情報収集 20250730
Published: Wed 30 July 2025
By shia

In security.

tags: news

316 Appleアップデート。macOSのページでコード実行はCVE-2025-43187のみ？っぽい。他は知らん。助けてGPT。
1. CVE-2025-54381｜BntoML
2. CVE-2025-8292｜Chrome
  - https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html
  - https://nvd …
read more
情報収集 20250729
Published: Tue 29 July 2025
By shia

In security.

tags: news

664
1. CVE-2025-54419｜Node.js Node-SAML
  - https://github.com/node-saml/node-saml/security/advisories/GHSA-4mxg-3p6v-xgq3
  - https://nvd.nist.gov/vuln/detail/CVE-2025-54419
  - 有効なSAMLアサーションの認証情報を改ざんできるらしい。認証周り勉強しないとなぁ。
2. CVE-2025-54446｜Samsung MagicINFO 9 Server
  - https://www.zerodayinitiative.com/advisories/ZDI-25-662/
  - https://nvd.nist …
read more
情報収集 20250725
Published: Fri 25 July 2025
By shia

In security.

tags: news

270
1. CVE-2025-23281｜NVIDIA GPU Display Driver
  - https://nvidia.custhelp.com/app/answers/detail/a_id/5670
  - https://www.security-next.com/172700
  - use after free。他にも色々。
2. CVE-2025-41240｜Bitnami
  - https://nvd.nist.gov/vuln/detail/CVE-2025-41240
  - 情報漏洩。usePasswordFilesの設定とアプリケーションの外部公開しているかによる模様。
read more
情報収集 20250724
Published: Thu 24 July 2025
By shia

In security.

tags: news

397
1. CVE-2025-7783｜Node.js form-data
  - https://nvd.nist.gov/vuln/detail/CVE-2025-7783
  - HTTPパラメータ汚染。条件が揃うとboundaryが推測可能らしい。
2. CVE-2025-54090｜Apache HTTPd
  - https://nvd.nist.gov/vuln/detail/CVE-2025-54090
  - RewriteCondが正しく機能してなかったっぽい。
read more
情報収集 20250723
Published: Wed 23 July 2025
By shia

In security.

tags: news

272
1. CVE-2025-54159｜Synology BeeDrive
  - http://synology.com/en-global/security/advisory/Synology_SA_25_08
  - リモートからファイル削除できるらしい。他ローカルのコード実行も報告あり。
2. CVE-2025-8034｜Firefox, Thunderbird
  - https://www …
read more
情報収集 20250722
Published: Tue 22 July 2025
By shia

In security.

tags: news

907
1. CVE-2025-6023, CVE-2025-6197｜Grafana
  - https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/
  - https://nvd.nist.gov/vuln/detail/CVE-2025-6023
  - https://nvd.nist.gov/vuln/detail/CVE-2025-6197
  - XSSとOpen Redirect。条件あり。
2. CVE-2025-54068｜Livewire
read more

Homebrewエラー

brew updateするとよくこんな感じのエラーがでる。

$ brew update
==> Updating Homebrew...
Error: Failed to download https://formulae.brew.sh/api/cask.jws.json!
Failed to download https://formulae.brew.sh/api/formula_tap_migrations.jws.json!
$

でない時 …

情報収集 20250717
Published: Thu 17 July 2025
By shia

In security.

tags: news

354
1. CVE-2025-40776｜BIND
  - https://kb.isc.org/docs/cve-2025-40776
  - https://nvd.nist.gov/vuln/detail/CVE-2025-40776
  - https://www.security-next.com/172437
  - キャッシュポイズニング。他にDoSのCVEもあり。設定に条件あり。
2. CVE-2025-20274｜Cisco Unified Intelligence Center
  - https://sec.cloudapps …
read more
情報収集 20250716
Published: Wed 16 July 2025
By shia

In security.

tags: news

314
1. CVE-2025-24477｜FortiOS
  - https://nvd.nist.gov/vuln/detail/CVE-2025-24477
2. CVE-2025-6965｜SQLite
  - https://nvd.nist.gov/vuln/detail/CVE-2025-6965
3. CVE-2025-53905,CVE-2025-53906｜vim
  - https://nvd.nist.gov/vuln/detail/CVE-2025-53905
  - https://nvd.nist.gov/vuln/detail/CVE-2025-53906
複数CVE。詳細はあとで見る。
1. Oracle
  - https://www …
read more
情報収集 20250715
Published: Tue 15 July 2025
By shia

In security.

tags: news

411
1. CVE-2025-53101｜ImageMagick
  - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
  - https://nvd.nist.gov/vuln/detail/CVE-2025-53101
  - https://www.security-next.com/172365
  - StackOverflow。他にもいくつか。
あとの少し前に報告されたCVE-2025-25257(FortiWeb)の詳細がwatchTowrから公開された模様 …
read more

links

social