Global Security Database (GSD)

 View Only

Latest Publications

Keeping up with log4shell aka CVE-2021-44228 aka the log4j version 2

+ Released: December 16, 2021

Got Vulnerability? Cloud Security Alliance Wants to Identify It

+ Released: July 15, 2021

Publications In Development

GSD Working Group Charter

Peer Review/ Design

TBD

Latest Discussion Posts

  • Thank you. Will start there Sent from my iPhone

    1 person likes this.
  • Hi Randolph, Sorry I didn't see this sooner. A good starting place would be to sign up for the working group here: https://csaurl.org/gsd-signup We're currently working on the tooling, scripts, and onboarding documentation. You can find meetings on ...

    1 person likes this.
  • Hi All, NIST has published NIST Internal Report (IR) 8409, Measuring the Common Vulnerability Scoring System Base Score Equation. Calculating the severity of information technology vulnerabilities is important for prioritizing vulnerability remediation ...

  • I don't think these are vulnerabilities per se, but they are definitely sharp edges that clearly most people don't know about. One thought: if there's an "informational" entry, e.g. "python pip will install software, as expected, but can also do so directly ...

    1 person likes this.
  • https://twitter.com/david3141593/status/1584462389977939968?s=43&t=CEmtkaMrle2hJwbdOXjMzw TIL python's pip will execute a setup .py directly from a ZIP archive from a web URL, with mime sniffing. This allows for a nice lolbin oneliner, with payload ...

    1 person likes this.

Latest Shared Files

Current Members