誤りがあった場合はTwitterに報告をお願いします。-> Twitter《Har-sia》
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
Highest Score:108 (2023/03/16)
脆弱性情報:Har-sia CVE-2020-5741
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Highest Score:108 (2023/03/16)
脆弱性情報:Har-sia CVE-2021-39144
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.
Highest Score:34 (2023/03/14)
脆弱性情報:Har-sia CVE-2022-41328
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
Highest Score:38 (2023/03/02)
脆弱性情報:Har-sia CVE-2023-20078
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Microsoft Word Remote Code Execution Vulnerability
Highest Score:86 (2023/03/07)
脆弱性情報:Har-sia CVE-2023-21716
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Microsoft Outlook Elevation of Privilege Vulnerability
Highest Score:313 (2023/03/16)
脆弱性情報:Har-sia CVE-2023-23397
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Highest Score:141 (2023/02/14)
脆弱性情報:Har-sia CVE-2023-23529
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Windows SmartScreen Security Feature Bypass Vulnerability
Highest Score:70 (2023/03/15)
脆弱性情報:Har-sia CVE-2023-24880
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Highest Score:65 (2023/03/09)
脆弱性情報:Har-sia CVE-2023-25610
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Highest Score:44 (2023/03/10)
脆弱性情報:Har-sia CVE-2023-27532
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
Highest Score:38 (2023/03/24)
脆弱性情報:Har-sia CVE-2023-28432
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
計11件
Tweet