セキュリティ診断、情報提供

セキュリティに関する情報の提供、ウェブ診断ツールを提供しているサイトです。

アナウンス一覧表示

JVN脆弱性情報 JVN脆弱性検索トップへ

更新日:2024年2月5日11:32

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日
1	7	重要ローカル	Canonical Linux	Ubuntu Linux Kernel	Linux の Linux Kernel 等複数ベンダの製品における解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2022-2602	2024-02-5 11:24	2022-10-19
2	7.8	重要ローカル	Canonical Linux	Ubuntu Linux Kernel	Linux の Linux Kernel 等複数ベンダの製品における二重解放に関する脆弱性	CWE-415 二重解放	CVE-2022-2588	2024-02-5 11:09	2022-08-9
3	7.8	重要ローカル	Canonical Linux	Ubuntu Linux Kernel	Linux の Linux Kernel 等複数ベンダの製品における解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2022-2586	2024-02-5 11:02	2022-08-9
4	5.5	警告ローカル	fortanix	confidential computing manager	fortanix の Intel Software Guard Extensions 用 confidential computing manager における脆弱性	CWE-noinfo 情報不足	CVE-2023-38021	2024-02-2 17:01	2023-12-30
5	5.5	警告ローカル	fortanix	confidential computing manager	fortanix の Intel Software Guard Extensions 用 confidential computing manager における脆弱性	CWE-noinfo 情報不足	CVE-2023-38022	2024-02-2 17:01	2023-12-30
6	5.5	警告ローカル	scontain	scone	scontain の scone における脆弱性	CWE-noinfo 情報不足	CVE-2023-38023	2024-02-2 17:01	2023-12-30
7	7.2	重要ネットワーク	oretnom23	house rental management system	oretnom23 の house rental management system における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2024-0502	2024-02-2 17:01	2024-01-13
8	7.5	重要ネットワーク	newtonsoft	json.net	newtonsoft の json.net における例外的な状態の処理に関する脆弱性	CWE-755 例外的な状態における不適切な処理	CVE-2024-21907	2024-02-2 17:01	2024-01-3
9	5.5	警告ローカル	アップル	iPadOS iOS	複数のアップル製品における脆弱性	CWE-noinfo 情報不足	CVE-2022-46710	2024-02-2 16:58	2022-12-13
10	7.8	重要ローカル		-	アップルの macOS における脆弱性	CWE-noinfo 情報不足	CVE-2022-46721	2024-02-2 16:58	2022-10-24

NVD脆弱性情報 NVD脆弱性検索トップへ

更新日":2024年4月19日20:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日
1	-		-	-	Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bif… New	-	CVE-2024-1065	2024-04-19 18:15	2024-04-19
2	-		-	-	Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already … New	-	CVE-2024-0671	2024-04-19 18:15	2024-04-19
3	-		-	-	In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null … New	-	CVE-2024-22257	2024-04-19 16:15	2024-03-19
4	-		-	-	An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. New	-	CVE-2024-26328	2024-04-19 16:15	2024-02-19
5	-		-	-	An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. New	-	CVE-2024-26327	2024-04-19 16:15	2024-02-19
6	-		-	-	Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workar… New	CWE-200 情報漏えい	CVE-2024-24758	2024-04-19 16:15	2024-02-17
7	-		-	-	Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upg… New	CWE-400 リソースの枯渇	CVE-2024-24750	2024-04-19 16:15	2024-02-17
8	-		-	-	`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) m… New	-	CVE-2024-25940	2024-04-19 16:15	2024-02-15
9	-		-	-	An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no me… New	-	CVE-2023-45288	2024-04-19 16:15	2024-04-5
10	9.8	CRITICAL ネットワーク	postgresql fedoraproject	postgresql_jdbc_driver fedora	pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string … New	CWE-89 SQLインジェクション	CVE-2024-1597	2024-04-19 16:15	2024-02-19

バージョン更新履歴抜粋 バージョン更新履歴へ

対象期間 : 2024-04-13 〜 2024-04-20

No	名前	ジャンル	バージョン	リリース日	セキュリティ修正	リリース情報
1	New!! Linux Kernel 5.15（LTS）	OS	5.15.156	2024-04-17	不明	表示
2	New!! Apache Tomcat 9.0	ウェブサーバー	9.0.88	2024-04-16	不明	表示
3	New!! Linux Kernel 5.10（LTS）	OS	5.10.215	2024-04-13	有り	表示
4	New!! Linux Kernel 5.4（LTS）	OS	5.4.274	2024-04-13	有り	表示
5	New!! Linux Kernel 4.19（LTS）	OS	4.19.312	2024-04-13	有り	表示
6	New!! Linux Kernel 5.15（LTS）	OS	5.15.155	2024-04-13	不明	表示

