shia's note

情報収集 20250515
Published: Thu 15 May 2025
By shia

In security.

tags: news

昨日気になったのがちょこちょこ拾われてた。Jenkinsプラグインまったくわからん。 422
1. CVE-2025-3909｜Thunderbird
  - https://www.mozilla.org/en-US/security/advisories/mfsa2025-35/#CVE-2025-3909
  - https://nvd.nist.gov/vuln/detail/CVE-2025-3909
  - X-Mozilla-External-Attachment-URLヘッダの処理に問題があり、fileスキーマでjavascriptを実行される可能性がうんたらかんたら。
2. CVE-2025-4664｜Chrome
  - https://chromereleases.googleblog.com/2025/05 …
read more
情報収集 20250514
Published: Wed 14 May 2025
By shia

In security.

tags: news

Microsoftの日。 319
1. CVE-2025-30663｜Zoom Workplace Apps
  - https://www.zoom.com/en/trust/security-bulletin/zsb-25016/
  - ローカルの権限昇格。認証されたユーザのみ。
2. CVE-2025-3757｜OpenPubKey
  - https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq
  - https://nvd.nist.gov/vuln/detail/CVE-2025-3757 …
read more
情報収集 20250513
Published: Tue 13 May 2025
By shia

In security.

tags: news

Appleのリリースあり。 192
1. CVE-2024-26809｜Linux Kernel
  - https://securityonline.info/poc-released-cve-2024-26809-exploits-nftables-double-free-to-achieve-root-shell/
  - nftablesのnet/netfilterモジュールにおけるメモリ破損の脆弱性にコード実行のPoCが公開されたとのこと。
2. CVE-2025-22247｜VMware Tools
  - https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683
  - https://nvd.nist.gov/vuln/detail/CVE-2025-22247
  - https://securityonline.info/vmware-tools-update-addresses-insecure-file-handling-vulnerability/
  - ローカルファイルの改ざんし …
read more
情報収集 20250512
Published: Mon 12 May 2025
By shia

In security.

tags: news

483
1. CVE-2025-3462,CVE-2025-3463｜ASUS DriverHub
  - https://nvd.nist.gov/vuln/detail/CVE-2025-3462
  - https://www.asus.com/content/asus-product-security-advisory/
  - https://mrbruh.com/asusdriverhub/
  - マザーボード限定。検証不備によりHTTPでRCEできるらしいがものがいまいちわからない。
2. CVE-2025-4382｜GRUB
  - https://nvd.nist.gov/vuln/detail/CVE-2025-4382
  - 条件あ …
read more
情報収集 20250509
Published: Fri 09 May 2025
By shia

In security.

tags: news

424
1. CVE-2025-32873｜Django
  - https://www.djangoproject.com/weblog/2025/may/07/security-releases/
  - https://nvd.nist.gov/vuln/detail/CVE-2025-32873
  - DoS。パフォーマンス低下系。
2. CVE-2025-4207｜PostgreSQL
  - https://www.postgresql.org/support/security/CVE-2025-4207/
  - https://nvd.nist.gov/vuln/detail/CVE-2025-4207
  - DoS。GB18030(中国 …
read more
情報収集 20250508
Published: Thu 08 May 2025
By shia

In security.

tags: news

329
- CVE-2025-47709(Drupal Enterprise MFA)
  - https://www.drupal.org/sa-contrib-2025-055
  - 趣味枠。TFA設定の表示・変更が可能らしい。他にもいくつか。
- CVE-2025-24977(OpenCTI)
  - https://securityonline.info/cve-2025-24977-critical-rce-flaw-in-opencti-platform-exposes-infrastructure-to-root-level-attacks/
  - https://nvd.nist.gov/vuln/detail/CVE-2025-24977
  - RCE。Cyber Threat Inteligenceプラットフォームらしい。前も調 …
read more
情報収集 20250507
Published: Wed 07 May 2025
By shia

In security.

tags: news

GWで溜めてしまった...orz 900
- CVE-2025-4143(cloudflare/workers-mcp)
  - https://nvd.nist.gov/vuln/detail/CVE-2025-4143
  - 特定の状況下における資格情報窃取。
- CVE-2025-46337(ADOdb Library for PHP)
  - https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html
  - https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545 …
read more
情報収集 20250501
Published: Thu 01 May 2025
By shia

In security.

tags: news
- CVE-2024-22031(Rancher)
  - https://ranchermanager.docs.rancher.com/reference-guides/rancher-security/security-advisories-and-cves
  - https://github.com/rancher/rancher/security/advisories/GHSA-8h6m-wv39-239m
  - 権限分離のミス。プロジェクト作成権限が必要。
- CVE-2025-30194(dnsdist)
  - https://nvd.nist.gov/vuln/detail/CVE-2025-30194
  - https://securityonline.info …
read more
情報収集 20250430
Published: Wed 30 April 2025
By shia

In security.

tags: news

なんか平和気味。
- CVE-2025-23245(NVIDIA TensorRT LLM)
  - https://nvidia.custhelp.com/app/answers/detail/a_id/5648
  - Python Executor に脆弱性、ローカルでコード実行や情報漏洩、改ざんの可能性。
- CVE-2025-4092(Firefox …
read more
情報収集 20250425
Published: Fri 25 April 2025
By shia

In security.

tags: news
- CVE-2025-1976(Brocade Fabric OS)
  - https://nvd.nist.gov/vuln/detail/CVE-2025-1976
  - https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602
  - 管理者ロールが必要。OSコマンド以外のコード実行もできるっぽい。
- CVE-2025-23244(NVIDIA GPU Display Driver)
  - https://nvidia.custhelp.com/app/answers/detail/a_id/5630
  - https://www.security-next …
read more

links

social