今年秋の「iPhone 14」シリーズは、「発表イベントが9月7日、9月16日に発売(いずれも米現地…
「iPhone 14」発表イベントは9月7日、発売は16日説が有力。新製品予想まとめ
「iPhone 14」シリーズが発表されるのは9月上旬というのは確実ながらも、「いつ発表されるか」に…
[getkirby/starterkit] Cross site scripting in getkirby/starterkit
A stored cross-site scripting (XSS) vulnerability in Kirby’s Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-35174
h…
[AgileConfig.Client] Use of Hard-coded Credentials in AgileConfig.Client
Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-35540
https://github.com/dotnetcore/AgileConfig/issues/91
ht…
[omniauth] OmniAuth’s `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-36599
https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3e…
[frontier] Incorrect parsing of EVM reversion exit reason in RPC
Impact
A low severity security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this w…
[oqs] oqs’s Post-Quantum Signature scheme Rainbow level I parametersets broken
Ward Beullens found a practical key-recovery attack against Rainbow.
The level I parametersets are removed from liboqs starting from version 0.7.2.
Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop.
This means all the oqs::sig…
[kubevirt.io/kubevirt] Duplicate Advisory: KubeVirt arbitrary host file read from the VM
Duplicate Advisory
This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references.
Original Description
Summary
As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of pa…
[oqs] oqs’s Post-Quantum Key Encapsulation Mechanism SIKE broken
Wouter Castryck and Thomas Decru presented an efficient key recovery attack on the SIDH protocol.
As a result, the secret key of SIKEp751 can be recovered in a matter of hours.
The SIKE and SIDH schemes will be removed from oqs 0.7.2.
An efficient key …
How the Chrome team uses Chrome
Before Chrome browser was even launched, the Chrome team was working behind the scenes to create a different browsing experience: one that was both personalized and helpful. This mission has remained central to the Chrome team’s values as we continuous…