, we ...
- 173
7
votes
1
answer
352
views
What exactly is CVE-2021-23978 (from MSFA2021-08 in Mozilla Firefox)?
A number of vulnerabilities were fixed in Firefox in the latest update. MSFA2021-08 describes it only as "memory issues that may be exploitable", and doesn't give any information:
Mozilla ...
- 67.3k
4
votes
3
answers
2k
views
How can we disable sudo on CentOS 6 to prevent CVE-2021-3156?
How can we disable sudo on CentOS 6 to prevent CVE-2021-3156?
We cannot remove RPMs or similar.
We can only change a configuration.
Do we have another fix for CVE-2021-3156 on CentOS 6, except ...
- 1,479
0
votes
1
answer
145
views
CVE submission - Denial of Service vs. Remote code execution
I wanted to ask how to deal with a new remote code execution vulnerability that has the same origin as an already found Denial of Service vulnerability? Can I apply for a new CVE ID for this? This is ...
0
votes
0
answers
644
views
Is Microsoft CVE-2020-1045 a credible threat?
Microsoft released CVE-2020-1045 in September 2020.
A security feature bypass vulnerability exists in the way Microsoft
ASP.NET Core parses encoded cookie names.
The ASP.NET Core cookie parser ...
- 171