ソニー・インタラクティブ・エンタテインメント(SIE)が、PlayStation 5用の新型コントロ…
[node-opcua] node-opcua DoS vulnerability via message with memory allocation that exceeds v8’s memory limit
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.
References
https://nvd.ni…
[asyncua] Uncontrolled Resource Consumption in asyncua and opcua
All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks – per single session or in total for all concurrent sessions. An attacker can exploit …
[opcua] Uncontrolled Resource Consumption in opcua
The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks – per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an u…
[ansible-runner] ansible-runner 2.0.0 vulnerable to Race Condition
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner’s private_data_dir the next time …
[ansible-runner] ansible-runner 2.0.0 default temporary files written to world R/W locations
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansibl…
[org.jenkins-ci.plugins:collabnet] RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
References
https://…
[org.jenkins-ci.plugins:git] Improper masking of credentials Jenkins in Git Plugin
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding.
References
https://nvd.nist.gov/vuln/detail/C…
[org.jenkins-ci.plugins:jobConfigHistory] Cross-site Scripting in Jenkins Job Configuration History Plugin
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job…
TDK北上新工場、現地で安全祈願祭 EV部品量産へ24年3月ごろ稼働
電子部品大手TDKの完全子会社TDKエレクトロニクスファクトリーズ(秋田県由利本荘市)は23日、岩手…