原田知世が、3月23日にデビュー40周年を記念したニュー・アルバム『fruitful days』 を…
クッションにも光らせてあげよう!光るゲーミングクッション「Razer Head Cushion Chroma」登場!
光らないものはもはやないレベルのゲーミングデバイス界隈。PC本体はもちろんのことマウスやキーボード、…
[github.com/google/go-tpm/tpm] TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
Impact
TPM 2.0 users are unaffected by this issue.
An adversary eavesdropping on the TPM 1.2 transport path can calculate usageAuth for a key created with CreateWrapKey, even though this value is encrypted as part of the TPM 1.2 command protocol.
The T…
[parsec-service] Chrono has potential segfault issue in SPIFFE authenticator
Impact
Several vulnerabilities have been reported in the time and chrono crates related to handling of calls to localtime_r. You can follow some of the discussions here and here, and the associated CVE here. In our case, the issue with the dependency w…
Android 13 Developer Preview 1リリース:変更点と新機能
2022年2月10日10:00AM(現地時間)、GoogleよりAndroid 13 Developer Preivew1が発表されました。最新のAndroid 13(Android T, Android 13 t-DP […]
The post Android 13 Developer Preview 1リリース:変更点と新機能 first appeared on TechBooster.
[org.jenkins-ci.main:jenkins-core] DoS vulnerability in bundled XStream library in Jenkins Core
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier is affected by the XStream library’s vulnerability CVE-2021-43859. This library is used by Jenkins to serialize and deserialize various XML files, like global and job config.xml, build.xml, and numerou…
[code.gitea.io/gitea] Reuse of one time passwords allowed in Gitea
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
References
https://nvd.nist.gov/vuln/detail/CVE-20…
[code.gitea.io/gitea] Improper Privilege Management in Gitea
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-453…
[org.hibernate:hibernate-core] SQL injection in hibernate-core
A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL co…
[org.xwiki.platform:xwiki-platform-administration-ui] Remote code execution in xwiki-platform
Impact
It’s possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming right…