吉祥寺北口システムが気になった記事をクリップしています。タイトルから元記事にリンクしています。タグは記事タイトルを形態素分析しています。たまにコメントをつけています。

Arbitrary

• VU#253266 – Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
  • 253266(1)
  • Allow(28)
  • Arbitrary(26)
  • Code(400)
  • in(2447)
  • Injection(59)
  • Keras(10)
  • Lambda(205)
  • layers(2)
  • Models(50)
  • TensorFlow(48)
  • VU(109)
• cri-o: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter ? Advisory ? cri-o/cri-o ? GitHub
  • Abusing(7)
  • Advisory(250)
  • Arbitrary(26)
  • Code(400)
  • core(397)
  • CRI-O(4)
  • execution(116)
  • GitHub(873)
  • in(2447)
  • Kernel(80)
  • parameter(8)
  • Pattern(8)
  • via(72)
• RHSB-2022-002 Dirty Pipe – kernel arbitrary file manipulation – (CVE-2022-0847) – Red Hat Customer Portal
  • 0847(6)
  • 2022(1916)
  • Arbitrary(26)
  • Customer(107)
  • CVE-(1427)
  • Dirty(15)
  • File(134)
  • Hat(275)
  • Kernel(80)
  • Manipulation(5)
  • Pipe(5)
  • Portal(110)
  • Red(345)
  • RHSB-(2)
• Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2020-013 | Drupal.org
  • 013(2)
  • 2020(1856)
  • Arbitrary(26)
  • Code(400)
  • core(397)
  • Critical(213)
  • Drupal(141)
  • execution(116)
  • org(402)
  • PHP(175)
  • SA-CORE-(72)
• Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2020-005 | Drupal.org
  • 005(7)
  • 2020(1856)
  • Arbitrary(26)
  • Code(400)
  • core(397)
  • Critical(213)
  • Drupal(141)
  • execution(116)
  • org(402)
  • PHP(175)
  • SA-CORE-(72)
• Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution Vulnerability
  • App(782)
  • Arbitrary(26)
  • Cisco(204)
  • Desktop(413)
  • execution(116)
  • Filtering(4)
  • meetings(17)
  • Program(215)
  • URL(188)
  • Vulnerability(515)
  • WebEx(31)
• VU#941987 – Apple devices vulnerable to arbitrary code execution in SecureROM
  • 941987(1)
  • apple(3294)
  • Arbitrary(26)
  • Code(400)
  • Devices(127)
  • execution(116)
  • in(2447)
  • SecureROM(1)
  • to(3295)
  • VU(109)
  • vulnerable(40)
• Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution
  • Allow(28)
  • Arbitrary(26)
  • Code(400)
  • Could(65)
  • execution(116)
  • for(5179)
  • in(2447)
  • multiple(132)
  • PHP(175)
  • Vulnerabilities(210)
• VU#790507 – Oracle Solaris vulnerable to arbitrary code execution via /proc/self
  • 790507(1)
  • Arbitrary(26)
  • Code(400)
  • execution(116)
  • Oracle(873)
  • proc(2)
  • Self(24)
  • Solaris(17)
  • to(3295)
  • via(72)
  • VU(109)
  • vulnerable(40)
• A Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution
  • Allow(28)
  • Arbitrary(26)
  • Code(400)
  • Could(65)
  • execution(116)
  • Firefox(744)
  • for(5179)
  • in(2447)
  • Mozilla(462)
  • Vulnerability(515)
• Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2019-002 | Drupal.org
  • 002(10)
  • 2019(1756)
  • Arbitrary(26)
  • Code(400)
  • core(397)
  • Critical(213)
  • Drupal(141)
  • execution(116)
  • org(402)
  • PHP(175)
  • SA-CORE-(72)
• Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution
  • Allow(28)
  • Arbitrary(26)
  • Code(400)
  • Could(65)
  • execution(116)
  • for(5179)
  • in(2447)
  • multiple(132)
  • PHP(175)
  • Vulnerabilities(210)
• Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution
  • Allow(28)
  • Arbitrary(26)
  • Code(400)
  • Could(65)
  • execution(116)
  • for(5179)
  • in(2447)
  • multiple(132)
  • PHP(175)
  • Vulnerabilities(210)
• GitHub – snyk/zip-slip-vulnerability: Zip Slip Vulnerability (Arbitrary file write through archive extraction)
  • Arbitrary(26)
  • Archive(160)
  • extraction(2)
  • File(134)
  • GitHub(873)
  • Slip(4)
  • snyk(15)
  • through(95)
  • Vulnerability(515)
  • Write(19)
  • zip(53)
  • zip-slip-vulnerability(1)
• GitHub – can1357/CVE-2018-8897: Arbitrary code execution with kernel privileges using CVE-2018-8897.
