shia's note

情報収集 20250605
Published: Thu 05 June 2025
By shia

In security.

tags: news
1. CVE-2025-20286｜Cisco Identity Services Engine
  - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7
  - https://nvd.nist.gov/vuln/detail/CVE-2025-20286
  - 分類的にはハードコード系らしい。
2. CVE-2025-48710｜Kube Resource Orchestrator
  - https://orca.security/resources/blog/kubernetes-crd-abstraction-risks-kro/
  - https://nvd.nist …
read more
情報収集 20250604
Published: Wed 04 June 2025
By shia

In security.

tags: news

161
1. CVE-2025-31359｜Parallels Desktop for Mac
  - https://kb.parallels.com/en/125013
  - https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2160
  - https://nvd.nist.gov/vuln/detail/CVE-2025-31359
  - 権限昇格。修正は4月。TALOSから詳細が公開されたっぽい。他にもいくつか。
2. CVE-2025-4138｜Python
  - https://mail.python.org/archives/list/security-announce …
read more
情報収集 20250603
Published: Tue 03 June 2025
By shia

In security.

tags: news

315
1. CVE-2025-49113｜Roundcube Webmail
  - https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
  - https://nvd.nist.gov/vuln/detail/CVE-2025-49113
  - PHPオブジェクトのデシリアライズによるコード実行。要認証。
2. CVE-2025-3260｜Grafana
  - https://grafana.com/security/security-advisories/cve-2025-3260/
  - https://nvd.nist.gov/vuln/detail/CVE-2025-3260
  - 権限バイパス。認証 …
read more
情報収集 20250602
Published: Mon 02 June 2025
By shia

In security.

tags: news

345
1. CVE-2025-2502｜Lenovo PC Manager
  - https://iknow.lenovo.com.cn/detail/428586
  - https://nvd.nist.gov/vuln/detail/CVE-2025-2502
  - ローカルの権限昇格。
2. CVE-2025-48490｜Laravel Rest Api
  - https://github.com/Lomkit/laravel-rest-api/security/advisories/GHSA-69rh-hccr-cxrj
  - https://nvd.nist.gov/vuln/detail/CVE-2025-48490
  - Laravel関連ということで気になったが、この …
read more
情報収集 20250530
Published: Fri 30 May 2025
By shia

In security.

tags: news

464
1. CVE-2025-47933｜Argo CD
  - https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p
  - https://nvd.nist.gov/vuln/detail/CVE-2025-47933
  - https://www.security-next.com/170861
  - XSS。API経由でなりすましによるKubenetesリソースの作成、変更、削除などの操作ができるらしい。Kube界隈わからないけど人気？注目？のものっぽ …
read more
情報収集 20250529
Published: Thu 29 May 2025
By shia

In security.

tags: news

190
1. CVE-2025-32801｜Kea
  - https://kb.isc.org/docs/cve-2025-32801
  - https://nvd.nist.gov/vuln/detail/CVE-2025-32801
  - 趣味枠。
2. CVE-2024-47056｜Mautic
3. CVE-2025-3357｜IBM Tivoli Monitoring
  - https://www.ibm.com/support/pages/node …
read more
情報収集 20250528
Published: Wed 28 May 2025
By shia

In security.

tags: news

148
1. CVE-2025-5279｜Amazon Redshift Python Connector and the
  - https://aws.amazon.com/jp/security/security-bulletins/AWS-2025-011/
  - https://nvd.nist.gov/vuln/detail/CVE-2025-5279
  - BrowserAzureOAuth2CredentialsProvider plugin使用時にSSL証明書の検証不備があるらしい。
2. CVE-2025-5280｜Chrome
read more
情報収集 20250527
Published: Tue 27 May 2025
By shia

In security.

tags: news

182
1. CVE-2025-5124｜Sony SNC Network Camera
  - https://nvd.nist.gov/vuln/detail/CVE-2025-5124
  - https://github.com/zeke2997/CVE_request_Sony
  - 軽く見た範囲ではなんで採番されたんだろうという印象。デフォルトの認 …
read more
情報収集 20250526
Published: Mon 26 May 2025
By shia

In security.

tags: news

たしか300くらい
1. CVE-2025-48701｜OpenDCIM
  - https://nvd.nist.gov/vuln/detail/CVE-2025-48701
  - SQLインジェクション。DCIMってなんだっけ、というのが気になっただけ。
2. CVE-2025-47149｜i-FILTER
read more
情報収集 20250523
Published: Fri 23 May 2025
By shia

In security.

tags: news

384
1. CVE-2025-4366｜Pingora
  - https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora/
  - https://nvd.nist.gov/vuln/detail/CVE-2025-4366
  - https://rustsec.org/advisories/RUSTSEC-2025-0037.html
  - Request Smuggling。CDNとしての提供以外にOSSとして公開しているらしい。
2. CVE-2025-5024｜gnome-remote-desktop
  - https://bugzilla.redhat.com/show_bug.cgi?id=2367717
  - https://nvd.nist.gov/vuln/detail/CVE-2025-5024
  - 認証不要でシステム …
read more

links

social