コンテンツの拡散力の高さ、消費へのつながりやすさなどから、ショートムービープラットフォーム「TikTok」の存在が大きくなりつつあります。TikTok上でのバズを起点に、製品やサービスの売り上げにつながった成功事例も見ら […]
The post TikTokで企業アカウントが成果を上げるためのコツ|運用事例の共通点とは? appeared first on Marketing Native(マーケティング ネイティブ).
[org.apache.camel:camel-core] Improper Control of Generation of Code in Apache Camel
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including “$simple{}” in a CamelFileName message header to a (1) FILE or (2) FTP producer.
Ref…
[org.apache.httpcomponents:httpclient] Hostname verification in Apache HttpClient 4.3 was disabled by default
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
References
https://nv…
[mysql-connector-python] Improper Access Control in MySQL Connector Python
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with netwo…
[Microsoft.NETCore.App] Tampering vulnerability in .NET Core
A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka “.NET Core Tampering Vulnerability.” This affects .NET Core 2.1.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-8416
https://access.redhat.com/errata…
[TelerikMvcExtensions] Improper Access Control in Telerik Extensions
Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server’s web directory. NOTE: this product has been obsolete since June 2013.
References
https://nvd.nist.gov/…
[org.jenkins-ci.main:jenkins-core] Missing Authorization in Jenkins
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of…
[org.elasticsearch:elasticsearch] Improper Access Control in Elasticsearch
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security…
[com.itextpdf:itextpdf] Improper Restriction of XML External Entity Reference in iText
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-9096
…
[lxml] Improper Neutralization of Input During Web Page Generation in LXML
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by “j a v a s c r i p t:” in Internet …