A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JV…
[mixlib-archive] mixlib-archive Path Traversal vulnerability
Chef Software’s mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using .. in tar archive entries
References
https://nvd.nist.gov/vuln/detail/CVE-2017-1000026
http…
[fluentd] Fluentd Escape Sequence Injection Vulnerability
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
References
https://nvd.nist.gov/vuln/detail/CVE-20…
[camaleon_cms] Camaleon CMS vulnerable to Stored Cross-site Scripting
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-18260…
[org.jgroups:jgroups] Improper Input Validation in JGroups
JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vec…
ゲーミングPC200台!大型LEDを完備した国内最大級の教育eスポーツ施設が誕生!オープンキャンパスのほか、高校eスポーツ部活動支援事業も!
ゲーミングPC200台と大型LEDを完備。752.7m2を誇る教育機関として国内最大クラスのeスポー…
ハーレー新型ナイトスターの詳細や特徴と試乗レビュー
いよいよ発売されました、新型ナイトスターですが、第一印象がめちゃくちゃかっこいいですよね! 特にパッ…
Google I/O 2022 Keynote: Android開発者まとめ
2022年5月12日(現地時刻)Google I/O 2022 Keynote およびDeveloper KeynoteよりAndroid関連のトピックをお届けします。今年のGoogle I/Oも基本的にはオンラインイベ […]
The post Google I/O 2022 Keynote: Android開発者まとめ first appeared on TechBooster.
発達性協調運動障害(DCD)児童向けトレーニングゲーム 「トレキング」発売開始のお知らせ
実証実験で裏付けされた「有効なトレーニング」平岩幹男博士と笹田哲教授が監修。 発達性協調運動障害(D…
[pdfkit] PDFKit Improper Input Validation vulnerability
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
References
https://nvd.nist.gov/vuln/detail/CVE-2013-1607
https://exchange.xforce.ibmcloud.com/vulnerabilities/82563
https://web.archive.org/web/20200229104225/https://www.securityfocus…