エイチ・アイ・エス(HIS)は30日、同社が保有する長崎県佐世保市の大型リゾート施設「ハウステンボス」の全株式を、香港の投資会社「PAG Asia Capital Limited」系のプライベート・エクイティ・ファンドに
「トンデモ医療」近藤誠理論に惹かれる人がいるのはなぜか?医師が自省したこと
放射線科医で、「がん放置療法」を提唱したとされる近藤誠氏が今月13日に急逝したことが、医療界および、医療発信を行うマスコミにおいて静かな話題となっている。 筆者は、近藤氏の訃報で、「近藤理論」や「トンデモ医療」が注目を浴
[github.com/zitadel/zitadel] Broken Authorization in ZITADEL Actions
Impact
Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role ORG_OWNER are able to create Javascript Code, which is invoked by the system at certain points during the login.
Actions, for example, a…
[strapi-plugin-ezforms] Captcha Bypass in strapi-plugin-ezforms
Impact
Users using any captcha providers
Patches
0.1.0
References
Issue
References
https://github.com/excl-networks/strapi-plugin-ezforms/security/advisories/GHSA-8mgq-6r2q-82w9
https://github.com/excl-networks/strapi-plugin-ezforms/issues/15
https:…
[getkirby/cms] Cross-site scripting from content entered in the tags and multiselect fields
Introduction
Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby’s API wi…
[helm.sh/helm/v3] Denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package i…
[github.com/cilium/cilium] Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels
Impact
If a user has Network Policies with namespace selectors selecting labels of namespaces, or (clusterwide) Cilium Network Policies matching on namespace labels, then it is possible for an attacker with Kubernetes pod deploy rights (either directly…
[iana-time-zone] iana-time-zone vulnerable to use after free in MacOS / iOS implementation
In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced.
The copied system time zone was released before its name was copied.
If the system time zone was changed between the call of CFRelease and str::to_owned(),…
[mz-avro] mz-avro’s incorrect use of `set_len` allows for un-initialized memory
Affected versions of this crate passes an uninitialized buffer to a user-provided Read
implementation.
Arbitrary Read implementations can read from the uninitialized buffer (memory exposure)
and also can return incorrect number of bytes written to the…
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm] .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability…