Fitbit は、常に世界中すべての人の健康増進を第一に考えています。前夜の睡眠の質のチェックから Fitbit アプリを使ったワークアウトやマインドフルネスセッションまで、毎日世界中で数百万人のユーザーが Fitbit を活用しています。本日は、Fitbit のヘルス&ウェルネスツールと Google のさまざまなスマートな機能を組み合わせた次世代の Fitbit ウェアラブル、Inspire 3、Versa 4、Sense 2 をご紹介できることを嬉しく思います。これまで以上に薄型で快適性も高め…
[exceedone/laravel-admin] exceedone/exment and exceedone/laravel-admin Cross-site Scripting vulnerability
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remot…
[exceedone/exment] exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated…
[node-opcua] node-opcua DoS when bypassing limitations for excessive memory consumption
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
References
h…
[opcua] opcua Vulnerable to Out-of-bounds Write
The package opcua from 0.0.0 until 0.11.0 is vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the …
[github.com/gravitational/teleport] Improper token validation leading to code execution in Teleport
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in plac…
[uri-template-lite] uri-template-lite Regular Expression Denial of Service
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the “URI.expand” method. A fix is available on the main branch of the repository.
R…
[ansible-runner] ansible-runner vulnerable to shell command injection
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host’s shell command. A developer could unintentionally write code that ge…
[getkirby/cms] Kirby CMS 2.5.12 Cross-site Request Forgery
An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-14519
https://…
[getkirby/cms] Kirby CMS 2.5.12 Cross-site Scripting
An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-14520
https://www.exploit-db.com/exploits/45068
htt…