The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-128…
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups…
When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user’s umask.
When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentia…
米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA:Cybersec…
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as ‘Zip-Slip’.
Refer…
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-1…
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of …
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
References
https://nvd.nist.gov/vuln/detail/CVE-2015-4…
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a…
コンテンツの拡散力の高さ、消費へのつながりやすさなどから、ショートムービープラットフォーム「TikTok」の存在が大きくなりつつあります。TikTok上でのバズを起点に、製品やサービスの売り上げにつながった成功事例も見ら […]
The post TikTokで企業アカウントが成果を上げるためのコツ|運用事例の共通点とは? appeared first on Marketing Native(マーケティング ネイティブ).
