タグ検索の該当結果が少ないため、タイトル検索結果を表示しています。
Google、オープンソースソフトウェアの脆弱性をバージョンごとにデータベース化する「OSV」(Open Source Vulnerabilities)プロジェクトを開始
Googleは、オープンソースで開発されているソフトウェアの脆弱性がどのバージョンで生じ、どのバージョンで修正されたかなどの詳細をデータベース化する「OSV」(Open Source Vulnerabilities)プロジェクトの開始を発表しました。 オープンソースはクラウド基盤からアプリケーションまで、さまざまな場所で重要な役割を果たすようになってきています。そのため、正確な脆弱性情報の管理もまた重要さを増しています。 OSVにより、オープンソースソフトウェアの開発者やメンテナは手間がかかっていた脆弱性の報告が容易になります。 利用者はオープンソフトウェアの脆弱性がいつ修正されたのかなどの正確な情報を簡単かつ一貫した方法で得られるようになり、利用するソフトウェアの脆弱性の管理と対応を迅速かつ容易にできるようになります。 バグの再現手順を提供すればOSVが自動的にバージョン情報などを探索
Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring | LunaTrace
Getting Spring to load BinderControllerAdvice may require manual steps to have it load. We'll update this guide with more details about how to do that soon. import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.web.bind.WebDataBinder; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.
AI & MLLearn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry. Generative AILearn how to build with generative AI. GitHub CopilotChange how you work with GitHub Copilot. LLMsEverything developers need to know about LLMs. Machine learningMachine learning tips, tricks, and best practices. How AI code generation worksExplore the capabilities and be
AlmaLinux 2722 View AlmaLinux vulnerabilities Alpine 3398 View Alpine vulnerabilities Android 881 View Android vulnerabilities Bitnami 3898 View Bitnami vulnerabilities crates.io 1348 View crates.io vulnerabilities Debian 9859 View Debian vulnerabilities GIT 32996 View GIT vulnerabilities Go 2151 View Go vulnerabilities Linux 13573 View Linux vulnerabilities Maven 4873 View Maven vulnerabilities n
ContainerCVE: Scan Docker containers for security vulnerabilities
Quickly find the CVE's for any public Docker Hub image. Powered by the popular open-source tool Trivy.
脆弱性管理でCVSS基本値だけに振り回されないためのメモ【CVSS v2.0編】 – Feat. Known Exploited Vulnerabilities Catalog
■Known Exploited Vulnerabilities Catalogとは 「Known Exploited Vulnerabilities Catalog」(以下、KEVC)は、米国土安全保障省のCISA(Cybersecurity & Infrastructure Security Agency)が2021年11月3日から公開している情報で名前の通り悪用されたことが知られている脆弱性のカタログです。このカタログに掲載されている脆弱性は2022年2月4日時点で352件で、これらは既に悪用が確認されており、かつ、アメリカの連邦政府に大きな影響を及ぼすため、対応が急がれると判断できるものです。 このカタログに掲載されている項目は以下の通りです。 CVE番号 (CVE) ベンダー/プロジェクト名 (Vendor/Product) 製品脆弱性名 (Vulnerability Name)
GitHub - google/tsunami-security-scanner: Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
GitHub - bridgecrewio/checkov: Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service | Amazon Web Services
AWS Security Blog Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service July 27, 2021: We’ve updated the link to the 2019 re:Invent session on this topic. Since it first launched over 10 years ago, the Amazon EC2 Instance Metadata Service (IMDS) has helped customers build secure and scalable applications. The I
AI & MLLearn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry. Generative AILearn how to build with generative AI. GitHub CopilotChange how you work with GitHub Copilot. LLMsEverything developers need to know about LLMs. Machine learningMachine learning tips, tricks, and best practices. How AI code generation worksExplore the capabilities and be
An Exploration & Remediation of JSON Interoperability Vulnerabilities
Introducing Cosmos Named Leader of the GigaOm Radar for the third year in a row! Request A Demo
GraphQL Vulnerabilities | Application Security Cheat Sheet
GraphQL is a query language designed to build client applications by providing an intuitive and flexible syntax and system for describing their data requirements and interactions. GraphQL uses a declarative approach to fetching data, clients can specify exactly what data they need from the API. As a result, GraphQL provides a single endpoint, which allows clients to get the necessary data, instead
Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock (A locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Eliminating Memory Safety Vulnerabilities at the Source
The latest news and insights from Google on security and safety on the Internet
GitHub - anouarbensaad/vulnx: vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Blog? Why do people use words containing 'log' so often? The initial title for this article was "Why the Apache model sucks". It would have been a catchier title but would taint my arguments with triviality. But it was the first title that came to my mind and you should be aware of that. I have written about Apache in the past past and the present post is a rehash with a slightly different emphasi
half of curl’s vulnerabilities are C mistakes | daniel.haxx.se
I spent a lot of time and effort digging up the numbers and facts for this post! Lots of people keep referring to the awesome summary put together by a friendly pseudonymous “Tim” which says that “53 out of 95” (55.7%) security flaws in curl could’ve been prevented if curl had been written in Rust. This is usually in regards to discussions around how insecure C is and what to do about it. I’ve blo
Amazon Inspector Now Scans AWS Lambda Functions for Vulnerabilities | Amazon Web Services
AWS News Blog Amazon Inspector Now Scans AWS Lambda Functions for Vulnerabilities Amazon Inspector is a vulnerability management service that continually scans workloads across Amazon Elastic Compute Cloud (Amazon EC2) instances, container images living in Amazon Elastic Container Registry (Amazon ECR), and, starting today, AWS Lambda functions and Lambda layers. Until today, customers that wanted
We will continue to update this blog with any key updates, including updates on the disclosure of any new related vulnerabilities. This blog includes links to detailed blogs on each of the disclosed vulnerabilities, as well as two open source tools to aid in exploit detection. Snyk security researcher Rory McNamara, with the Snyk Security Labs team, identified four vulnerabilities — dubbed "Leaky
Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021 | MSRC Blog | Microsoft Security Response Center
This blog post is older than a year. The information provided below may be outdated. Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously blogged our strong recommendation that customers upgrade their on-p
GitHub - NCSC-NL/OpenSSL-2022: Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Tsunami: An extensible network scanning engine to detect severity vulnerabilities with confidence
The latest news from Google on open source releases, major projects, events, and student outreach programs. Tsunami: An extensible network scanning engine to detect severity vulnerabilities with confidence We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ data. We also hope to foster colla
OpenSSL statement on the recent Intel/AMD Downfall/Inception vulnerabilities
OpenSSL statement on the recent Intel/AMD Downfall/Inception vulnerabilities Aug 15, 2023 Last week marked the public announcement of the Downfall vulnerability in Intel CPUs and the Inception vulnerability in AMD CPUs. Both of these are microarchitectural side-channel attacks allowing an attacker with unprivileged execution on the same physical core as a victim process to extract confidential inf
GitHub - Speykious/cve-rs: Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring | LunaTrace
Getting Spring to load BinderControllerAdvice may require manual steps to have it load. We'll update this guide with more details about how to do that soon. import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.web.bind.WebDataBinder; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.
