wpmaster

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will …

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-23424
https://github.com/Tjatse/ansi-ht…

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component ‘simiki/blob/master/simiki/config.py’.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-19001
https://github.c…

axios is vulnerable to Inefficient Regular Expression Complexity
References

https://nvd.nist.gov/vuln/detail/CVE-2021-3749
https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
https://huntr.dev/bounties/1e8f07fc-c384-4ff9-849…

Alder Lake に続き、次はSapphire Rapidsについて。 実はこちらも、HotCh…

Microsoftは8月31日(米国時間)、「Windows 11 available on Oct…

Impact
Due to an unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment.
Patches
0.10.2
Workarounds
None, other than upgrade to 0.10.2 or downgrade to 0.8.x.
For more information
If you ha…

Impact
TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format.
from tensorflow.keras import models

payload = ”’
!!python/object/new:type
args: [‘z’, !!python/tuple [], {‘extend’: !!py…

こちら でも述べたように、8月22日よりHotChips 33が開催され、Intelは Intel …

ポリ・ネットワークから約6億ドル(約660億円)もの暗号通貨が流出したとの報道があった※1。ハッキン…