Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature / Mediumの独自ドメインプランを使って訪問者のメールアドレスが窃取できる脆弱性の開示
0_medium_vuln_en.md Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature Author: mala Introduction This article describes a vulnerability in a web service called Medium that allows you to steal visitors' e-mail addresses by using custom domain plan of Medium. This is done as my personal activity and is not related to my organization.
Railsアプリの脆弱性パターン / vulnerability patterns for Rails app
集え、Rubyist ~著名Rubyistから学ぼう~ iCARE Dev Meetup #14 https://icare.connpass.com/event/189356/
Go vulnerability database The Go vulnerability database (https://vuln.go.dev) is a comprehensive source of information about known vulnerabilities in importable packages in public Go modules. Vulnerability data comes from existing sources (such as CVEs and GHSAs) and direct reports from Go package maintainers. This information is then reviewed by the Go security team and added to the database. We
M1RACLES (CVE-2021-30747) is a covert channel vulnerability in the Apple Silicon “M1” chip. Executive Summary A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
Abstract¶ This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. Corrupti
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31
Subject: Apache Log4j2 Vulnerability - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 - ESA-2021-31 Note - We will update this announcement with new details as they emerge from our analysis. Please check back periodically. Update Log Dec 16, 2021 - 04:20 UTC - Update Summary: ECK 1.9 released which automatically adds the JVM option to impacted Elasticsearch clusters managed by EC
GitHub - google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
GitHub - Cybereason/Logout4Shell: Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
A vulnerability impacting Apache Log4j versions 2.0 through 2.14.1 was disclosed on the project’s Github on December 9, 2021. The flaw has been dubbed “Log4Shell,”, and has the highest possible severity rating of 10. Software made or managed by the Apache Software Foundation (From here on just "Apache") is pervasive and comprises nearly a third of all web servers in the world—making this a potenti
Updates: Since this blog post has been published, a new logback 1.2.9 version has been published. While this fixes a security issue, prerequisites for exploits are very different as they "requires write access to logback's configuration file". Log4J also released a new 2.17.0 version with fixes for CVE-2021-45046 and CVE-2021-45105. Spring Boot 2.5.8 and 2.6.2 haven been released and provide depen
AI & MLLearn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry. Generative AILearn how to build with generative AI. GitHub CopilotChange how you work with GitHub Copilot. LLMsEverything developers need to know about LLMs. Machine learningMachine learning tips, tricks, and best practices. How AI code generation worksExplore the capabilities and be
SSVC(Stakeholder-Specific Vulnerability Categorization)を活用した脆弱性管理
SSVC(Stakeholder-Specific Vulnerability Categorization)を活用した脆弱性管理 セキュリティ上の脆弱性は日々新たに発見、報告、公開されており、年々そのペースは増加しています。企業は自社のIT環境、工場・設備などのOT環境、自社製品のセキュリティ対策に取り組むにあたり、こうした脆弱性情報を収集し、影響評価を行ったうえで適切な対処を行うことが必要です。 このような脆弱性情報の取り扱いについてはCVE(Common Vulnerability Enumeration)が広く利用されており、脆弱性ごとに一意なIDが割り当てられています。また、米国国立標準技術研究所(NIST)が管理・運営するNational Vulnerability Database(NVD)では、CVE-IDごとにCVSS(Common Vulnerability Scori
ImageMagick: The hidden vulnerability behind your online images
By Bryan Gonzalez from Ocelot Team Introduction ImageMagick is a free and open-source software suite for displaying, converting, and editing image files. It can read and write over 200 image file formats and, therefore, is very common to find it in websites worldwide since there is always a need to process pictures for users’ profiles, catalogs, etc. In a recent APT Simulation engagement, the Ocel
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now!
