Category Archives: Vulristics

November Microsoft Patch Tuesday

Leave a reply

November Microsoft Patch Tuesday

November Microsoft Patch Tuesday. 125 CVEs, 35 of which were added since October MSPT. 2 vulnerabilities with signs of exploitation in the wild:

🔻 Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039)
🔻 Disclosure/Spoofing – NTLM Hash (CVE-2024-43451)

No signs of exploitation, but with a private PoC of the exploit:

🔸 Remote Code Execution – Microsoft Edge (CVE-2024-43595, CVE-2024-43596)
🔸 Authentication Bypass – Azure Functions (CVE-2024-38204)
🔸 Authentication Bypass – Microsoft Dataverse (CVE-2024-38139)
🔸 Spoofing – Microsoft Exchange (CVE-2024-49040)

Among the rest can be highlighted:

🔹Remote Code Execution – Windows Kerberos (CVE-2024-43639)
🔹Elevation of Privilege – Windows Win32k (CVE-2024-43636)
🔹Elevation of Privilege – Windows DWM Core Library (CVE-2024-43629)
🔹Elevation of Privilege – Windows NT OS Kernel (CVE-2024-43623)

🗒 Full Vulristics report

На русском

October Linux Patch Wednesday

Leave a reply

October Linux Patch Wednesday

October Linux Patch Wednesday. There are 248 vulnerabilities in total. Of these, 92 are in the Linux Kernel.

5 vulnerabilities with signs of exploitation in the wild:

🔻 Remote Code Execution – CUPS (CVE-2024-47176) and 4 more CUPS vulnerabilities that can also be used to enhance DoS attacks
🔻 Remote Code Execution – Mozilla Firefox (CVE-2024-9680)

For 10 vulnerabilities there are no signs of exploitation in the wild yet, but exploits exist. Among them, the following can be highlighted:

🔸 Remote Code Execution – Cacti (CVE-2024-43363)
🔸 Elevation of Privilege – Linux Kernel (CVE-2024-46848)
🔸 Arbitrary File Reading – Jenkins (CVE-2024-43044)
🔸 Denial of Service – CUPS (CVE-2024-47850)
🔸 Cross Site Scripting – Rollup JavaScript module (CVE-2024-47068)

🗒 Vulristics October Linux Patch Wednesday Report

На русском

October Microsoft Patch Tuesday

Leave a reply

October Microsoft Patch Tuesday

October Microsoft Patch Tuesday. 146 CVEs, of which 28 were added since September MSPT. 2 vulnerabilities with signs of exploitation in the wild:

🔻 Remote Code Execution – Microsoft Management Console (CVE-2024-43572)
🔻 Spoofing – Windows MSHTML Platform (CVE-2024-43573)

Without signs of exploitation in the wild, but with a public PoC exploit:

🔸 Remote Code Execution – Open Source Curl (CVE-2024-6197)

Private exploits exist for:

🔸 Information Disclosure – Microsoft Edge (CVE-2024-38222)
🔸 Security Feature Bypass – Windows Hyper-V (CVE-2024-20659)

Among the rest can be highlighted:

🔹 Remote Code Execution – Remote Desktop Protocol Server (CVE-2024-43582)
🔹 Remote Code Execution – Windows Remote Desktop Client (CVE-2024-43533, CVE-2024-43599)
🔹 Remote Code Execution – Windows Routing and Remote Access Service (RRAS) (CVE-2024-38212 and 11 more CVEs)

🗒 Full Vulristics report

На русском

September Linux Patch Wednesday

Leave a reply

September Linux Patch Wednesday

September Linux Patch Wednesday. 460 vulnerabilities. Of these, 279 are in the Linux Kernel.

