Python Auditing Vulnerability
Demonstrates how a malicious package can insert a load-time poison pill to avoid detection by tools like Safety.
Tools that are designed to find vulnerable packages can not ever run in the same python environment that they…
モバイルSuica 利用者が意外と知らない「機種変更前サーバ退避」2分でできる 旧端末でやっておくこと
スマホでピッてやって電車に乗れて、買い物もできるおサイフケータイ。携帯電話キャリアは5G(第5世代移…
COVID-19: Resources to help people learn on YouTube
As more and more families find themselves at home, we know people are learning how to adjust to this situation. Beyond helping people find authoritative sources of news and information, we also want to be a helpful learning resource to families across …
[docutils] python-docutils allows insecure usage of temporary files
python-docutils allows insecure usage of temporary files
References
https://nvd.nist.gov/vuln/detail/CVE-2009-5042
https://security-tracker.debian.org/tracker/CVE-2009-5042
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560755
https://github.com/ad…
SONY製オーディオプレイヤーの設定方法 ~iTunesによるプレイリスト管理~
SONY製のオーディオプレイヤー。 ウォークマン、デジタルオーディオプレーヤー、ポータブルオーディオプレイヤーなど呼び方は様々です。以下、ウォークマンで呼び方は統一しますね。そのウォークマンの種類の内の1つであるNW-A […]
[requests-kerberos] Improper Authentication in requests-kerberos
python-requests-Kerberos through 0.5 does not handle mutual authentication
References
https://nvd.nist.gov/vuln/detail/CVE-2014-8650
https://github.com/requests/requests-kerberos/issues/35
https://github.com/requests/requests-kerberos/pull/36
https://…
9 womenbosses who inspire us on YouTube
Every time International Women’s Day rolls around, it’s an opportunity to reflect on all the women who push YouTube to be even better. They make this community the best that it can be. Here are nine women, from around the globe, who inspire us with the…
[com.fasterxml.jackson.core:jackson-databind] Deserialization of Untrusted Data in jackson-databind
FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
References
https://nvd.n…
[com.fasterxml.jackson.core:jackson-databind] Deserialization of Untrusted Data in jackson-databind
FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-20330
https://github.com/FasterXML/jackson…