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! 🔐 Access to This Vulnerability Report Requires Support This article is available to verified supporters only - contribute to read the full report
Update as of 31st March: Spring has Confirmed the RCE in Spring Framework. The team has just published the statement along with the mitigation guides for the issue. Now, this vulnerability can be tracked as CVE-2022-22965. Update:- We have some information about the Spring4Shell vulnerability and have shared the details on Spring4Shell: Details and Exploit post. Additionally, the security team fro
Cross-browser tracking vulnerability in Tor, Safari, Chrome, and Firefox
Cross-browser tracking vulnerability in Tor, Safari, Chrome, and Firefox
Apple’s new iCloud Private Relay service allows users to hide their IP addresses and DNS requests from websites and network service providers. In this article, we’ll demonstrate how this security feature can be circumvented and discuss what users can do to prevent their data from being leaked. You’ll need to turn on iCloud Private Relay to test the vulnerability. At the moment iCloud Private Relay
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21,
OpenSSL warns of critical security vulnerability with upcoming patch
OpenSSL warns of critical security vulnerability with upcoming patch We don't have the details yet, but we can safely say that come Nov. 1, everyone -- and I mean everyone -- will need to patch OpenSSL 3.x. Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. I
M1RACLES: Apple M1 Exposed To Covert Channel Vulnerability - Phoronix
M1RACLES: Apple M1 Exposed To Covert Channel Vulnerability Written by Michael Larabel in Linux Security on 26 May 2021 at 05:40 AM EDT. 26 Comments Apple's shiny new in-house M1 Arm chip is the latest processor challenged by a security vulnerability. The "M1RACLES" vulnerability was made public today as a covert channel vulnerability by where a mysterious register could leak EL0 state. The M1RACLE
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks2023-10-10 Earlier today, Cloudflare, along with Google and Amazon AWS, disclosed the existence of a novel zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric Distributed Denial of Service (DDoS) attacks. Cloudflare has mitiga
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Google Cloud Blog
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China Written by: Austin Larsen, John Palmisano, Mathew Potaczek, John Wolfram, Matthew McWhirt On May 23, 2023, Barracuda announced that a zero-day vulnerability (CVE-2023-2868) in the Barracuda Email Security Gateway (ESG) had been exploited in-the-wild as early as October
AWS Systems Manager Plugin Vulnerability Let Attackers Execute Arbitrary Code
A critical vulnerability in the AWS Systems Manager (SSM) Agent that could allow attackers to execute arbitrary code with elevated privileges. The vulnerability, stemming from improper input validation within the ValidatePluginId function, affects a core component used to manage EC2 instances and on-premises servers across AWS environments worldwide. According to Cymulate’s report, the vulnerabili
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) | Qualys Security Blog
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration. About Polkit pkexec for Linux Polkit (former
A File Format to Aid in Security Vulnerability Disclosure - 正しくつながる第一歩 - JPCERT/CC Eyes
Top > “標準・ガイド”の一覧 > A File Format to Aid in Security Vulnerability Disclosure - 正しくつながる第一歩 早期警戒グループの戸塚です。早期警戒グループでは、注意喚起や早期警戒情報といったセキュリティ情報や、JVNアドバイザリの発信を行っています。私は、脆弱性コーディネーターとして、セキュリティ研究者などの脆弱性発見者からJPCERT/CCに報告された脆弱性関連情報に基づいて、対象製品の開発者と対策策定などの調整をし、JVNアドバイザリの公表に至る一連のコーディネーション業務を担当しています。この記事では、脆弱性コーディネーターの視点から、脆弱性調整を行う機関や脆弱性発見者が開発者との連携をしやすくするために、開発者組織が実施可能な対策の一つとして、今年、2022年4月に正式公開された「RFC 9116:A File
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation Follow @seanhn In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API – no scaffolding, no agentic frameworks, no tool use. Recently I’ve been auditing ksmbd for vul
AI & MLLearn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry. Generative AILearn how to build with generative AI. GitHub CopilotChange how you work with GitHub Copilot. LLMsEverything developers need to know about LLMs. Machine learningMachine learning tips, tricks, and best practices. How AI code generation worksExplore the capabilities and be
RFC 9116: A File Format to Aid in Security Vulnerability Disclosure
Stream: Internet Engineering Task Force (IETF) RFC: 9116 Category: Informational Published: April 2022 ISSN: 2070-1721 Authors: RFC 9116 A File Format to Aid in Security Vulnerability Disclosure Abstract When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a machine-parsa
CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods
CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods Posted by mame on 15 Nov 2021 We have released date gem version 3.2.1, 3.1.2, 3.0.2, and 2.0.1 that include a security fix for a regular expression denial of service vulnerability (ReDoS) on date parsing methods. An attacker can exploit this vulnerability to cause an effective DoS attack. This vulnerability
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the built-i
Ridiculous Vulnerability Disclosure Process with CrowdStrike Falcon Sensor
Ridiculous Vulnerability Disclosure Process with CrowdStrike Falcon Sensor Today, we publish a new advisory for a vulnerability in the CrowdStrike Falcon Sensor, that was found by our team-mate Pascal Zenker as part of a recent red-teaming engagement. The vulnerability is a case of insufficient control flow management, that allows an attacker with administrative privileges to bypass the Falcon Age
Log4Shell Update: Severity Upgraded 3.7 to 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaTrace
LunaSec + AI = LunaBrain - Our new blog series on AICerebras-GPT vs LLaMA AI Model ComparisonOpenAI Vendor Lock-in: The Ironic Story of How OpenAI Went from Open Source to "Open Your Wallet"Drowning in Vulnerabilities?Use the CSSStyleSheets API in a React AppLunaTrace Your Repos for Known Exploited VulnerabilitiesWhat is EPSS? A new rating system for exploitability of vulnerabilities.Text4Shell: A
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation | Datadog Security Labs
emerging vulnerabilities The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation November 1, 2022 emerging vulnerability On November 1, 2022, the OpenSSL Project released a security advisory detailing a high-severity vulnerability in the OpenSSL library. Deployments of OpenSSL from 3.0.0 to 3.0.6 (included) are vulnerable and are fixed in version 3.0.
SSID Confusion Attack WiFi Vulnerability (CVE-2023-52424)
Simon Migliano is a recognized world expert in VPNs. He's tested hundreds of VPN services and his research has featured on the BBC, The New York Times and more. Read full bio A new vulnerability arising from a design flaw in the WiFi standard allows attackers to trick victims into connecting to less secure networks and intercept their traffic. Additionally, the attack can exploit the auto-disconne
AWS RDS Vulnerability Leads to AWS Internal Service Credentials
AWS RDS Vulnerability Leads to AWS Internal Service Credentials TL; DR Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension. The internal AWS service was connected to AWS internal account, related to the RDS service. The vulnerability was reported to AWS Security team, who right a
Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaTrace
Originally Posted @ December 14th & Last Updated @ December 19th, 3:37pm PST Just trying to fix this? Please read our dedicated Mitigation Guide. After the log4j maintainers released version 2.15.0 to address the Log4Shell vulnerability, an additional attack vector was identified and reported in CVE-2021-45046. Our research into this shows that this new CVE invalidates previous mitigations used to
Linux has been bitten by its most high-severity vulnerability in years
Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions, including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps. Dirty Pipe, as the vulnerability has been named, is among the most serious Linux threats to be disclos
AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks
Reach out to get featured—contact us to send your exclusive story idea, research, hacks, or ask us a question or leave a comment/feedback! Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow a
Google Cloud recommendations for Apache Log4j 2 vulnerability | Google Cloud Blog
Google Cloud recommendations for investigating and responding to the Apache “Log4j 2” vulnerability Editor's note: This post was updated on 1/14/21 at 1:12pm PST. In this post, we provide recommendations from the Google Cybersecurity Action Team and discuss Google Cloud and Chronicle solutions to help security teams to manage the risk of the Apache “Log4j 2” vulnerability (CVE-2021-44228 and CVE-2
Announcing a unified vulnerability schema for open source
The latest news and insights from Google on security and safety on the Internet
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
OpenSSH CVE-2024-6387 RCE Vulnerability: Risk & Mitigation | Qualys
Vulnerability Management for Go - The Go Programming Language
M1RACLES: An Apple M1 Vulnerability
Log4J2 Vulnerability and Spring Boot
Git clone vulnerability announced
SpringShell: Spring Core RCE 0-day Vulnerability
iOS 15 iCloud Private Relay Vulnerability Identified
Git security vulnerability announced