Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OBS Vigilance Spider #20

Merged
merged 3 commits into from
Jul 30, 2022
Merged

Add OBS Vigilance Spider #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
69be00b
Add OBS Vigilance Spider
chaymae-jhr Jul 30, 2022
e4def51
Merge pull request #21 from karimhabush/main
karimhabush Jul 30, 2022
2a248b5
Automatic update with GitHub Actions
actions-user Jul 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 35 additions & 20 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## CyberOwl
![cyberowl](docs/images/logo.png)
> Last Updated 30/07/2022 12:28:01 UTC
> Last Updated 30/07/2022 14:12:46 UTC

A daily updated summary of the most frequent types of security incidents currently being reported from different sources.

Expand All @@ -16,19 +16,10 @@ A daily updated summary of the most frequent types of security incidents current
| [CERT-FR](#cert-fr-arrow_heading_up) | The French national government Computer Security Incident Response Team. |
| [IBM X-Force Exchange](#ibmcloud-arrow_heading_up) | A cloud-based threat intelligence platform that allows to consume, share and act on threat intelligence. |
| [ZeroDayInitiative](#zerodayinitiative-arrow_heading_up) | An international software vulnerability initiative that was started in 2005 by TippingPoint. |
| [OBS Vigilance](#obs-vigilance-arrow_heading_up) |Vigilance is an initiative created by OBS (Orange Business Services) since 1999 to watch public vulnerabilities and then offer security fixes, a database and tools to remediate them. |

> Suggest a source by opening an [issue](https://github.com/karimhabush/cyberowl/issues)! :raised_hands:

---
### US-CERT [:arrow_heading_up:](#cyberowl)
|Title|Description|Date|
|---|---|---|
| [CISA Adds One Known Exploited Vulnerability to Catalog](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/29/cisa-adds-one-known-exploited-vulnerability-catalog) | <p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities Catalog</a>, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. <strong>Note:</strong> To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.</p> | Friday, July 29, 2022 |
| [CISA Releases Log4Shell-Related MAR](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/28/cisa-releases-log4shell-related-mar-0) | <p>From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis Report of the findings.</p> | Thursday, July 28, 2022 |
| [Samba Releases Security Updates ](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/27/samba-releases-security-updates) | <p>The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. </p> | Wednesday, July 27, 2022 |
| [Apple Releases Security Updates for Multiple Products](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/22/apple-releases-security-updates-multiple-products) | <p>Apple has released security updates to address vulnerabilities in multiple products. These updates address vulnerabilities attackers could exploit to take control of affected systems.</p> | Friday, July 22, 2022 |
| [Cisco Releases Security Updates for Multiple Products](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/22/cisco-releases-security-updates-multiple-products) | <p>Cisco has released security updates to address vulnerabilities in multiple products. Some of these vulnerabilities could allow a remote attacker to execute take control of an affected system. For updates addressing lower severity vulnerabilities, see the <a href="https://tools.cisco.com/security/center/publicationListing.x">Cisco Security Advisories page</a>. </p> | Friday, July 22, 2022 |
| [Atlassian Releases Security Advisory for Questions for Confluence App, CVE-2022-26138](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/22/atlassian-releases-security-advisory-questions-confluence-app-cve) | <p>Atlassian has released a security advisory to address a vulnerability (CVE-2022-26138) affecting Questions for Confluence App. An attacker could exploit this vulnerability to obtain sensitive information. Atlassian reports that the vulnerability is likely to be exploited in the wild.</p> | Friday, July 22, 2022 |
---
### IBMCloud [:arrow_heading_up:](#cyberowl)
|Title|Description|Date|
Expand All @@ -41,17 +32,15 @@ A daily updated summary of the most frequent types of security incidents current
| [Carel pCOWeb HVAC BACnet Gateway directory traversal](https://exchange.xforce.ibmcloud.com/activity/list?filter=Vulnerabilities) | Visit link for details | Jul 29, 2022 |
| [Geonetwork XML external entity injection](https://exchange.xforce.ibmcloud.com/activity/list?filter=Vulnerabilities) | Visit link for details | Jul 29, 2022 |
---
### ZeroDayInitiative [:arrow_heading_up:](#cyberowl)
### US-CERT [:arrow_heading_up:](#cyberowl)
|Title|Description|Date|
|---|---|---|
| [Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1035/) | Visit link for details | July 29, 2022 |
| [Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1034/) | Visit link for details | July 29, 2022 |
| [Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1033/) | Visit link for details | July 28, 2022 |
| [EnterpriseDT CompleteFTP Server HttpFile Directory Traversal Arbitrary File Deletion Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1032/) | Visit link for details | July 28, 2022 |
| [OPC Labs QuickOPC Connectivity Explorer Deserialization of Untrusted Data Remote Code Execution Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1031/) | Visit link for details | July 28, 2022 |
| [(Pwn2Own) Unified Automation OPC UA C++ Improper Update of Reference Count Denial-of-Service Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1030/) | Visit link for details | July 28, 2022 |
| [(Pwn2Own) Unified Automation OPC UA C++ Infinite Loop Denial-of-Service Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1029/) | Visit link for details | July 28, 2022 |
| [Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1028/) | Visit link for details | July 28, 2022 |
| [CISA Adds One Known Exploited Vulnerability to Catalog](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/29/cisa-adds-one-known-exploited-vulnerability-catalog) | <p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities Catalog</a>, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. <strong>Note:</strong> To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.</p> | Friday, July 29, 2022 |
| [CISA Releases Log4Shell-Related MAR](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/28/cisa-releases-log4shell-related-mar-0) | <p>From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis Report of the findings.</p> | Thursday, July 28, 2022 |
| [Samba Releases Security Updates ](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/27/samba-releases-security-updates) | <p>The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. </p> | Wednesday, July 27, 2022 |
| [Apple Releases Security Updates for Multiple Products](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/22/apple-releases-security-updates-multiple-products) | <p>Apple has released security updates to address vulnerabilities in multiple products. These updates address vulnerabilities attackers could exploit to take control of affected systems.</p> | Friday, July 22, 2022 |
| [Cisco Releases Security Updates for Multiple Products](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/22/cisco-releases-security-updates-multiple-products) | <p>Cisco has released security updates to address vulnerabilities in multiple products. Some of these vulnerabilities could allow a remote attacker to execute take control of an affected system. For updates addressing lower severity vulnerabilities, see the <a href="https://tools.cisco.com/security/center/publicationListing.x">Cisco Security Advisories page</a>. </p> | Friday, July 22, 2022 |
| [Atlassian Releases Security Advisory for Questions for Confluence App, CVE-2022-26138](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/22/atlassian-releases-security-advisory-questions-confluence-app-cve) | <p>Atlassian has released a security advisory to address a vulnerability (CVE-2022-26138) affecting Questions for Confluence App. An attacker could exploit this vulnerability to obtain sensitive information. Atlassian reports that the vulnerability is likely to be exploited in the wild.</p> | Friday, July 22, 2022 |
---
### CERT-FR [:arrow_heading_up:](#cyberowl)
|Title|Description|Date|
Expand All @@ -67,6 +56,18 @@ A daily updated summary of the most frequent types of security incidents current
| [Multiples vuln�rabilit�s dans le noyau Linux de Debian](https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-687/) | De multiples vuln�rabilit�s ont �t� d�couvertes dans le noyau Linux de Debian. Elles permettent � un attaquant de provoquer un d�ni de service � distance, une atteinte � la confidentialit� des donn�es et une �l�vation de privil�ges. | 29 juillet 2022 |
