Introducing IP Intelligence features to VulnCheck Initial Access Intelligence
The IP Intelligence data in VulnCheck Initial Access Intelligence currently includes two things:
- Potentially vulnerable systems (CVE detections of emerging Initial Access vulnerabilities)
- Command & Control (C2) detections (attacker infrastructure)
Every 24 hours, we're generating offline backups for IP Intelligence in the following increments:
- Past 3 days (~basically what's live right now): https://api.vulncheck.com/v3/backup/ipintel-3d
- Past 10 days: https://api.vulncheck.com/v3/backup/ipintel-10d
- Past 30 days: https://api.vulncheck.com/v3/backup/ipintel-30d
- Past 90 days: https://api.vulncheck.com/v3/backup/ipintel-90d
The offline backups include both potentially vulnerable systems to recent initial access vulnerabilities, as well as C2 detections.
Besides offline backups, we also have live lookup APIs for the IP Intelligence, which may be accessed in ways similar to the following (real) examples:
- CVE (hosts vulnerable to the recent WS_FTP vulnerability): https://api.vulncheck.com/v3/index/ipintel-3d?cve=CVE-2023-40044
- ASN (detections in one of the Finnish ASNs): https://api.vulncheck.com/v3/index/ipintel-3d?asn=AS719
- Country (detections in the UK): https://api.vulncheck.com/v3/index/ipintel-3d?country=United%20Kingdom
- Country Code (detections in Australia via the country_code AU): https://api.vulncheck.com/v3/index/ipintel-3d?country_code=AU
- Detection ID "c2" (C2 detections in Japan): https://api.vulncheck.com/v3/index/ipintel-3d?id=c2&country_code=JP
- Detection ID "initial-access" (Initial Access potential vulnerabilities in Japan): https://api.vulncheck.com/v3/index/ipintel-3d?id=initial-access&country_code=JP
- CIDR notation (C2 detections for a specific IP in London): https://api.vulncheck.com/v3/index/ipintel-3d?cidr=165.227.231.125
Additional documentation may be found at: https://docs.vulncheck.com/initial-access-intelligence/ip-intel
Recent Initial Access activity
ZoneMinder Snapshot Command Injection was added on Dec, 19 and is found in 1 product.
View more detail on CVE-2023-26035
WAGO License Command Injection was added on Dec, 19 and is found in 7 products.
View more detail on CVE-2023-1698
Apache OFBiz XMLRPC Java Deserialization was added on Dec, 18 and is found in 1 product.
View more detail on CVE-2023-49070
ASUS Router VPNUpload Configuration Change was added on Dec, 17 and is found in 3 products.
View more detail on CVE-2018-5999
ASUS Router Session Hijack and Configuration / Credential Download was added on Dec, 14 and is found in 3 products.
View more detail on CVE-2017-15653
Apache Pulsar Security Advisories
Apache Pulsar security advisories are official notifications released by the open source Apache Pulsar project to address security vulnerabilities and updates in the open source Apache Pulsar project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Browse the apache-pulsar index
AMI Security Advisories
AMI security advisories are official notifications released by the AMI Product Security Incident Response Team (PSIRT) to address security vulnerabilities and updates in their software products. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
OpenSSH Security Advisories
OpenSSH security advisories are official notifications released by the OpenSSH security team to address security vulnerabilities and updates in the open source OpenSSH project. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Asterisk Security Advisories
Asterisk security advisories are official notifications released by the open source Asterisk project to address security vulnerabilities and updates in the open source Asterisk project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Apache Flink Security Updates
Apache Flink security updates are official notifications released by the open source Apache Flink project to address security vulnerabilities and updates in the open source Apache Flink project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Apache Subversion Security Advisories
Apache Subversion security advisories are official notifications released by the open source Apache Subversion project to address security vulnerabilities and updates in the open source Apache Subversion project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Browse the apache-subversion index
Apache JSPWiki CVEs
Apache JSPWiki CVEs are official notifications released by the open source Apache JSPWiki project to address security vulnerabilities and updates in the open source Apache OpenMeetings project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Browse the apache-jspwiki index
Apache OpenMeetings Security Vulnerabilities
Apache OpenMeetings security vulnerabilities are official notifications released by the open source Apache OpenMeetings project to address security vulnerabilities and updates in the open source Apache OpenMeetings project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Browse the apache-openmeetings index
Apache Spark Known Security Issues
Apache Spark cves are official notifications released by the open source Apache Spark project to address security vulnerabilities and updates in the open source Apache Spark project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Apache Superset CVEs