AI & MLLearn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry. Generative AILearn how to build with generative AI. GitHub CopilotChange how you work with GitHub Copilot. LLMsEverything developers need to know about LLMs. Machine learningMachine learning tips, tricks, and best practices. How AI code generation worksExplore the capabilities and be
Helping You Better Identify Vulnerabilities in Partnership with Snyk | Docker
Products Docker DesktopContainerize your applicationsDocker HubDiscover and share container imagesDocker ScoutSimplify the software supply chainDocker Build Cloud Speed up your image buildsTestcontainers Desktop Local testing with real dependenciesTestcontainers Cloud Test without limits in the cloud See our product roadmapMORE resources for developers
GitHub - snyk/cli: Snyk CLI scans and monitors your projects for security vulnerabilities.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021
Critical Vulnerabilities in Apache Log4j Java Logging Library On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2.15.0 was disclosed: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints On December 14, 2021, the following critical vuln
Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and
GitHub - cisagov/log4j-scanner: log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
Configure your own DNS Server - Preferred) - Add DNS records to your domain. (example.com) A record with a value of your IP address (test.example.com -> ) NS record (ns1.example.com) with a value of the test.example.com as chosen above. Host a DNS server to log DNS requests made to your domain. Install the requirement modules -> pip3 install -r requirements.txt Modify the dns/ddnsserver.py script
GitHub - projectdiscovery/nuclei-templates: Community curated list of templates for the nuclei engine to find security vulnerabilities.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Docker Security Advisory: Multiple Vulnerabilities in runc, BuildKit, and Moby | Docker
Products Docker DesktopContainerize your applicationsDocker HubDiscover and share container imagesDocker ScoutSimplify the software supply chainDocker Build Cloud Speed up your image buildsTestcontainers Desktop Local testing with real dependenciesTestcontainers Cloud Test without limits in the cloud See our product roadmapMORE resources for developers
بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ Hello, My name is Ahmad Halabi. During my career, I had the chance to be part of an Operation Unit running projects on a high level scale. We had one goal to achieve: hacking the complete infrastructure of a target. In this article, I will be mentioning two projects where I was capable of accomplishing the goal without any interaction from the target end. T
Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution
Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution A member of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims’ machines. Video conferencing software has skyrocketed in popularity during the COVID-19 pand
How to Find Security Vulnerabilities in Python Application? | Geekflare
We may earn a commission from partner links, which help us to research and write, this never affects our product reviews and recommendations. How to Find Security Vulnerabilities in Python Application?
Vulnerabilities in VPNs: Paper presented at the Privacy Enhancing Technologies Symposium 2024 - The Citizen Lab
The annual Privacy Enhancing Technologies Symposium (PETS) 2024 is underway in Bristol, UK and online, a gathering of privacy experts from around the world to discuss recent advances and new perspectives on research in privacy technologies. On July 16, former Citizen Lab Open Technology Fund (OTF) Information Controls Fellowship Program fellow Benjamin Mixon-Baca will be presenting “Attacking Conn
Shimano Di2 Wireless Protocol: Critical Vulnerabilities Uncovered
Shimano Di2 Wireless Protocol: Critical Vulnerabilities Uncoveredby do son · August 18, 2024 Researchers from the University of California, San Diego, and Northeastern University have uncovered a potential vulnerability in wireless gear-shifting tools used by professional cyclists. This flaw could allow hackers to remotely manipulate a bicycle’s movement during a race. Modern high-end bicycles are
Google Has Banned Zoom Software From Employees' Computers, Citing Security Vulnerabilities
Google has banned the popular videoconferencing software Zoom from its employees’ devices, BuzzFeed News has learned. Zoom, a competitor to Google’s own Meet app, has seen an explosion of people using it to work and socialize from home and has become a cultural touchstone during the coronavirus pandemic. Last week, Google sent an email to employees whose work laptops had the Zoom app installed tha
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
![デジタル監視が進む欧州の最果て――デジタル化が非人間化を意味するとき | p2ptk[.]org](https://cdn-ak-scissors.b.st-hatena.com/image/square/05674f98065f38ab581987ac57ffc074ad994ca0/height=288;version=1;width=512/https%3A%2F%2Fp2ptk.org%2Fwp-content%2Fuploads%2F2024%2F10%2FBorder-surveillance-Greece-Header-01.jpg)
Git security vulnerabilities announced
OSV - Open Source Vulnerabilities
Git security vulnerabilities announced
Known Exploited Vulnerabilities Catalog | CISA
The forces and vulnerabilities of the Apache model
Leaky Vessels: Docker and runc Container Breakout Vulnerabilities - January 2024 | Snyk
Git security vulnerabilities announced
Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program
The ART of Chaining Vulnerabilities
/blog/2022/09/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
b.hatena.ne.jp
x.com
car.watch.impress.co.jp
news.yahoo.co.jp
houkei-chiryo.blog
travel.watch.impress.co.jp