| [Multiples vuln�rabilit�s dans Samba](https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-686/) | De multiples vuln�rabilit�s ont �t� d�couvertes dans Samba. Certaines d'entre elles permettent � un attaquant de provoquer un d�ni de service � distance, un contournement de la politique de s�curit� et une atteinte � l'int�grit� des donn�es. | 27 juillet 2022 |
---
### ZeroDayInitiative [:arrow_heading_up:](#cyberowl)
|Title|Description|Date|
|---|---|---|
| [Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1035/) | Visit link for details | July 29, 2022 |
| [Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1034/) | Visit link for details | July 29, 2022 |
| [Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1033/) | Visit link for details | July 28, 2022 |
| [EnterpriseDT CompleteFTP Server HttpFile Directory Traversal Arbitrary File Deletion Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1032/) | Visit link for details | July 28, 2022 |
| [OPC Labs QuickOPC Connectivity Explorer Deserialization of Untrusted Data Remote Code Execution Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1031/) | Visit link for details | July 28, 2022 |
| [(Pwn2Own) Unified Automation OPC UA C++ Improper Update of Reference Count Denial-of-Service Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1030/) | Visit link for details | July 28, 2022 |
| [(Pwn2Own) Unified Automation OPC UA C++ Infinite Loop Denial-of-Service Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1029/) | Visit link for details | July 28, 2022 |
| [Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability](https://www.zerodayinitiative.com/advisories/ZDI-22-1028/) | Visit link for details | July 28, 2022 |
---
### MA-CERT [:arrow_heading_up:](#cyberowl)
|Title|Description|Date|
|---|---|---|
Expand All @@ -82,3 +83,17 @@ A daily updated summary of the most frequent types of security incidents current
| [37362107/22 - Vuln�rabilit�s dans Cisco Small Business](https://www.dgssi.gov.ma/fr/content/3736210722-vulnerabilites-dans-cisco-small-business.html) | Plusieurs vuln�rabilit�s ont �t� corrig�es dans les versions susmentionn�es de Cisco Small Business. L�exploitation de ces failles pourrait permettre � un attaquant distant et authentifi� d'ex�cuter du code arbitraire sur un appareil... | 21 juillet 2022 |
| [37352107/22 - Vuln�rabilit�s critique dans Cisco Nexus Dashboard](https://www.dgssi.gov.ma/fr/content/3735210722-vulnerabilites-critique-dans-cisco-nexus-dashboard.html) | Plusieurs vuln�rabilit�s Critiques ont �t� corrig�es dans Cisco Nexus Dashboard. L�exploitation de ces failles permet � un attaquant d�ex�cuter des commandes et d'effectuer des actions avec les privil�ges de l'administrateur ou... | 21 juillet 2022 |
| [37342007/22 - "Oracle Critical Patch Update" du Mois Juillet 2022](https://www.dgssi.gov.ma/fr/content/3734200722-oracle-critical-patch-update-du-mois-juillet-2022.html) | Oracle a publi� des correctifs de s�curit� pour traiter plusieurs vuln�rabilit�s dans le cadre de sa mise � jour � Oracle Critical Patch Update � du mois Juillet 2022. L'exploitation de certaines de ces vuln�rabilit�s pourrait... | 20 juillet 2022 |
---
### OBS-Vigilance [:arrow_heading_up:](#cyberowl)
|Title|Description|Date|
|---|---|---|
| [<a href="https://vigilance.fr/vulnerability/Ruby-TZInfo-directory-traversal-via-tzinfo-data-38959" class="noirorange"><b>Ruby TZInfo</b>: directory traversal via tzinfo-data</a>](https://vigilance.fr/vulnerability/Ruby-TZInfo-directory-traversal-via-tzinfo-data-38959) | An attacker can traverse directories of Ruby TZInfo, via tzinfo-data, in order to read a file outside the service root path... | Visit link for details |
| [<a href="https://vigilance.fr/vulnerability/Das-U-Boot-buffer-overflow-via-do-i2c-md-38958" class="noirorange"><b>Das U-Boot</b>: buffer overflow via do_i2c_md()</a>](https://vigilance.fr/vulnerability/Das-U-Boot-buffer-overflow-via-do-i2c-md-38958) | An attacker can trigger a buffer overflow of Das U-Boot, via do_i2c_md(), in order to trigger a denial of service, and possibly to run code... | Visit link for details |
| [<a href="https://vigilance.fr/vulnerability/Booth-information-disclosure-via-Ignored-Authfile-Directive-38957" class="noirorange"><b>Booth</b>: information disclosure via Ignored Authfile Directive</a>](https://vigilance.fr/vulnerability/Booth-information-disclosure-via-Ignored-Authfile-Directive-38957) | An attacker can bypass access restrictions to data of Booth, via Ignored Authfile Directive, in order to read sensitive information... | Visit link for details |
| [<a href="https://vigilance.fr/vulnerability/Centreon-Web-multiple-vulnerabilities-38954" class="noirorange"><b>Centreon Web</b>: multiple vulnerabilities</a>](https://vigilance.fr/vulnerability/Centreon-Web-multiple-vulnerabilities-38954) | An attacker can use several vulnerabilities of Centreon Web... | Visit link for details |
| [<a href="https://vigilance.fr/vulnerability/libtirpc-overload-via-Idle-TCP-Connections-38952" class="noirorange"><b>libtirpc</b>: overload via Idle TCP Connections</a>](https://vigilance.fr/vulnerability/libtirpc-overload-via-Idle-TCP-Connections-38952) | An attacker can trigger an overload of libtirpc, via Idle TCP Connections, in order to trigger a denial of service... | Visit link for details |
| [<a href="https://vigilance.fr/vulnerability/libguestfs-overload-via-get-keys-38950" class="noirorange"><b>libguestfs</b>: overload via get_keys()</a>](https://vigilance.fr/vulnerability/libguestfs-overload-via-get-keys-38950) | An attacker can trigger an overload of libguestfs, via get_keys(), in order to trigger a denial of service... | Visit link for details |
| [<a href="https://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-xfrm-pols-put-38948" class="noirorange"><b>Linux kernel</b>: denial of service via xfrm_pols_put()</a>](https://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-xfrm-pols-put-38948) | An attacker can cause a fatal error of the Linux kernel, via xfrm_pols_put(), in order to trigger a denial of service... | Visit link for details |
| [<a href="https://vigilance.fr/vulnerability/Webmin-Usermin-Cross-Site-Scripting-via-Read-Mail-Module-38947" class="noirorange"><b>Webmin - Usermin</b>: Cross Site Scripting via Read Mail Module</a>](https://vigilance.fr/vulnerability/Webmin-Usermin-Cross-Site-Scripting-via-Read-Mail-Module-38947) | An attacker can trigger a Cross Site Scripting of Webmin - Usermin, via Read Mail Module, in order to run JavaScript code in the context of the web site... | Visit link for details |
| [<a href="https://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-nfqnl-mangle-38946" class="noirorange"><b>Linux kernel</b>: denial of service via nfqnl_mangle()</a>](https://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-nfqnl-mangle-38946) | An attacker can cause a fatal error of the Linux kernel, via nfqnl_mangle(), in order to trigger a denial of service... | Visit link for details |
| [<a href="https://vigilance.fr/vulnerability/Go-denial-of-service-via-go-parser-Parse-38945" class="noirorange"><b>Go</b>: denial of service via go/parser Parse</a>](https://vigilance.fr/vulnerability/Go-denial-of-service-via-go-parser-Parse-38945) | An attacker can cause a fatal error of Go, via go/parser Parse, in order to trigger a denial of service... | Visit link for details |
Loading