トピトピニュース

自営業が大半の弁護士、夏休みはとれた？働き方改革とは程遠い実情＜アンケート＞

Posted inUncategorized
Posted by
09/02/2022

弁護士ドットコムが「夏休み」について会員の弁護士にアンケートをとったところ、301人が回答し、うち2…

パロディー時計の商標めぐり上告「OMECO（オメコ）が卑わいなら、人間そのものが卑わいになる」

Posted inUncategorized
Posted by
09/02/2022

スイスの高級時計ブランド「OMEGA（オメガ）」のパロディー時計の商標「OMECO（オメコ）」が特許…

「出会い系詐欺師」の居場所突き止め100万円回収、「弁護士プロレスラー」が奪った執念の3カウント！

Posted inUncategorized
Posted by
09/02/2022

現役のプロレスラー（リングネームは剛馬）でもある弁護士の川邉賢一郎氏（40）が、自身のツイッターでつ…

[francoisjacquet/rosariosis] francoisjacquet/rosariosis vulnerable to Cross-Site Scripting (XSS)

Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3072
https://github.com/francoisjacquet/rosariosis/commit/dcd3b86156bf9e981944e1a9e01ea23d8ad7c83a…

[org.apache.shenyu:shenyu-common] Apache ShenYu Admin v2.4.2-v2.4.3 has insecure permissions

Posted inHIGH
Posted byGitHub
09/02/202209/15/2022

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator’s passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Version 2.5.0 contains a patch for this issue.
References

…

[python-scciclient] python-scciclient vulnerable to Man-in-the-middle (MITM) attacks

Posted inHIGH
Posted byGitHub
09/02/202209/17/2022

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server’s certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.
References

https://nvd.nist.go…

[org.keycloak:keycloak-core] Keycloak vulnerable to Cross-Site Scripting (XSS)

A stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.
Reference…

暗号通貨取引所Crypto.com、9500円のつもりが誤って約10億円をユーザーに送金。7か月気づかず

Posted inUncategorized
Posted byテクノエッジ
09/02/2022

暗号通貨取引所を運営するCrypto.comの子会社が昨年、ユーザーへの100豪ドル(約9500円)…

[lz4-sys] lz4-sys vulnerable to memory corruption via issue in liblz4

Posted inCRITICAL
Posted byGitHub
09/02/2022

lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to
CVE-2021-3520.
Attackers could craft a payload that triggers an integer overflow upon
decompression, causing an out-of-bounds write.
The flaw has been corrected in version v1.9.4 of…

[github.com/ElrondNetwork/elrond-go] elrond-go MultiESDTNFTTransfer call on a SC address with missing function name

Posted inHIGH
Posted byGitHub
09/02/202209/10/2022

Impact
Anyone who uses elrond-go to process blocks (historical or actual) that contains a transaction like this: MultiESDTNFTTransfer@01@54444558544b4b5955532d323631626138@00@0793afc18c8da2ca@ (mind the missing function name after the last @)
Basic fun…