Skip to content

TechMedia

Header Image

新型iPad miniには「Face ID」が搭載されないかも…

  • Posted inUncategorized
  • Posted byWpmaster
  • 01/28/2019

昨年発売された新型iPad Proには、iPhoneで先行していたFace ID技術が搭載されました…

[activemodel] Duplicate Advisory: Moderate severity vulnerability that affects activemodel

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/18/201802/01/2023

Duplicate advisory
This advisory has been withdrawn because it is a duplicate of GHSA-543v-gj2c-r3ch. This link is maintained to preserve external references.
Original Description
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5….

[ember-source] ember-source Cross-site Scripting vulnerability

  • Posted inMODERATE
  • Posted byWpmaster
  • 08/29/201801/26/2023

Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title …

[rest-client] rest-client vulnerable to Session Fixation

  • Posted inCRITICAL
  • Posted byWpmaster
  • 08/14/201810/14/2022

REST client for Ruby (aka rest-client) versions 1.6.1.a until 1.8.0 allow remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
References

https://…

[tough-cookie] Regular Expression Denial of Service in tough-cookie

  • Posted inHIGH
  • Posted byWpmaster
  • 07/25/201804/04/2023

Affected versions of tough-cookie are susceptible to a regular expression denial of service.
The amplification on this vulnerability is relatively low – it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters…

[sanitize] Sanitize vulnerable to Improper Input Validation and Cross-site Scripting

  • Posted inHIGH
  • Posted byWpmaster
  • 03/21/201810/20/2022

When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements.
This can allow…

[rack-protection] rack-protection Observable Discrepancy vulnerability

  • Posted inMODERATE
  • Posted byWpmaster
  • 03/08/201801/26/2023

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby a…

[sinatra] Sinatra Path Traversal vulnerability

  • Posted inMODERATE
  • Posted byWpmaster
  • 02/21/201801/27/2023

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.
References

https://nvd.nist.gov/vuln/detail/CVE-2018-7212
https://github.com/…

[lynx] lynx doesn’t properly sanitize user input and exposes database password to unauthorized users

  • Posted inHIGH
  • Posted byWpmaster
  • 01/25/201801/24/2023

The lynx gem prior to 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.
As of version 1.0.0, lynx no longer supports a –password option. Passwords are only co…

[omniauth-oauth2] omniauth-oauth2 Cross-Site Request Forgery vulnerability

  • Posted inMODERATE
  • Posted byWpmaster
  • 10/25/201701/26/2023

Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem prior to 1.1.1 for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
References

https://nvd.nist.gov/vuln/detail/CVE-20…

Posts navigation

Previous Posts 1 … 81,132 81,133 81,134 81,135 Next Posts

Recent Posts

  • 大規模対戦ACT『Warlander』PS5/XSX版最新情報を公開―新コンテンツ追加やゲーム改善をリリースに向けて開発中
  • サウナブームが到来!!「ととのう」を提供するべく新サウナ施設や様々なサウナグッズが登場 (マイライフニュース)
  • 吉野家HDの24年2月期、営業益34%増 12年ぶり水準 (日本経済新聞)
  • 【フォト】大規模反攻、夏にずれ込む可能性 ウクライナ首相 (産経新聞)
  • 驚き!地球!グレートネイチャー「探検!未知なる海へ~北極海・ポリネシア~」[解][字]
An error has occurred, which probably means the feed is down. Try again later.
RSS Error: A feed could not be found at `https://nordot.app/-/feed/posts/rss?source_id=646357622673671265&curation_url=true`; the status code is `404` and content-type is `text/html; charset=UTF-8`
  • News
  • Twitter
  • Twilog
  • Scrapbox
  • Twitter log
  • Apple News
  • Mastodon log
  • coron news&archives
  • SNSNews
  • TechnoPlanet
  • iTech
  • ComputerJournal
  • Underground News
  • Last.fm
  • はてなブックマーク
  • Tumblr
  • ツイフィール
  • ウェブサイト利用規約
  • Google提供広告の広告設定
  • 他の広告のオプトアウト
  • Valuecommerce配信広告のオプトアウト
  • Zuck配信広告のオプトアウト
  • i-mobile配信広告のオプトアウト
  • Amazon.co.jpパーソナライズド広告の設定

What’s TechMedia

TechMediaはオープンRSS情報サイトです。世界中のウェブサイトから情報を収集し、検索のヒントになる情報を掲載しています。登録RSSの追加依頼はこちらから

TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close