Skip to content

トピトピニュース

Header Image
Archive

Month: May 2022

251 Posts

Featured

Posted byByakuya Biz Books
シンガポール発のコーヒーチェーン「フラッシュコーヒー」が2年で250店舗に拡大した理由
Posted byGoogle Japan Blog
個人情報を考える週間: パスワードとオンライン アカウントを安全に保つためのヒント
Posted byねっと特報
ウクライナ戦争に見るワイパー攻撃の実態とデジタル情報操作
Posted byFunglr Games(日本語)
「エースコンバット」と「トップガン マーヴェリック」が夢のコラボ!マーヴェリックスキンの「F-14A Tomcat」や「F/A-18E Super Hornet」が登場!

[org.apache.openmeetings:openmeetings-parent] Apache OpenMeetings responds to insecure HTTP methods

  • Posted inMODERATE
  • Posted byGitHub
  • 05/13/202211/30/2022

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
References

https://nvd.nist.gov/vuln/detail/CVE-2017-7685
http://markmail.org/message/uxk4bpq35svnyjhb
http://www.securityfocus.com/bid/99592
http…

[org.apache.mesos:mesos] Denial of service in Apache Mesos

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202211/02/2022

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters …

[org.apache.nifi:nifi] Improper Authentication In Apache NiFi

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202211/02/2022

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the “anonymous” user.
References

https://nvd.nist.gov/vuln/detail/…

[com.nimbusds:nimbus-jose-jwt] Nimbus JOSE+JWT vulnerable to padding oracle attack

  • Posted inLOW
  • Posted byGitHub
  • 05/13/202211/09/2022

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
References

https://nvd.nist.gov/vuln/detail/CVE-2017-12973
https://bitbu…

[pyjwt] PyJWT vulnerable to key confusion attacks

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202209/12/2022

In PyJWT 1.5.0 and below the invalid_strings check in HMACAlgorithm.prepare_key does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string —–BEGIN RSA PUBLIC K…

[puppet] Tarball permission preservation in puppet

  • Posted inMODERATE
  • Posted byGitHub
  • 05/13/202207/23/2022

When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user’s umask.
When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentia…

[Electron] Electron vulnerable to URL spoofing via PDFium

  • Posted inMODERATE
  • Posted byGitHub
  • 05/13/202209/16/2022

Electron version 1.7.0 – 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
References

https://nvd.nist.gov/vuln/detail/CVE-2017-1000424
https://github.com/electron/ele…

[org.jvnet.hudson.plugins:ssh] Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext

  • Posted inCRITICAL
  • Posted byGitHub
  • 05/13/202211/23/2022

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
References

https://nvd.nist.gov/vuln/detail/CVE-20…

[org.opencastproject:opencast-kernel] Opencast has Incorrect Permission Assignment

  • Posted inMODERATE
  • Posted byGitHub
  • 05/13/202211/09/2022

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access r…

[org.jboss.ws:jbossws-common] JBossWS vulnerable to uncontrolled recursion

  • Posted inLOW
  • Posted byGitHub
  • 05/13/202211/08/2022

DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOC…

Posts navigation

Previous Posts 1 … 18 19 20 21 22 … 26 Next Posts
トピトピニュース
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close