Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature / Mediumの独自ドメインプランを使って訪問者のメールアドレスが窃取できる脆弱性の開示
0_medium_vuln_en.md Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature Author: mala Introduction This article describes a vulnerability in a web service called Medium that allows you to steal visitors' e-mail addresses by using custom domain plan of Medium. This is done as my personal activity and is not related to my organization.
Railsアプリの脆弱性パターン / vulnerability patterns for Rails app
集え、Rubyist ~著名Rubyistから学ぼう~ iCARE Dev Meetup #14 https://icare.connpass.com/event/189356/
脆弱性から学ぶ
Webセキュリティ/study-web-security-from-vulnerability1
バーチー / GMO Pepabo, Inc. 2019.10.12 PHPカンファレンス沖縄 https://phpcon.okinawa.jp
Go vulnerability database The Go vulnerability database (https://vuln.go.dev) is a comprehensive source of information about known vulnerabilities in importable packages in public Go modules. Vulnerability data comes from existing sources (such as CVEs and GHSAs) and direct reports from Go package maintainers. This information is then reviewed by the Go security team and added to the database. We
M1RACLES (CVE-2021-30747) is a covert channel vulnerability in the Apple Silicon “M1” chip. Executive Summary A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
Abstract¶ This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. Corrupti
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31
Subject: Apache Log4j2 Vulnerability - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 - ESA-2021-31 Note - We will update this announcement with new details as they emerge from our analysis. Please check back periodically. Update Log Dec 16, 2021 - 04:20 UTC - Update Summary: ECK 1.9 released which automatically adds the JVM option to impacted Elasticsearch clusters managed by EC
How to build a CI/CD pipeline for container vulnerability scanning with Trivy and AWS Security Hub | Amazon Web Services
AWS Security Blog How to build a CI/CD pipeline for container vulnerability scanning with Trivy and AWS Security Hub In this post, I’ll show you how to build a continuous integration and continuous delivery (CI/CD) pipeline using AWS Developer Tools, as well as Aqua Security‘s open source container vulnerability scanner, Trivy. You’ll build two Docker images, one with vulnerabilities and one witho
GitHub - Cybereason/Logout4Shell: Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
A vulnerability impacting Apache Log4j versions 2.0 through 2.14.1 was disclosed on the project’s Github on December 9, 2021. The flaw has been dubbed “Log4Shell,”, and has the highest possible severity rating of 10. Software made or managed by the Apache Software Foundation (From here on just "Apache") is pervasive and comprises nearly a third of all web servers in the world—making this a potenti
Updates: Since this blog post has been published, a new logback 1.2.9 version has been published. While this fixes a security issue, prerequisites for exploits are very different as they "requires write access to logback's configuration file". Log4J also released a new 2.17.0 version with fixes for CVE-2021-45046 and CVE-2021-45105. Spring Boot 2.5.8 and 2.6.2 haven been released and provide depen
GitHub - google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies. OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since the OSV.dev database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners:
ImageMagick: The hidden vulnerability behind your online images
Meet Batuta, the first ever game-changing Cyber Defense Command and Control Center.
