A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they sh…
[deluge] Deluge Web-UI vulnerable to XSS through a crafted torrent file
The Deluge Web-UI is vulnerable to cross-site scripting through a crafted torrent file. The the data from torrent files is not properly sanitised as it’s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can exec…
[org.jboss.xnio:xnio-all] XNIO `notifyReadClosed` method logging message to unexpected end
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-relat…
[org.zkoss.zk:zk] ZK Framework vulnerable to malicious POST
ZK Framework version 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-36537
https://tracker….
BofA is Bearish on PCs But Likes Apple’s Prospects
By Dan Weil Global PC shipments fell 11.1% year-over-year in the second quarter, the biggest annual decline since Q2 2013. After booming through much of the covid pandemic, the personal computer industry is dropping back to earth. Global PC shipments f…
Google Workspace Updates Weekly Recap – August 26, 2022
New updatesUnless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each…
CJPT、日野の除名を発表 CJPTに出資した株式はトヨタに譲渡予定
Commercial Japan Partnership Technologies株式会社(以下、C…
JR西日本、次世代バイオディーゼル燃料導入に向けた実証実験実施
西日本旅客鉄道株式会社(以下、JR西日本)は、ディーゼル車両※1への次世代バイオディーゼル燃料※2導…
佐川急便などの物流センター、SGシステムら開発の顔認証勤怠システム導入
SGシステム株式会社(以下、SGシステム)らは、SGフィルダー株式会社(以下、SGフィルダー)の協力…
温泉施設で男子生徒の裸を撮影 容疑の男性教諭を逮捕 熊本県警大津署など
熊本県警大津署などは26日、児童買春・ポルノ禁止法違反(製造)容疑で、大津町室、公立学校の教諭の男(…