HITCON Community 2023 - CVE Hunter: Trading Bugs for Passes

為了感謝漏洞通報者對於資訊安全界的協助， HITCON CMT 2023 推出「CVE Hunter: Trading Bugs for Passes」活動，只要提供相關資料進行審核，會有機會獲得免費大會門票

申請資格

• CVE ID 年度為 2022 或是 2023

• CVSS 分數越高越有機會獲得贈票

• 須能提供證明自己為回報者，例如：回報信件截圖

申請方式

• 於 2023 年 6 月 1 日 23:59 之前，將以下資料於 https://forms.gle/tHJnVhmAqg7oPUP57 填妥

• 個人資料：姓名、E-mail（務必正確）

• 欲申請票券之 CVE ID

• 證明文件

• 審核結果將於 6/15 前寄信通知，名額有限，贈完為止

注意事項

• 此計畫之票劵邀請碼禁止轉讓，如發現轉讓行為，查證屬實後 HITCON 大會得取消該票劵之使用資格。

• 申請參與本計畫即代表已詳閱並同意台灣駭客年會 HITCON 個人資料保護聲明（https://goo.gl/DpqYQR）。

• 審核錄取者之票劵邀請碼，將於 6 月 15 日前寄出至申請者之信箱，請於大會報名時間內完成後續報名流程，逾期未使用者視同放棄。

• HITCON 大會保有取消及修改此計畫相關規定之權利。

To appreciate vulnerability reporters’ contribution to the infosec community, HITCON CMT 2023 is launching “CVE Hunter—Trading Bugs for Passes,” where participants have the chance to receive free conference tickets by submitting their contribution for review.

Eligibility:

• CVE ID of 2022 or 2023

• The higher the CVSS score, the greater the chance of receiving a free ticket

• You must submit concrete evidence to prove your identity as the original CVE reporter (e.g., by attaching a screenshot of bug report mail)

Application process:

• Before 23:59 on June 1, 2023, fill out the following information at https://forms.gle/tHJnVhmAqg7oPUP57 :

• Personal information: name, email (must be correct)

• The CVE ID you’re submitting

• Proof materials

• Results will be sent by mail before June 15th.

Notes:

• The invitation codes issued by this program are non-transferable. HITCON reserves the right to cancel any registration made under transferred codes.

• By applying to participate in this program, the applicant has read and agreed to HITCON's personal data protection statement (https://goo.gl/DpqYQR).

• The invitation code for the approved applicants will be sent to their email before June 15th. Please complete the subsequent registration process during the registration period. Failure to use the code during the registration period will be considered as forfeiture.

• HITCON reserves the right to cancel or alter the rules of this program.

入選清單 List of Awards

1. CVE-2022-47618
• Target：利凌企業 AH55B04 & AH55B08 DVR
• CVSS：9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
2. CVE-2023-1579
• Target：binutils-objdump
• CVSS：7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
3. CVE-2022-******
• Target：****
• CVSS：9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
4. CVE-2023-1313
• Target：Cockpit 
• CVSS：8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
5. CVE-20**-******
• Target：****
• CVSS：****
6. CVE-2023-20755
• Target：Mediatek
• CVSS：****
7. CVE-2022-26105
• Target：SAP NetWeaver Enterprise Portal 
• CVSS：6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
8. CVE-2023-24838
• Target：HGiga PowerStation firmware
• CVSS：9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9. CVE-2022-39033
• Target：CVE-2022-39033
• CVSS：9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
10. CVE-2022-35223
• Target：繹宇數位科技 MailHunter Ultimate
• CVSS：9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
11. CVE-2022-26151
• Target：Citrix XenMobile Server 
• CVSS：7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
12. CVE-2022-*:44 個&CVE-2023-*:16 個
• Target：macOS/iOS
• 詳情：https://jhftss.github.io/cvelist/
13. CVE-2023-25909
• Target：桓基科技HGiga OAKlouds
• CVSS：9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
14. CVE-2022-45796
• Target：SHARP multifunction printers
• CVSS：7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
15. CVE-2023-0104
• Target：Weintek EasyBuilder Pro
• CVSS：7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
16. CVE-2022-22055, CVE-2022-22056
• Target：樂衍 樂晴牙醫管理系統
• CVSS：9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
17. CVE-2022-27624
• Target：Synology NAS
• CVSS：10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
18. CVE-2022-25308
• Target：FriBidi
• CVSS：7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
19. CVE-2022-1212
• Target：mruby
• CVSS：9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)