101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

484
active users

#cvss

0 posts0 participants0 posts today

I wrote a Discord bot to monitor for CVEs being mentioned in chat, and then it will fetch the details and post it back to chat.

It also has a feature to monitor for new KEV notifications and send them to a dedicated channel

Collab with me. Use it. Abuse it. What ever ya want!

github.com/mauvehed/kevvy

GitHubGitHub - mauvehed/kevvy: A Discord bot for searching the Common Vulnerabilities and Exposures (CVE) list and providing KEV updates.A Discord bot for searching the Common Vulnerabilities and Exposures (CVE) list and providing KEV updates. - mauvehed/kevvy
#CVSS#CVE#KEV

I agree with Solar Designer on #CVSS uselessness when rating library #vulnerabilities:

"What this tells us is that CVSS base scores are pretty much unusable for ranking library and interpreter vulnerabilities. Adding temporal and exploitability metrics may improve things, but also mostly when applied not just to the libraries, but to their specific uses. Since this is generally too hard, I think a future revision of CVSS should have adjustments in the base score for issues that are not directly exposed."

from: openwall.com/lists/oss-securit

www.openwall.comoss-security - Re: CVE-2024-40896 Analysis: libxml2 XXE due to type confusion

Apparently #CISA has rated #curl #vulnerability #CVE_2024_11053 as #CVSS v3 Base Score 9.1 "critical". This is wrong, and will lead to automation triggering unnecessary warnings and blocking use of perfectly fine systems until an update is installed (which can take months). nvd.nist.gov/vuln/detail/CVE-2

Edit: In case you wonder my credentials for judging this: I found this vulnerability.

Edit2: This appears to be originating from CISA: cve.org/Media/News/item/blog/2

Edit3: The score has now been fixed. Commit: github.com/cisagov/vulnrichmen

nvd.nist.govNVD - CVE-2024-11053