An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.
…
[google-closure-library] Improper Input Validation in Google Closure Library
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation — update your library to version v202…
[org.odata4j:odata4j-dist] SQL Injection in odata4j
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE, this product is apparently discontinued.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-11023
https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ
https:…
[org.odata4j:odata4j-dist] SQL Injection in odata4j
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE, this product is apparently discontinued.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-11023
https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ
https:…
[org.odata4j:odata4j-dist] SQL Injection in odata4j
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-11024
https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ
https:/…
[org.webjars.bowergithub.wycats:handlebars.js] Remote code execution in handlebars when compiling templates
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-23369
https://github….
中国人民解放軍61419部隊の英語版ウィルス対策ソフト購入実態 米脅威インテリジェンスグループが調達文書入手
米マサチューセッツ州のサイバーセキュリティ企業、RecordedFutureの脅威インテリジェンスグ…
中森明菜「禁区」細野晴臣のクールなテクノ歌謡は歌番組泣かせ? 1983年 9月7日 中森明菜のシングル「禁区」がリリースされた日
中森明菜、キャリアの中で潮目となった歌長くヒットチャートを賑わせた歌手には何かしら “潮目” となっ…
GoogleがI/O 2021で“重大な”発表を行うと予告
今月初め、GoogleはI/Oイベントが今年復活することを認めました。昨年Googleが同イベントを…
ParallelsがChrome OSの対応デバイスをさらに追加
ChromebookのようなChrome OSデバイスは、非常に安価で通常は作業をこなすのに十分です…