Tag Archives: Linux

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies

Leave a reply

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies. Last year, 74 vulnerabilities were classified as trending (to compare the scale, just over 40,000 were added to NVD in 2024).

All trending vulnerabilities are found in Western commercial products and open source projects. This year, the vulnerabilities of domestic Russian products did not reach the level of criticality required to classify them as trending.

For 55 of all trending vulnerabilities there are currently signs of exploitation in attacks, for 17 there are public exploits (but no signs of exploitation) and for the remaining 2 there is only a possibility of future exploitation.

Vulnerabilities were often added to trending ones before signs of exploitation in the wild appeared. For example, the remote code execution vulnerability in VMware vCenter (CVE-2024-38812) was added to the list of trending vulnerabilities on September 20, 3 days after the vendor’s security bulletin appeared. There were no signs of exploitation in the wild or public exploit for this vulnerability. Signs of exploitation appeared only 2 months later, on November 18.

Most of the vulnerabilities in the trending list are of the following types: Remote Code or Command Execution (24) and Elevation of Privilege (21).

4 vulnerabilities in Barracuda Email Security Gateway (CVE-2023-2868), MOVEit Transfer (CVE-2023-34362), papercut (CVE-2023-27350) and SugarCRM (CVE-2023-22952) were added in early January 2024. These vulnerabilities were massively exploited in the West in 2023, and attacks using these vulnerabilities could also tangentially affect those domestic Russian organizations where these products had not yet been taken out of service. The rest of the vulnerabilities became trending in 2024.

34 trending vulnerabilities affect Microsoft products (45%).

🔹 17 of them are Elevation of Privilege vulnerabilities in the Windows kernel and standard components.

🔹 1 Remote Code Execution vulnerability in Windows Remote Desktop Licensing Service (CVE-2024-38077).

2 trending Elevation of Privilege vulnerabilities affect Linux systems: one in nftables (CVE-2024-1086), and the second in needrestart (CVE-2024-48990).

Other groups of vulnerabilities

🔻 Phishing attacks: 19 (Windows components, Outlook, Exchange, Ghostscript, Roundcube)
🔻 Network security and entry points: 13 (Palo Alto, Fortinet, Juniper, Ivanti, Check Point, Zyxel)
🔻 Virtual infrastructure and backups: 7 (VMware, Veeam, Acronis)
🔻 Software development: 6 (GitLab, TeamCity, Jenkins, PHP, Fluent Bit, Apache Struts)
🔻 Collaboration tools: 3 (Atlassian Confluence, XWiki)
🔻 CMS WordPress plugins: 3 (LiteSpeed Cache, The Events Calendar, Hunk Companion)

🗒 Full Vulristics report

🟥 Article on the official website “Vulnerable software and hardware vs. security researchers” (rus)

На русском

January Linux Patch Wednesday

Leave a reply

January Linux Patch Wednesday

January Linux Patch Wednesday. Out of 424 total vulnerabilities, 271 are in the Linux Kernel. None show signs of exploitation in the wild, but 9 have public exploits.

🔸 RCE – Apache Tomcat (CVE-2024-56337). Based on the description, the vulnerability affects “case-insensitive file systems” like Windows or MacOS. However, Debian lists it as affecting tomcat9 and tomcat10. Either this is about rare case-insensitive Linux installations or there is an error in the description. 🤷‍♂️
🔸 RCE – Chromium (CVE-2025-0291). According to the FSTEC BDU, a public exploit exists.
🔸 RCE – 7-Zip (CVE-2024-11477). What’s in the public is not an exploit, but a write-up.
🔸 Memory Corruption – Theora (CVE-2024-56431). It’s not clear yet how to exploit this. 🤷‍♂️
🔸 Memory Corruption – Telegram (CVE-2021-31320, CVE-2021-31319, CVE-2021-31315, CVE-2021-31318, CVE-2021-31322). Ubuntu fixed these vulnerabilities in the rlottie library package.

🗒 Full Vulristics report

На русском

December Linux Patch Wednesday

Leave a reply

December Linux Patch Wednesday

December Linux Patch Wednesday. There are 316 vulnerabilities in total. Compared to November LPW – much better. 🙂 119 are in Linux Kernel.

Two vulnerabilities with signs of exploitation in the wild. Both in Safari:

🔻 RCE – Safari (CVE-2024-44308)
🔻 XSS – Safari (CVE-2024-44309)

These vulnerabilities are fixed not in Safari, but in packages of the WebKit browser engine.

There are no signs of exploitation in the wild for 19 vulnerabilities yet, but there are public exploits. The following can be highlighted:

🔸 RCE – Moodle (CVE-2024-43425). First fix in the Linux vendor repository appeared on 2024-11-21 (RedOS)
🔸 Command Injection – Grafana (CVE-2024-9264)
🔸 Command Injection – virtualenv (CVE-2024-53899)
🔸 SQLi – Zabbix (CVE-2024-42327)
🔸 Data Leakage – Apache Tomcat (CVE-2024-52317)

🗒 Vulristics December Linux Patch Wednesday Report

🎉🆕 I released Vulristics 1.0.9 with improved detection of vulnerable software based on CVE description.

