GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 19-Dec-2024 02:21:15 JST screaminggoat screaminggoat
    in reply to
    • Wary Jerry

    @jerry Here are sources for your Fortinet CVE-2024-34990 (CVSSv3.1: 9.8 critical):

    • https://www.fortiguard.com/psirt/FG-IR-23-144 (error loading)
    • https://nvd.nist.gov/vuln/detail/CVE-2023-34990

    A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

    Note: FortiGuard PSIRT has a tendency to only list the temporal CVSS score 9.6 (lower score) to downplay the severity of its original base score.

    In conversation about 5 months ago from infosec.exchange permalink

    Attachments


    1. Invalid filename.

    • Embed this notice
      Alexandre Dulaunoy (adulau@infosec.exchange)'s status on Thursday, 19-Dec-2024 02:21:15 JST Alexandre Dulaunoy Alexandre Dulaunoy
      in reply to
      • Wary Jerry

      @screaminggoat @jerry If you are curious about the evolution of sightings https://vulnerability.circl.lu/vuln/CVE-2023-34990#sightings

      In conversation about 5 months ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        cvelistv5 - CVE-2023-34990
        from /humans.txt
        Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
    • Embed this notice
      screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 19-Dec-2024 02:21:15 JST screaminggoat screaminggoat
      in reply to
      • Alexandre Dulaunoy

      @adulau thank you for this website! I've been meaning to see how others track social media posts besides Feedly: https://feedly.com/cve/CVE-2023-34990

      In conversation about 5 months ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: feedly.com
        CVE-2023-34990 / 9.8
        A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    • Embed this notice
      Wary Jerry (jerry@infosec.exchange)'s status on Thursday, 19-Dec-2024 02:21:16 JST Wary Jerry Wary Jerry

      🎶 On the -7th day of Christmas Fortinet gave to meeee a critical Fortigate C… V…. EEEEEE 🎶

      In conversation about 5 months ago permalink
    • Embed this notice
      cR0w :cascadia: (cr0w@infosec.exchange)'s status on Thursday, 19-Dec-2024 02:48:59 JST cR0w :cascadia: cR0w :cascadia:
      • Kevin Beaumont
      • Alexandre Dulaunoy

      @GossiTheDog @screaminggoat @adulau Are people using these at scale? Like in professional orgs and in SOCs?

      In conversation about 5 months ago permalink
      alcinnz repeated this.
    • Embed this notice
      Alexandre Dulaunoy (adulau@infosec.exchange)'s status on Thursday, 19-Dec-2024 02:48:59 JST Alexandre Dulaunoy Alexandre Dulaunoy
      in reply to
      • Kevin Beaumont
      • cR0w :cascadia:

      @cR0w We developed the open source vulnerability-lookup project (and also the sighting part) for providing actionable intelligence in the scope of NIS2 obligation and to share the information with all CSIRTs and SOCs efficiently.

      https://www.vulnerability-lookup.org/

      about the sighting aspect https://www.vulnerability-lookup.org/tools/#sightings

      We have still plenty of ideas. If you see something missing, let us know.

      @GossiTheDog @screaminggoat

      In conversation about 5 months ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        About
        Vulnerability-Lookup is a rewritten version of cve-search, an open-source tool initially aimed at maintaining a local CVE database. The original cve-search had design and scalability limitations, and its public instance operated by CIRCL is maxing out at 20,000 queries per second. As vulnerability sources have diversified beyond the NVD CVE, a new tool was needed to support the CVD process, allowing for bundling, commenting, publishing, and extending vulnerability information in a collaborative manner.
      2. No result found on File_thumbnail lookup.
        Tools
        Software within the Vulnerability-Lookup project.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.