shia's note

情報収集 20250820
Published: Wed 20 August 2025
By shia

In security.

tags: news

月次でリリースだすとこの対応をどうにかしたい。でも毎回severity高いのがあるわけでもないのがなぁ。
1. CVE-2025-42957｜SAP S/4HANA
read more
情報収集 20250808
Published: Fri 08 August 2025
By shia

In security.

tags: news

543
1. CVE-2025-54887｜Ruby JWE
  - https://github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73
  - https://nvd.nist.gov/vuln/detail/CVE-2025-54887
  - 暗号化されたJWEの認証タグに対してブルートフォース攻撃が可能らしい。わからん。
2. CVE-2025-32094｜Akamai Ghost
read more
情報収集 20250807
Published: Thu 07 August 2025
By shia

In security.

tags: news

258
1. CVE-2025-53786｜Microsoft Exchange Server
2. CVE-2025-27071｜Qualcomm
read more
情報収集 20250806
Published: Wed 06 August 2025
By shia

In security.

tags: news

1k+
1. CVE-2025-54987｜Trend Micro Apex One
2. CVE-2025-23310｜NVIDIA Triton Inference Server
  - https://nvidia.custhelp.com/app/answers/detail/a_id/5687
3. CVE-2025-48530｜Android
  - https://source.android.com/docs …
read more
情報収集 20250801
Published: Fri 01 August 2025
By shia

In security.

tags: news

296
1. CVE-2025-36594｜Dell PowerProtect Data Domain
  - https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
2. CVE-2025-36604｜Dell Unity
  - https://www.dell.com/support/kbdoc/en-us/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
何か古いの拾われてきた。
1. CVE-2014-125124｜PandoraFMS
  - https://nvd.nist.gov/vuln/detail/CVE-2014-125124
2. CVE-2013-10042｜freeFTPd
  - https …
read more
情報収集 20250731
Published: Thu 31 July 2025
By shia

In security.

tags: news

259
1. CVE-2025-54576｜OAuth2-Proxy
  - https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7rh7-c77v-6434
  - https://nvd.nist.gov/vuln/detail/CVE-2025-54576
  - https://www.security-next.com/172895
  - 認証回避。skip_auth_routesのマッチング処理に起因。
2. CVE-2025-54388｜Moby
  - https://nvd.nist.gov/vuln/detail/CVE-2025-54388
  - こん …
read more
情報収集 20250730
Published: Wed 30 July 2025
By shia

In security.

tags: news

316 Appleアップデート。macOSのページでコード実行はCVE-2025-43187のみ？っぽい。他は知らん。助けてGPT。
1. CVE-2025-54381｜BntoML
2. CVE-2025-8292｜Chrome
  - https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html
  - https://nvd …
read more
情報収集 20250729
Published: Tue 29 July 2025
By shia

In security.

tags: news

664
1. CVE-2025-54419｜Node.js Node-SAML
  - https://github.com/node-saml/node-saml/security/advisories/GHSA-4mxg-3p6v-xgq3
  - https://nvd.nist.gov/vuln/detail/CVE-2025-54419
  - 有効なSAMLアサーションの認証情報を改ざんできるらしい。認証周り勉強しないとなぁ。
2. CVE-2025-54446｜Samsung MagicINFO 9 Server
  - https://www.zerodayinitiative.com/advisories/ZDI-25-662/
  - https://nvd.nist …
read more
情報収集 20250725
Published: Fri 25 July 2025
By shia

In security.

tags: news

270
1. CVE-2025-23281｜NVIDIA GPU Display Driver
  - https://nvidia.custhelp.com/app/answers/detail/a_id/5670
  - https://www.security-next.com/172700
  - use after free。他にも色々。
2. CVE-2025-41240｜Bitnami
  - https://nvd.nist.gov/vuln/detail/CVE-2025-41240
  - 情報漏洩。usePasswordFilesの設定とアプリケーションの外部公開しているかによる模様。
read more
情報収集 20250724
Published: Thu 24 July 2025
By shia

In security.

tags: news

397
1. CVE-2025-7783｜Node.js form-data
  - https://nvd.nist.gov/vuln/detail/CVE-2025-7783
  - HTTPパラメータ汚染。条件が揃うとboundaryが推測可能らしい。
2. CVE-2025-54090｜Apache HTTPd
  - https://nvd.nist.gov/vuln/detail/CVE-2025-54090
  - RewriteCondが正しく機能してなかったっぽい。
read more

links

social