Skip to content

トピトピニュース

Header Image
Author

GitHub

1143 Posts

Featured

Posted byGitHub
[github.com/crewjam/saml] crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Posted byGitHub
[org.keycloak:keycloak-core] Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Posted byGitHub
[bitlyshortener] Package discontinued because Bitly lowered the free quota
Posted byGitHub
[baserproject/basercms] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability

[oauthenticator] JupyterHub OAuthenticator elevation of privilege

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202209/13/2022

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in…

[org.apache.activemq:activemq-openwire-generator] ActiveMQ’s OpenWire protocol exposes certain system details as plain text

  • Posted inLOW
  • Posted byGitHub
  • 05/13/202211/23/2022

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
References

https://nvd.nist.gov/vuln/detail/CVE-2017-15709
https://lists.apa…

[bootstrap] Bootstrap vulnerable to Cross-Site Scripting (XSS)

  • Posted inMODERATE
  • Posted byGitHub
  • 05/13/202209/20/2022

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
References

https://nvd.nist.gov/vuln/detail/CVE-2018-14040
https://github.com/twbs/bootstrap/issues/26423
https://github.com/twbs/bootstrap/issues/26625
https://github.c…

[Microsoft.NETCore.Jit] .NET Core Denial of Service Vulnerability

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202210/26/2022

.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka “.NET Core Denial of Service Vulnerability”.
References

https://nvd.nist.gov/vuln/detai…

[org.jenkins-ci.main:jenkins-core] Improper Authorization in Jenkins Core

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202211/02/2022

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me …

[org.jenkins-ci.main:jenkins-core] Improper Authorization in Jenkins Core

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202211/02/2022

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefin…

[org.apache.mesos:mesos] Docker image code execution with Apache Mesos

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202211/02/2022

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1…

[org.springframework.data:spring-data-rest-core] Remote code execution in PATCH requests in Spring Data REST

  • Posted inCRITICAL
  • Posted byGitHub
  • 05/13/202211/05/2022

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) can use specially crafted JSON data to run arbitrary Java code.
References

https://nvd.nist.gov/vuln/detail/C…

[org.apache.deltaspike.modules:jsf-module-project] Cross-site Scripting in Apache DeltaSpike

  • Posted inMODERATE
  • Posted byGitHub
  • 05/13/202211/04/2022

The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get’s cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspi…

[com.github.pagehelper:pagehelper] MyBatis PageHelper vulnerable to time-blind SQL injection via orderBy parameter

  • Posted inCRITICAL
  • Posted byGitHub
  • 05/05/202210/21/2022

MyBatis PageHelper versions 3.5.x through 5.3.x were discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-28111
https://github.com/pagehelper/Mybatis-PageHelper
…

Posts navigation

Previous Posts 1 … 100 101 102 103 104 … 115 Next Posts
トピトピニュース
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close