Skip to content

トピトピニュース

Header Image
Author

GitHub

1143 Posts

Featured

Posted byGitHub
[github.com/crewjam/saml] crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Posted byGitHub
[org.keycloak:keycloak-core] Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Posted byGitHub
[bitlyshortener] Package discontinued because Bitly lowered the free quota
Posted byGitHub
[baserproject/basercms] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability

[Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64] Integer overflow in the bundled Brotli C library

  • Posted inMODERATE
  • Posted byGitHub
  • 05/25/202211/01/2022

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a “one-shot” decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 Gi…

[Microsoft.AspNetCore.Http] Cookie parsing failure

  • Posted inHIGH
  • Posted byGitHub
  • 05/25/202211/24/2022

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being …

[expo] Expo on iOS is insecure due incorrect security attribute application

  • Posted inMODERATE
  • Posted byGitHub
  • 05/25/202209/16/2022

secure-store in Expo through 9.1.0 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-24653
https://github.com/expo/expo/pull/926…

[Microsoft.AspNetCore.App.Runtime.linux-arm] ASP.NET Core Denial of Service Vulnerability

  • Posted inHIGH
  • Posted byGitHub
  • 05/25/202210/25/2022

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ASP.NET Core Denial of Service Vulnerability.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-1597
https://lists.fedoraproject.org/archives/list/packa…

[org.jenkins-ci.main:jenkins-core] Improper Neutralization of Input During Web Page Generation in Jenkins

  • Posted inMODERATE
  • Posted byGitHub
  • 05/25/202210/07/2022

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
References

https://nvd.nist…

[org.jenkins-ci.main:jenkins-core] Improper Neutralization of Input During Web Page Generation in Jenkins

  • Posted inMODERATE
  • Posted byGitHub
  • 05/25/202210/07/2022

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2229
https://jenkins.io/security…

[org.jenkins-ci.main:jenkins-core] Improper Neutralization of Input During Web Page Generation in Jenkins

  • Posted inMODERATE
  • Posted byGitHub
  • 05/25/202211/01/2022

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via ‘Trigger builds remotely’, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure per…

[Microsoft.NETCore.App.Runtime.linux-arm64] .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability

  • Posted inHIGH
  • Posted byGitHub
  • 05/25/202210/22/2022

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka ‘.NET Framework, SharePoint Server, and Visual Studio Remote Code Executio…

[Microsoft.AspNetCore.App.Runtime.linux-musl-x64] ASP.NET Core Denial of Service Vulnerability

  • Posted inHIGH
  • Posted byGitHub
  • 05/25/202210/22/2022

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-1161
https://portal.msrc.microsoft.com/en-US/security-…

[Microsoft.NETCore.App.Runtime.linux-arm64] .NET Core & .NET Framework Denial of Service Vulnerability

  • Posted inHIGH
  • Posted byGitHub
  • 05/25/202210/22/2022

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka ‘.NET Core & .NET Framework Denial of Service Vulnerability’.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-1108
https://portal.m…

Posts navigation

Previous Posts 1 … 81 82 83 84 85 … 115 Next Posts
トピトピニュース
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close