サポート期限 サポート期限情報へ

対象期間 : 2024-03-01 〜 2024-07-31

No	名前	通常サポート	セキュリティサポート	延長サポート
1	Ruby 3.0	2024-03-31
2	Ubuntu 16.04 LTS	2021-04-30		2024-04-30
3	Django3.2 LTS	2021-12-31		2024-04-30
4	Node.js 16 (LTS)	2022-10-18	2024-04-30
5	MongoDB 4.4	2024-04-30
6	Ubuntu 23.04	2024-04-30
7	Fedora 38	2024-05-14
8	Angular 15	2023-05-18	2024-05-18
9	Linux Kernel 5.18	2024-05-25
10	CentOS 6	2017-03-31	2020-11-30	2024-06-30
11	Red Hat Enterprise Linux 6	2022-05-10	2020-11-30	2024-06-30
12	Red Hat Enterprise Linux 7	2020-08-6	2024-06-30
13	FreeBSD 12	2024-06-30
14	MariaDB 11.0	2024-06-30
15	SQL Server 2014 Service Pack 3	2019-07-9		2024-07-9
16	CentOS 7	2020-12-31	2024-07-30

2024-4-19 JST

メディア・ニュース

No	名前	URL	変更部分の抜粋	タグ
1	Dark Reading	https://www.darkreading.com/	Nigeria & Romania Ranked Among Top Cybercrime Havens,Apr 18, 2024,Containers in the cloud concept art,Сloud Security,Active Kubernetes RCE Attack Relies on Known OpenMetadata Vulns,Active Kubernetes R ...	English News 海外情報提供
2	HELPNETSECURITY	https://www.helpnetsecurity.com/	Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204),April 18, 2024,Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate,April 18, ...	English News 海外情報提供
3	Security Intelligence	https://securityintelligence.com/	Risk Management,April 11, 2024,Ransomware payouts hit all-time high, but that’s not the whole story,Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total pa ...	English News 海外情報提供
4	TechNadu.com	https://www.technadu.com/	How to Watch Michael Portillo’s Long Weekends Online from Anywhere,April 19, 2024,How to Watch Love During Lockup Season 5 Online from Anywhere,April 19, 2024,How to Watch The Spiderwick Chronicles On ...	English News 海外情報提供
5	WeLiveSecurity	https://www.welivesecurity.com/	Scams,The many faces of impersonation fraud: Spot an imposter before it’s too late,Scams,The many faces of impersonation fraud: Spot an imposter before it’s too late,What are some of the most common g ...	English News 海外情報提供
6	www.scmagazine.com	https://www.scmagazine.com/	Microsoft finds Kubernetes clusters targeted by OpenMetadata exploits,April 18, 2024,A cryptominer campaign leveraged five vulnerabilities in OpenMetadata to infect environments.,Six ways to fend off ...	English News 海外情報提供
7	www.securityweek.com	https://www.securityweek.com/	Now on Demand,Ransomware Resilience & Recovery Summit - All Sessions Available,SAP Applications Increasingly in Attacker Crosshairs, Report Shows,Malicious hackers are targeting SAP applications at an ...	English News 海外情報提供

ブログ

No	名前	URL	変更部分の抜粋	タグ
1	GitHubのSecurity勧告	https://securitylab.github.com/advisories	April 18, 2024,GHSL-2024-033: Server-Side Request Forgery (SSRF) in open-webui - CVE-2024-30256,Open-webui is vulnerable to authenticated blind server-side request forgery.,Sylwia Budzynska,April 18, ...	English 会社ブログ情報提供セキュリティ勧告
2	Open Source DFIR	https://osdfir.blogspot.com/	Welcoming Yeti to the OSDFIR Infrastructure family,Get link,Facebook,Twitter,Pinterest,Email,Other Apps,By,Wajih Yassine,April 18, 2024,Authored by Thomas Chopitea and Wajih Yassine Overview We are ex ...	English インシデント対応ブログ Forensic 情報提供
3	Suciriブログ	https://blog.sucuri.net/	The latest news in website malware infections, WordPress vulnerabilities, troubleshooting errors, and security best practices.,Website Security,995 posts,JavaScript Malware Switches to Server-Side Red ...	English 海外会社ブログ情報提供

脆弱性通知サイト

No	イメージ	名前	URL	変更部分の抜粋	タグ
1		Packet Storm	https://packetstormsecurity.com/	exploit the possibilities,Lawmakers Are Kicking Warrantless Wiretapping Into Overdrive,Five Eyes Agencies Release New AI Security Guidance,Kremlin-Backed Actors Spread Disinformation Ahead Of US Elect ...	English News Tools 海外 Hacking Exploit

セキュリティ勧告

No	イメージ	名前	URL	変更部分の抜粋	タグ
1		VMware Security Advisories	https://www.vmware.com/security/advisories.html	Critical Security Patch Notice:,Broadcom is providing all perpetual license customers, including those that have expired support contracts, with free access to all published patches for Critical Sever ...	English 海外セキュリティ勧告