На русском

New episode “In The Trend of VM” (#9): 4 trending vulnerabilities of October, scandal at The Linux Foundation, social “attack on the complainer”, “Ford’s method” for motivating IT specialists to fix vulnerabilities

Leave a reply

New episode “In The Trend of VM” (#9): 4 trending vulnerabilities of October, scandal at The Linux Foundation, social “attack on the complainer”, “Ford’s method” for motivating IT specialists to fix vulnerabilities. The competition for the best question on the topic of VM continues. 😉🎁

📹 Video on YouTube, LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:37 Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090)
🔻 01:46 Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250)
🔻 02:38 Spoofing – Windows MSHTML Platform (CVE-2024-43573)
🔻 03:43 Remote Code Execution – XWiki Platform (CVE-2024-31982)
🔻 04:44 The scandal with the removal of Russian maintainers at The Linux Foundation, its impact on security and possible consequences.
🔻 05:22 Social “Attack on the complainer
🔻 06:35Ford’s method” for motivating IT staff to fix vulnerabilities: will it work?
🔻 08:00 About the digest, habr and the question contest 🎁
🔻 08:29 Backstage

На русском

November Linux Patch Wednesday

Leave a reply

November Linux Patch Wednesday

November Linux Patch Wednesday. I was happy in October that the number of vulnerabilities was gradually decreasing to an acceptable level, and in November I got a peak again. A total of 803 vulnerabilities. Of these, 567 are in the Linux Kernel. Kind of crazy. 😱

2 vulnerabilities in Chromium with signs of exploitation in the wild:

🔻 Security Feature Bypass – Chromium (CVE-2024-10229)
🔻 Memory Corruption – Chromium (CVE-2024-10230, CVE-2024-10231)

There are no signs of exploitation in the wild for 27 vulnerabilities yet, but there are public exploits. Of these, I would draw attention to:

🔸 Remote Code Execution – PyTorch (CVE-2024-48063)
🔸 Remote Code Execution – OpenRefine Butterfly (CVE-2024-47883) – “web application framework”
🔸 Code Injection – OpenRefine tool (CVE-2024-47881)
🔸 Command Injection – Eclipse Jetty (CVE-2024-6763)
🔸 Memory Corruption – pure-ftpd (CVE-2024-48208)

🗒 Vulristics November Linux Patch Wednesday Report

На русском

October Linux Patch Wednesday

Leave a reply

October Linux Patch Wednesday

October Linux Patch Wednesday. There are 248 vulnerabilities in total. Of these, 92 are in the Linux Kernel.

5 vulnerabilities with signs of exploitation in the wild:

🔻 Remote Code Execution – CUPS (CVE-2024-47176) and 4 more CUPS vulnerabilities that can also be used to enhance DoS attacks
🔻 Remote Code Execution – Mozilla Firefox (CVE-2024-9680)

For 10 vulnerabilities there are no signs of exploitation in the wild yet, but exploits exist. Among them, the following can be highlighted:

🔸 Remote Code Execution – Cacti (CVE-2024-43363)
🔸 Elevation of Privilege – Linux Kernel (CVE-2024-46848)
🔸 Arbitrary File Reading – Jenkins (CVE-2024-43044)
🔸 Denial of Service – CUPS (CVE-2024-47850)
🔸 Cross Site Scripting – Rollup JavaScript module (CVE-2024-47068)

🗒 Vulristics October Linux Patch Wednesday Report

На русском

September Linux Patch Wednesday

Leave a reply

September Linux Patch Wednesday

September Linux Patch Wednesday. 460 vulnerabilities. Of these, 279 are in the Linux Kernel.

2 vulnerabilities with signs of exploitation in the wild, but without public exploits:

🔻 Security Feature Bypass – Chromium (CVE-2024-7965)
🔻 Memory Corruption – Chromium (CVE-2024-7971)

29 vulnerabilities with no sign of exploitation in the wild, but with a link to a public exploit or a sign of its existence. Can be highlighted:

🔸 Remote Code ExecutionpgAdmin (CVE-2024-2044), SPIP (CVE-2024-7954), InVesalius (CVE-2024-42845)
🔸 Command Injection – SPIP (CVE-2024-8517)

Among them are vulnerabilities from 2023, fixed in repos only now (in RedOS):

🔸 Remote Code Executionwebmin (CVE-2023-38303)
🔸 Code Injection – webmin (CVE-2023-38306, CVE-2023-38308)
🔸 Information DisclosureKeePass (CVE-2023-24055)

Debian brought “Google Chrome on Windows” vulnerabilities. 😣👎

🗒 Vulristics September Linux Patch Wednesday Report

На русском