Open SourceSecurityGit clone vulnerability announcedToday, the Git project released new versions to address CVE-2021-21300: a security vulnerability in the delayed checkout mechanism used by Git LFS during git clone operations affecting versions 2.15 and… Today, the Git project released new versions to address CVE-2021-21300: a security vulnerability in the delayed checkout mechanism used by Git L
SSVC(Stakeholder-Specific Vulnerability Categorization)を活用した脆弱性管理
SSVC(Stakeholder-Specific Vulnerability Categorization)を活用した脆弱性管理 セキュリティ上の脆弱性は日々新たに発見、報告、公開されており、年々そのペースは増加しています。企業は自社のIT環境、工場・設備などのOT環境、自社製品のセキュリティ対策に取り組むにあたり、こうした脆弱性情報を収集し、影響評価を行ったうえで適切な対処を行うことが必要です。 このような脆弱性情報の取り扱いについてはCVE(Common Vulnerability Enumeration)が広く利用されており、脆弱性ごとに一意なIDが割り当てられています。また、米国国立標準技術研究所(NIST)が管理・運営するNational Vulnerability Database(NVD)では、CVE-IDごとにCVSS(Common Vulnerability Scori
概要 npmプロジェクトで利用しているnpmパッケージ(依存パッケージ)でvulnerability(脆弱性)が見つかったときの対処フローについて記載します。 (GitHub等が親切に"We found potential security vulnerabilities in your dependencies."のように通知してくれるので便利)
CVE-2019-11043: Vulnerability in PHP-FPM Could Lead to Remote Code Execution on nginx
Web servers using nginx and PHP-FPM are vulnerable to this flaw under certain conditions. Background On October 22, security researcher Omar Ganiev published a tweet regarding a “freshly patched” remote code execution vulnerability in PHP-FPM, the FastCGI Process Manager (FPM) for PHP. The tweet includes a link to a GitHub repository containing a proof of concept (PoC) for the vulnerability. Fresh
SpringShell: Spring Core RCE 0-day Vulnerability - Cyber Kendra
Please wait a moment. Click the button below if the link was created successfully. Update as of 31st March: Spring has Confirmed the RCE in Spring Framework. The team has just published the statement along with the mitigation guides for the issue. Now, this vulnerability can be tracked as CVE-2022-22965. Update:- We have some information about the Spring4Shell vulnerability and have shared the det
Found vulnerability allows hackers to hack hundreds of thousands of heart implants
Found vulnerability allows hackers to hack hundreds of thousands of heart implants Security firm Clever Security has discovered a serious and potentially highly dangerous vulnerability in Medtronic defibrillator implants. It affects 16 models, with a total of about 750, 000 copies already installed on different patients. Hackers can connect to such implants and disrupt their work, but the manufact
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks Loading... This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Français and Español. Earlier today, Cloudflare, along with Google and Amazon AWS, disclosed the existence of a novel zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol to generate enormous,
Apple’s new iCloud Private Relay service allows users to hide their IP addresses and DNS requests from websites and network service providers. In this article, we’ll demonstrate how this security feature can be circumvented and discuss what users can do to prevent their data from being leaked. You’ll need to turn on iCloud Private Relay to test the vulnerability. At the moment iCloud Private Relay
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21,
OpenSSL warns of critical security vulnerability with upcoming patch
So we should all be concerned that Mark Cox, a Red Hat Distinguished Software Engineer and the Apache Software Foundation (ASF)'s VP of Security, this week tweeted, "OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC." How bad is "Critical"? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It's likely to be abused
M1RACLES: Apple M1 Exposed To Covert Channel Vulnerability - Phoronix
M1RACLES: Apple M1 Exposed To Covert Channel Vulnerability Written by Michael Larabel in Linux Security on 26 May 2021 at 05:40 AM EDT. 26 Comments Apple's shiny new in-house M1 Arm chip is the latest processor challenged by a security vulnerability. The "M1RACLES" vulnerability was made public today as a covert channel vulnerability by where a mysterious register could leak EL0 state. The M1RACLE
KrØØk: Serious vulnerability affected encryption of billion+ Wi-Fi devices
Award-winning news, views, and insight from the ESET security community ESET Research KrØØk: Serious vulnerability affected encryption of billion+ Wi-Fi devices ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices ESET Research has published its latest white paper, KrØØk - CVE-2019-15126: Seriou
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) | Qualys Security Blog
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration. About Polkit pkexec for Linux Polkit (former
SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol
Cybersecurity researchers today uncovered a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed "wormable" bug, the flaw can be exploited to achieve remote code execution attacks. Dubbed "SMBleed" (CVE-2020-1206) by cybersecurity firm ZecOps, the flaw resides in SMB's d
CompanyEngineeringSecurityGit security vulnerability announcedUpgrade your local installation of Git, especially if you are using Git for Windows, or you use Git on a multi-user machine. Today, the Git project released new versions which address a pair of security vulnerabilities. GitHub is unaffected by these vulnerabilities1. However, you should be aware of them and upgrade your local installati
RFC 9116: A File Format to Aid in Security Vulnerability Disclosure
Stream: Internet Engineering Task Force (IETF) RFC: 9116 Category: Informational Published: April 2022 ISSN: 2070-1721 Authors: RFC 9116 A File Format to Aid in Security Vulnerability Disclosure Abstract When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a machine-parsa
CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods
CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods Posted by mame on 15 Nov 2021 We have released date gem version 3.2.1, 3.1.2, 3.0.2, and 2.0.1 that include a security fix for a regular expression denial of service vulnerability (ReDoS) on date parsing methods. An attacker can exploit this vulnerability to cause an effective DoS attack. This vulnerability
Network performance regressions from TCP SACK vulnerability fixes
Unified governance for all data, analytics and AI assets
A File Format to Aid in Security Vulnerability Disclosure - 正しくつながる第一歩 - JPCERT/CC Eyes
Top > “標準・ガイド”の一覧 > A File Format to Aid in Security Vulnerability Disclosure - 正しくつながる第一歩 早期警戒グループの戸塚です。早期警戒グループでは、注意喚起や早期警戒情報といったセキュリティ情報や、JVNアドバイザリの発信を行っています。私は、脆弱性コーディネーターとして、セキュリティ研究者などの脆弱性発見者からJPCERT/CCに報告された脆弱性関連情報に基づいて、対象製品の開発者と対策策定などの調整をし、JVNアドバイザリの公表に至る一連のコーディネーション業務を担当しています。この記事では、脆弱性コーディネーターの視点から、脆弱性調整を行う機関や脆弱性発見者が開発者との連携をしやすくするために、開発者組織が実施可能な対策の一つとして、今年、2022年4月に正式公開された「RFC 9116:A File
Log4Shell Update: Severity Upgraded 3.7 to 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaTrace
LunaSec + AI = LunaBrain - Our new blog series on AICerebras-GPT vs LLaMA AI Model ComparisonOpenAI Vendor Lock-in: The Ironic Story of How OpenAI Went from Open Source to "Open Your Wallet"Drowning in Vulnerabilities?Use the CSSStyleSheets API in a React AppLunaTrace Your Repos for Known Exploited VulnerabilitiesWhat is EPSS? A new rating system for exploitability of vulnerabilities.Text4Shell: A
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the built-i
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation | Datadog Security Labs
emerging vulnerabilities The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation November 1, 2022 emerging vulnerability On November 1, 2022, the OpenSSL Project released a security advisory detailing a high-severity vulnerability in the OpenSSL library. Deployments of OpenSSL from 3.0.0 to 3.0.6 (included) are vulnerable and are fixed in version 3.0.
GitHub - Adolfoi/SQLInjection: Actual vulnerability commands for SQL Injection using sqlpmap.
Dismiss Join GitHub today GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. Sign up
SSID Confusion Attack WiFi Vulnerability (CVE-2023-52424)
This vulnerability exploits a design flaw in the WiFi standard, allowing attackers to trick WiFi clients on any operating system into connecting to a untrusted network. A new vulnerability arising from a design flaw in the WiFi standard allows attackers to trick victims into connecting to less secure networks and intercept their traffic. Additionally, the attack can exploit the auto-disconnect fea
Kr00k – formally known as CVE-2019-15126 – is a vulnerability in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. The vulnerability affects all unpatched devices with Broadcom and Cypress FullMac Wi-Fi chips. These are the most common Wi-Fi chips used in today's client devices, made by well-known manufacturers including Amazon (Echo, Kindle), App
AWS RDS Vulnerability Leads to AWS Internal Service Credentials
AWS RDS Vulnerability Leads to AWS Internal Service Credentials TL; DR Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension. The internal AWS service was connected to AWS internal account, related to the RDS service. The vulnerability was reported to AWS Security team, who right a
Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaTrace
Originally Posted @ December 14th & Last Updated @ December 19th, 3:37pm PST Just trying to fix this? Please read our dedicated Mitigation Guide. After the log4j maintainers released version 2.15.0 to address the Log4Shell vulnerability, an additional attack vector was identified and reported in CVE-2021-45046. Our research into this shows that this new CVE invalidates previous mitigations used to
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Vulnerability Management for Go - The Go Programming Language
M1RACLES: An Apple M1 Vulnerability
Log4J2 Vulnerability and Spring Boot
Git clone vulnerability announced
npmパッケージのvulnerability対応フロー - Qiita
Cross-browser tracking vulnerability in Tor, Safari, Chrome and Firefox - Fingerprint
iOS 15 iCloud Private Relay Vulnerability Identified
Git security vulnerability announced
A serious vulnerability deep inside Wi-Fi encryption | ESET