最近の報告によると、Appleは今年後半にiPhone XR 2に新しいカラーオプションを導入すると…

txt：後藤真理絵(ヤフー株式会社) 構成：編集部Ethical AIとは何か2019年3月8日～3…

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
References

https://nvd.nist.gov/vuln/detail/CVE-2019-7164
https://github.com/sqlalchemy/sqlalchemy/issues/4481
https://access.redhat.com/errata/RHSA-2…

昨年発売された新型iPad Proには、iPhoneで先行していたFace ID技術が搭載されました…

There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution.
References

https://nvd.nist.gov/vuln/detail/CVE-2018-2032…

これからの子どもたちにとってパソコンやスマートフォンは、私たち以上に“使えて当たり前”のデバイスです…

ymlref allows code injection.
References

https://nvd.nist.gov/vuln/detail/CVE-2018-20133
https://github.com/dexter2206/ymlref/issues/2
https://github.com/advisories/GHSA-8r8j-xvfj-36f9

helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.
References

https://nvd.nist.gov/vuln/detail/CVE-2018-16516
https://github.com/flask-admin/flask-admin/pull/1699
https://github.com/advisories/GHSA-894g-6j7q-2hx6
https://lists.fedora…

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unint…

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Ref…