Month: February 2022

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This …

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
References

https://nvd.nist.gov/vuln/detai…

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data…

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to informatio…

A flaw was found in Wildfly’s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the “use-grammar-pool-only” feature. This flaw allows a specially-crafted XML file to manipulate the …

シンガー・ソングライター/ギタリストのReiが、2021年に始動させた、これまで築いてきた音楽仲間た…

原田知世が、3月23日にデビュー40周年を記念したニュー・アルバム『fruitful days』 を…

「進撃の巨人Brave Order」をレビュー。コミックやアニメで人気の「進撃の巨人」を原作とした多…

アイロボットのロボット掃除機「ルンバ」シリーズから、新モデルの「ルンバ j7+」「ルンバ j7」が登…