CVE (Common Vulnerabilities and Exposures) is a list of publicly known vulnerabilities and exploits in software and hardware. Each vulnerability in the database has a unique identifier in the format CVE-YYYY-NNNN, where:
CVE is a prefix indicating the identifier format.
YYYY is the year the vulnerability was registered.
NNNN is a sequential number that can contain from four to seven digits, depending on the number of registered vulnerabilities in that year.
The CVE database is managed by the MITRE Corporation. MITRE is a non-profit organization that provides research and development services for the U.S. government and is involved in various cybersecurity and technology projects.
MITRE works in partnership with the National Institute of Standards and Technology (NIST) and other organizations to manage the CVE database. They facilitate coordination among cybersecurity researchers, software developers, and other stakeholders to identify, verify, and publish information about vulnerabilities.
MITRE receives a significant portion of its funding from the U.S. government, particularly through contract work and grants. Under these contracts, MITRE provides a variety of services, including research and development in cybersecurity. MITRE also secures funding through various research projects and grants aimed at enhancing cybersecurity and developing new technologies.
The CVE database is an important tool for cybersecurity researchers, software developers, and system administrators. It allows for the identification of known vulnerabilities, risk assessment, and the implementation of measures to mitigate them. For conducting penetration tests, using CVE helps quickly find weaknesses in systems, enhancing their security and reducing attack risks.
The publication and maintenance of the CVE database contribute to openness and transparency in the field of cybersecurity, helping to improve the protection of information systems on a global scale. The CVE List is effectively a standard for tracking vulnerabilities. There are numerous tools based on information from this database. For example, a GitHub bot that creates pull requests with updated libraries if a vulnerability is found in them. Testers use the database to create automated penetration tests to check systems for vulnerabilities.
The process of adding new codes to the database begins with the discovery of a vulnerability, which can be found by a cybersecurity researcher, engineer, or other specialist. After identifying a vulnerability, the specialist submits a request for its registration to the relevant authority that administers the CVE database. This authority reviews the request, assigns a unique identifier, and adds it to the database. As of now (May 2024), the CVE database contains 237,725 various vulnerabilities, information about which can be downloaded from the CVE website, or you can use the search function. This database, by the way, can be used during programming training (for pet projects, etc.) and testing.
Lock. Картинка щоб допис виглядав гарніше ^_^
Examples of the Most Notorious and Dangerous CVEs in History
CVE-2017-0144: EternalBlue
A vulnerability in the SMBv1 protocol from Microsoft that was used to spread malware such as WannaCry and NotPetya. EternalBlue allowed an attacker to execute code remotely on the target system. This vulnerability caused massive damage worldwide.
CVE-2014-0160: Heartbleed
This is a vulnerability in the OpenSSL library that allowed attackers to read the memory of a server or client, leading to the disclosure of sensitive data such as private keys, passwords, and other confidential information. Heartbleed seriously impacted the security of many websites and services.
CVE-2016-5195: Dirty COW
A vulnerability in the Linux kernel that allowed a local user to escalate their privileges and gain access to the system with administrator rights. Dirty COW was present in the Linux kernel for over nine years before it was discovered and patched.
CVE-2017-5638: Apache Struts
A vulnerability in the Apache Struts framework that allowed a remote attacker to execute code on the server. This vulnerability was exploited during the 2017 Equifax attack, leading to the compromise of personal data of over 143 million people.
CVE-2018-7600: Drupalgeddon 2
A vulnerability in the Drupal content management system that allowed an attacker to execute code on the server. Drupalgeddon 2 affected numerous websites that used this platform.
CVE-2021-44228: Log4Shell
A vulnerability in the Apache Log4j library used for logging in Java applications that allowed a remote attacker to execute arbitrary code on the server. Log4Shell was considered one of the most critical vulnerabilities in recent years due to its widespread nature and potential impact on many organizations.
