Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously c…
[org.jenkins-ci.plugins:metrics] Access key stored in plain text by Jenkins Metrics Plugin
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
References
https://nvd.nist.gov/v…
[org.jenkins-ci.plugins:badge] Stored XSS vulnerability in Jenkins Badge Plugin
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission….
ビックカメラの「新生活応援セール!」、早期購入でポイント3%アップ
ビックカメラグループは1月11日、2022年春から新生活をはじめる人に向けた「新生活セット(家電・パ…
【なぜ】ハロプロの楽曲でサブスクが解禁されない理由【Apple Music】|ハロプロを好きなオタクがモーニング娘。など各グループについて語ります
みなさんこんにちは。ぽる@poruw__です。 今日も芸能サイトやまとめサイトには載ってない内容をお届けするをポリシーに、愛するハロー!プロジェクトについて書いていきます。 ハロプロでは、楽曲については残念ながらApple Musicなどのサブスクは解禁されていません。なので僕はCDもしくはiTunesでハロプロの楽曲を購入…
[lru] Use After Free in lru
An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-45720
https://raw.githubusercontent.com/rusts…
[pytorch-lightning] pytorch-lightning is vulnerable to Deserialization of Untrusted Data
pytorch-lightning is vulnerable to Deserialization of Untrusted Data.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-4118
https://github.com/pytorchlightning/pytorch-lightning/commit/62f1e82e032eb16565e676d39e0db0cac7e34ace
https://huntr.dev/bou…
[actix-web] Out-of-bounds Write in actix-web
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-25024
https://raw.github…
[smallvec] Use of Uninitialized Resource in smallvec
An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-25023
https://raw.githubusercontent.com/rustsec/ad…
[actix-web] Out-of-bounds Write in actix-web
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-25025
https://raw.githubusercontent.com/rustsec…