Palitから、NVIDIA Ampereシリーズ集大成となる最上位GPU「GeForce RTX …
[org.apache.tomcat:tomcat] Denial of Service in Apache Tomcat
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters a…
[openssl-src] `OCSP_basic_verify` may incorrectly verify the response signing certificate
The function OCSP_basic_verify verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the respons…
[openssl-src] Resource leakage when decoding certificates and keys
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically deco…
[openssl-src] Incorrect MAC key used in the RC4-MD5 ciphersuite
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sen…
[com.google.oauth-client:google-oauth-client] Improper Verification of Cryptographic Signature in google-oauth-java-client
Summary
The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the signature before verifying the claims (e.g., iss, aud, etc.). Signature verification makes sure that the token’s paylo…
[Masuit.Tools.Core] Code Injection in Masuit.Tools.Core
All versions of package Masuit.Tools.Core are vulnerable to Arbitrary Code Execution via the ReceiveVarData function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has…
おとぎ話であり「愛」「結婚」の普遍的な物語!? ジェニファー・ロペス主演 『マリー・ミー』レビュー
“逆シンデレラ”物語としても話題の『マリー・ミー』。今作を、映画をこよなく愛するラジオパーソナリティ…
[org.apache.tomcat:tomcat] Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server’s hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the real…
[feedparser] Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in feedparser
Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.
References
h…