2 vulnerabilities with signs of exploitation in the wild, but without public exploits:

🔻 Security Feature Bypass – Chromium (CVE-2024-7965)
🔻 Memory Corruption – Chromium (CVE-2024-7971)

29 vulnerabilities with no sign of exploitation in the wild, but with a link to a public exploit or a sign of its existence. Can be highlighted:

🔸 Remote Code ExecutionpgAdmin (CVE-2024-2044), SPIP (CVE-2024-7954), InVesalius (CVE-2024-42845)
🔸 Command Injection – SPIP (CVE-2024-8517)

Among them are vulnerabilities from 2023, fixed in repos only now (in RedOS):

🔸 Remote Code Executionwebmin (CVE-2023-38303)
🔸 Code Injection – webmin (CVE-2023-38306, CVE-2023-38308)
🔸 Information DisclosureKeePass (CVE-2023-24055)

Debian brought “Google Chrome on Windows” vulnerabilities. 😣👎

🗒 Vulristics September Linux Patch Wednesday Report

На русском

September Microsoft Patch Tuesday

Leave a reply

September Microsoft Patch Tuesday

September Microsoft Patch Tuesday. 107 CVEs, 28 of which were added since August MSPT. 6 vulnerabilities with signs of exploitation in the wild:

🔻 Remote Code Execution – Windows Update (CVE-2024-43491)
🔻 Elevation of Privilege – Windows Installer (CVE-2024-38014)
🔻 Security Feature Bypass – Windows Mark of the Web (CVE-2024-38217), Microsoft Publisher (CVE-2024-38226), Chromium (CVE-2024-7965)
🔻 Memory Corruption – Chromium (CVE-2024-7971)

3 more with private exploits:

🔸 Authentication Bypass – Azure (CVE-2024-38175)
🔸 Security Feature Bypass – Windows Mark of the Web (CVE-2024-43487)
🔸 Elevation of Privilege – Windows Storage (CVE-2024-38248)

Other interesting vulnerabilities:

🔹 Remote Code Execution – Microsoft SQL Server (CVE-2024-37335 and 5 more CVEs)
🔹 Remote Code Execution – Windows NAT (CVE-2024-38119)
🔹 Elevation of Privilege – Windows Win32k (CVE-2024-38246, CVE-2024-38252, CVE-2024-38253)

🗒 Full Vulristics report

На русском

I have released a new version of Vulristics 1.0.8 with some minor usability improvements

Leave a reply

I have released a new version of Vulristics 1.0.8 with some minor usability improvements

I have released a new version of Vulristics 1.0.8 with some minor usability improvements. I love it when my open source projects get pull requests. 😊 This time help came from user dvppvd:

🔹 Padding was set in the css table to make the html report more readable.

🔹 When you run the utility without parameters, help and examples are displayed. The examples show how to run the utility to analyze MSPT vulnerabilities for a specific month and year, or to analyze an arbitrary set of CVE identifiers.

🔹 Empty lines for the text banner have been added.

TODO for the next releases:

🔸 Support CVSS 4 for data sources that have already started providing this data.

🔸 Develop automated tests to verify the correct operation of the utility for known CVE identifiers.

🔸 Implement a new data source for the CVEProject GitHub repository for mass analysis of CVE vulnerabilities.

If you want to participate, join AVLEONOV Start. 😉

Changelog

На русском

August Linux Patch Wednesday

Leave a reply

August Linux Patch Wednesday

August Linux Patch Wednesday. 658 vulnerabilities. Of these, 380 are in the Linux Kernel. About 10 have signs of exploitation in the wild. I will highlight:

🔻 Vulnerabilities of IT Asset Management system GLPI: AuthBypass (CVE-2023-35939, CVE-2023-35940) and Code Injection (CVE-2023-35924, CVE-2023-36808, CVE-2024-27096, CVE-2024-29889). Fixed in RedOS.
🔻 InfDisclosure – Minio (CVE-2023-28432). Old and trendy, but also fixes appeared only in RedOS.
🔻 DoS – PHP (CVE-2024-2757). If I were to take into account Fedora or Alpine bulletins, this would be in an earlier LPW. 🤔 2DO.

About 30 without signs of exploitation in the wild, but with exploits. I will highlight:

🔸 Command Injection – Apache HTTP Server (CVE-2024-40898)
🔸 AuthBypass – Apache HTTP Server (CVE-2024-40725)
🔸 AuthBypass – Neat VNC (CVE-2024-42458)
🔸 RCE – Calibre (CVE-2024-6782); yes, e-books software 🙂

🗒 Vulristics report on August Linux Patch Wednesday

На русском