Python、npm和开源生态系统中的入口点可用于发动供应链攻击
聚焦源代码安全,网罗国内外最新资讯!编译:代码卫士网络安全研究员发现入口点可在多个程序生态系统,如 PyPI、npm、Ruby Gems、NuGet、Dart Pub 和 Rust Crates 中
Aggregator
A new Linux variant of FASTCash malware targets financial systems
9 months ago
A new Linux variant of FASTCash malware targets financial systemsNorth Korea-linked actors dep
警惕 | 擦亮眼,辨清这些涉诈高风险APP!
9 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063(来源:信息通信行业反诈中心)分享网络安全知识 强化网络安全意识欢迎关注《中国信息安全》杂志官方抖音号《中国信息安全》杂
前沿 | 人工智能对个人信息保护的挑战及其应对
9 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063文 | 天津大学法学院讲师 李欣倩习近平总书记指出:“没有网络安全就没有国家安全,就没有经济社会稳定运行,广大人民群众利
关注 | “指尖上的形式主义”全国整治工作会议在京召开
9 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-8234106310月14日,“指尖上的形式主义”全国整治工作会议在京召开。会议深入学习贯彻习近平总书记重要指示精神和党中央决策部署,就
专家解读 | 促进网络数据依法合理有效利用——浅谈《网络数据安全管理条例》内容特色及创新
9 months ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
沈逸:美国“假旗行动”污染全球网络空间
9 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063文 | 复旦大学网络空间国际治理研究基地主任 沈逸中方10月14日发布了第三份“伏特台风”调查报告。这份最新调查报告不仅
AI智·汇,开元拔萃,智汇争先 | 中国石油成功举办第四届网络安全攻防大赛
9 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-823410632024年10月9日至10日,以“开元拔萃,智汇争先”为主题的中国石油第四届网络安全攻防大赛在中国石油科技交流中心圆满落
专题·“微软蓝屏”事件 | 从终端安全产品可信设计角度谈“微软蓝屏”事件带来的启示
9 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063文 | 华为技术有限公司 马烨 王峰 廖勇在数字化时代,产品自身可信的重要性愈发凸显,尤其是为企业保驾护航的安全产品,其
A step-by-step guide to the Metasploit Framework
9 months ago
Follow this Metasploit Framework tutorial for a comprehensive overview of module types, targets, payloads, and much more!
Sweden, Finland partner to take down Sipulitie criminal marketplace
9 months ago
An online haven for the sale of narcotics and other criminal goods in Scandinavia was shut down and
Safer with Google: Advancing Memory Safety
9 months ago
Security Blog The latest news and insights from Google on security a
CVE-2023-1219 | Google Chrome up to 110.0.5481.177 Metrics TBD heap-based overflow
9 months ago
A vulnerability was found in Google Chrome and classified as critical. Affected by this issue is some unknown functionality of the component Metrics. The manipulation of the argument TBD leads to heap-based buffer overflow.
This vulnerability is handled as CVE-2023-1219. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-1220 | Google Chrome up to 110.0.5481.177 UMA TBD heap-based overflow
9 months ago
A vulnerability was found in Google Chrome. It has been classified as critical. This affects an unknown part of the component UMA. The manipulation of the argument TBD leads to heap-based buffer overflow.
This vulnerability is uniquely identified as CVE-2023-1220. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-1219 | Microsoft Edge Metrics heap-based overflow
9 months ago
A vulnerability, which was classified as critical, has been found in Microsoft Edge. Affected by this issue is some unknown functionality of the component Metrics. The manipulation leads to heap-based buffer overflow.
This vulnerability is handled as CVE-2023-1219. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2023-1220 | Microsoft Edge UMA heap-based overflow
9 months ago
A vulnerability, which was classified as critical, was found in Microsoft Edge. This affects an unknown part of the component UMA. The manipulation leads to heap-based buffer overflow.
This vulnerability is uniquely identified as CVE-2023-1220. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2022-46365 | Apache StreamPark logic error
9 months ago
A vulnerability, which was classified as problematic, was found in Apache StreamPark. Affected is an unknown function. The manipulation leads to business logic errors.
This vulnerability is traded as CVE-2022-46365. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com
CVE-2023-32007 | Apache Spark UI prior 3.4.0 command injection
9 months ago
A vulnerability classified as critical has been found in Apache Spark UI. Affected is an unknown function. The manipulation leads to command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is traded as CVE-2023-32007. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-31039 | Apache bRPC up to 1.4.x ServerOptions::pid_file input validation
9 months ago
A vulnerability was found in Apache bRPC up to 1.4.x. It has been declared as problematic. This vulnerability affects the function ServerOptions::pid_file. The manipulation of the argument pid_file leads to improper input validation.
This vulnerability was named CVE-2023-31039. Access to the local network is required for this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-31038 | Apache Log4cxx prior 1.1.0 ODBC Appender sql injection
9 months ago
A vulnerability classified as critical has been found in Apache Log4cxx. Affected is an unknown function of the component ODBC Appender. The manipulation leads to sql injection.
This vulnerability is traded as CVE-2023-31038. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com