  • 1357(1)
  • 2018(1526)
  • 8897(3)
  • Arbitrary(26)
  • can(241)
  • Code(400)
  • CVE-(1427)
  • execution(116)
  • GitHub(873)
  • Kernel(80)
  • privileges(6)
  • using(213)
  • with(1607)
• Arbitrary code execution through unsanitized browser UI — Mozilla
  • Arbitrary(26)
  • browser(241)
  • Code(400)
  • execution(116)
  • Mozilla(462)
  • through(95)
  • UI(223)
  • unsanitized(1)
• Potential overwrite of arbitrary files on Linux
  • Arbitrary(26)
  • files(67)
  • Linux(1215)
  • of(3341)
  • on(1868)
  • overwrite(1)
  • potential(39)
• GitHub – edwardz246003/IIS_exploit: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If:
  • 2003(6)
  • 2016(235)
  • 246003(1)
  • 6.0(19)
  • allows(25)
  • Arbitrary(26)
  • As(303)
  • Attackers(12)
  • August(30)
  • beginning(11)
  • Buffer(37)
  • Code(400)
  • edwardz(1)
  • Execute(8)
  • Exploit(79)
  • Exploited(23)
  • Function(20)
  • GitHub(873)
  • Header(13)
  • HTTP(335)
  • If(39)
  • IIS(13)
  • in(2447)
  • INFORMATION(226)
  • Internet(694)
  • July(51)
  • Long(51)
  • Microsoft(4459)
  • or(98)
  • overflow(107)
  • PROPFIND(1)
  • Remote(203)
  • request(43)
  • ScStoragePathFromUrl(1)
  • Server(698)
  • Service(812)
  • Services(6355)
  • the(4365)
  • to(3295)
  • via(72)
  • WebDAV(2)
  • Wild(23)
  • Windows(3425)
  • with(1607)
• Vulnerability Note VU#582384 – Multiple Netgear routers are vulnerable to arbitrary command injection
  • 582384(1)
  • Arbitrary(26)
  • Are(214)
  • Command(76)
  • Injection(59)
  • multiple(132)
  • NETGEAR(37)
  • Note(304)
  • Routers(14)
  • to(3295)
  • VU(109)
  • Vulnerability(515)
  • vulnerable(40)
• oss-sec: CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege
  • Allow(28)
  • and(3289)
  • Arbitrary(26)
  • Code(400)
  • CVE-(1427)
  • Elevation(11)
  • execution(116)
  • installers(2)
  • of(3341)
  • oss-sec(64)
  • privilege(44)
  • TrueCrypt(3)
  • VeraCrypt(1)
  • Windows(3425)
  • with(1607)
• oss-sec: [oCERT-2015-009] VLC arbitrary pointer dereference
  • Arbitrary(26)
  • dereference(2)
  • oCERT(3)
  • oss-sec(64)
  • Pointer(6)
  • VLC(21)
• Vulnerability Note VU#685996 – GNU Wget creates arbitrary symbolic links during recursive FTP download
  • Arbitrary(26)
  • creates(11)
  • DOWNLOAD(68)
  • during(53)
  • FTP(59)
  • GNU(53)
  • Links(22)
  • Note(304)
  • recursive(1)
  • symbolic(2)
  • VU(109)
  • Vulnerability(515)
  • Wget(15)
• V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities | Department of Energy
  • Access(296)
  • and(3289)
  • Arbitrary(26)
  • Bypass(67)
  • Code(400)
  • core(397)
  • Department(91)
  • Drupal(141)
  • Energy(93)
  • execution(116)
  • of(3341)
  • PHP(175)
  • V-(10)
  • Vulnerabilities(210)
• V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code | Department of Energy
  • and(3289)
  • Arbitrary(26)
  • Buffer(37)
  • Code(400)
  • Department(91)
  • Energy(93)
  • Execute(8)
  • flaw(22)
  • Invalid(2)
  • Let(32)
  • of(3341)
  • overflow(107)
  • Pointer(6)
  • RealPlayer(6)
  • Remote(203)
  • Users(195)
  • V-(10)
• V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code | Department of Energy
  • apple(3294)
  • Arbitrary(26)
  • Code(400)
  • Department(91)
  • Energy(93)
  • Execute(8)
  • Flaws(10)
  • Let(32)
  • multiple(132)
  • of(3341)
  • QuickTime(24)
  • Remote(203)
  • Users(195)
  • V-(10)
• SA-CORE-2012-003 – Drupal core – Arbitrary PHP code execution and Information disclosure | drupal.org
  • and(3289)
  • Arbitrary(26)
  • Code(400)
  • core(397)
  • disclosure(47)
  • Drupal(141)
  • execution(116)
  • INFORMATION(226)
  • org(402)
  • PHP(175)
  • SA-CORE-(72)