Apache Superset cves are official notifications released by the open source Apache Superset project to address security vulnerabilities and updates in the open source Apache Superset project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Browse the apache-superset index
Apache Logging Services Known Vulnerabilities
Apache Logging Services known vulnerabilities are official notifications released by the open source Apache Logging Services project to address security vulnerabilities and updates in the open source Apache Logging Services project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Browse the apache-loggingservices index
Apache Guacamole Security Reports
Apache Guacamole security reports are official notifications released by the open source Apache Guacamole project to address security vulnerabilities and updates in the open source Apache Guacamole project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Browse the apache-guacamole index
Apache ActiveMQ Security Advisories
Apache ActiveMQ security advisories are official notifications released by the open source Apache ActiveMQ project to address security vulnerabilities and updates in the open source Apache ActiveMQ project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Browse the apache-activemq index
Apache Shiro Vulnerability Reports
Apache Shiro vulnerability reports are official notifications released by the open source Apache Shiro project to address security vulnerabilities and updates in the open source Apache Shiro project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Apache OpenOffice Security Bulletins
Apache OpenOffice security bulletins are official notifications released by the open source Apache OpenOffice project to address security vulnerabilities and updates in the open source Apache OpenOffice project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Browse the apache-openoffice index
Apache OFBiz Security Vulnerabilities
Apache OFBiz security vulnerabilities are official notifications released by the open source Apache OFBiz project to address security vulnerabilities and updates in the open source Apache OFBiz project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Apache Commons Known Security Vulnerabilities
Apache Commons security vulnerabilities are official notifications released by the open source Apache Commons project to address security vulnerabilities and updates in the open source Apache Commons project. These security advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
- 13 New indices
- 11 new Initial Access entries
- New Initial Access features
- 3 New indices including Microsoft KB list by CVE
- 5 new Initial Access entries
- Upgraded dashboard, and the VulnCheck KEV Browser
- 6 New indices including OpenCloud Vulnerability & Security Issue Database
- 5 New Initial Access artifacts
- New Features
- 3 New Advisories
- 10 New Indices
- CVE Browser
- 4 new Initial Access advisories
- New query parameters for the ipintel-* IP Intelligence indexes and more
- 33 new indices including Microsoft Security Updates
- Introducing VulnCheck IP Intelligence
- 5 new Initial Access advisories
- 17 new indices
- Recent IA activity including Apache Druid Log4Shell and ownCloud graphapi
- 17 new Indices including LG security, and several Apache projects
- 20 new Indices including mitre-attack-cve, botnets, and ransomware
- 5 new Indices including osv and cbl-mariner
- New Changelog Initial Access Details
- 20 new indices including nokia, blackberry, and iava
- Search for aliases in all indices
- 30 new indices including checkpoint, jetbrains, and bitdefender
- New indices: epss, vulnerability-aliases, and threat-actors
- More Indices: kubernetes, rustsec-advisories, hashicorp, wolfssl, zoom, and salesforce
- New Documentation Portal
- 64 New Indices
- New Index: vulncheck-nvd2 - NIST NVD V2.0 data supplemented with VulnCheck Data
- New Indices: twcert, vde, watchguard, vyaire, and ubiquiti
- New Indices: usom, zimba, zyxel, yokogawa, nodejs, and hkcert
- We have a booth at BlackHat. Come say hi!
- New Indices: schneider-electric, dell, arch, debian, rocky, and wolfi
- Fixes to the github-exploits backup
- New Indexes: vulncheck-nvd, eol and many more
- New Indexes: nist-nvd and many more
- Multi-region support for backups
- Portal Feature: Employee Invitations
- New package managers for PURL queries
- 13 New Indexes
- OPAM, Wolfi and Swift support for PURL queries
- New V3 Exploits Index
- About 25+ more Indices
- We are now a CVE Numbering Authority
- Postman collection support
- New package managers added to our PURL support
- Providing Fixed Version in OS package manager support
- New package types support for PURL: Maven, PHP, Ruby, and Rust
- 5 New Indices: ABB, AlmaLinux, Alpine Linux, AWS and Apple
- New Endpoint: Request vulns related to a PURL
- Snort Rule added to initial-access index
- New Endpoint: Request vulns related to a CPE
- New Index: Debian Security Tracker
- Welcome to the VulnCheck Changelog
- New Indices: CNVD Flaws and CNVD Bulletins
