Security assessment and information provision

This site provides information on security and offers web audit tools.

Annoucement Show List

NVD Vulnerability Information NVD Vulnerability Search Top

Update Date":May 18, 2024, 8:37 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	7.2	HIGH Network	-	-	The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it … New	-	CVE-2024-4709	2024-05-18 17:15	2024-05-18
2	6.4	MEDIUM Network	-	-	The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it possibl… New	-	CVE-2024-4698	2024-05-18 17:15	2024-05-18
3	7.5	HIGH Network	-	-	The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including, 5… New	-	CVE-2024-2782	2024-05-18 17:15	2024-05-18
4	6.4	MEDIUM Network	-	-	The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it possib… New	-	CVE-2024-2772	2024-05-18 17:15	2024-05-18
5	9.8	CRITICAL Network	-	-	The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it… New	-	CVE-2024-2771	2024-05-18 17:15	2024-05-18
6	6.4	MEDIUM Network	-	-	The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor… New	-	CVE-2024-4849	2024-05-18 15:15	2024-05-18
7	7.5	HIGH Network	-	-	The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute ar… New	-	CVE-2024-3812	2024-05-18 15:15	2024-05-18
8	6.4	MEDIUM Network	-	-	The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated att… New	-	CVE-2024-3811	2024-05-18 15:15	2024-05-18
9	8.8	HIGH Network	-	-	The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrar… New	-	CVE-2024-3810	2024-05-18 15:15	2024-05-18
10	6.4	MEDIUM Network	-	-	The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for au… New	-	CVE-2024-4891	2024-05-18 14:15	2024-05-18

JVN Vulnerability Information JVN Vulnerability Search Top

Update Date:Feb. 5, 2024, 11:32 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	7	重要 Local	Canonical Linux	Ubuntu Linux Kernel	Linux の Linux Kernel 等複数ベンダの製品における解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2022-2602	2024-02-5 11:24	2022-10-19
2	7.8	重要 Local	Canonical Linux	Ubuntu Linux Kernel	Linux の Linux Kernel 等複数ベンダの製品における二重解放に関する脆弱性	CWE-415 二重解放	CVE-2022-2588	2024-02-5 11:09	2022-08-9
3	7.8	重要 Local	Canonical Linux	Ubuntu Linux Kernel	Linux の Linux Kernel 等複数ベンダの製品における解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2022-2586	2024-02-5 11:02	2022-08-9
4	5.5	警告 Local	fortanix	confidential computing manager	fortanix の Intel Software Guard Extensions 用 confidential computing manager における脆弱性	CWE-noinfo 情報不足	CVE-2023-38021	2024-02-2 17:01	2023-12-30
5	5.5	警告 Local	fortanix	confidential computing manager	fortanix の Intel Software Guard Extensions 用 confidential computing manager における脆弱性	CWE-noinfo 情報不足	CVE-2023-38022	2024-02-2 17:01	2023-12-30
6	5.5	警告 Local	scontain	scone	scontain の scone における脆弱性	CWE-noinfo 情報不足	CVE-2023-38023	2024-02-2 17:01	2023-12-30
7	7.2	重要 Network	oretnom23	house rental management system	oretnom23 の house rental management system における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2024-0502	2024-02-2 17:01	2024-01-13
8	7.5	重要 Network	newtonsoft	json.net	newtonsoft の json.net における例外的な状態の処理に関する脆弱性	CWE-755 例外的な状態における不適切な処理	CVE-2024-21907	2024-02-2 17:01	2024-01-3
9	5.5	警告 Local	アップル	iPadOS iOS	複数のアップル製品における脆弱性	CWE-noinfo 情報不足	CVE-2022-46710	2024-02-2 16:58	2022-12-13
10	7.8	重要 Local		-	アップルの macOS における脆弱性	CWE-noinfo 情報不足	CVE-2022-46721	2024-02-2 16:58	2022-10-24

Version update history excerpt Go To Version Update History

Target Period : 2024-05-12 〜 2024-05-19

No	Name	Genre	Version	Release date	Security Fix	Release Information
1	New!! MariaDB 10.4	database	10.4.34	2024-05-16	Unknown	Show
2	New!! MariaDB 10.5	database	10.5.25	2024-05-16	Yes	Show
3	New!! MariaDB 10.6	database	10.6.18	2024-05-16	Yes	Show
4	New!! UIkit 3	framework	3.20.10	2024-05-13	Unknown	Show

Support Expiration Date Go to Support Expiration Information

Target Period : 2024-04-01 〜 2024-08-31

No	Name	Normal Support	Security Support	Extended Support
1	Ubuntu 16.04 LTS	2021-04-30		2024-04-30
2	Django3.2 LTS	2021-12-31		2024-04-30
3	Node.js 16 (LTS)	2022-10-18	2024-04-30
4	MongoDB 4.4	2024-04-30
5	Ubuntu 23.04	2024-04-30
6	Fedora 38	2024-05-14
7	Angular 15	2023-05-18	2024-05-18
8	Linux Kernel 5.18	2024-05-25
9	CentOS 6	2017-03-31	2020-11-30	2024-06-30
10	Red Hat Enterprise Linux 6	2022-05-10	2020-11-30	2024-06-30
11	Red Hat Enterprise Linux 7	2020-08-6	2024-06-30
12	FreeBSD 12	2024-06-30
13	MariaDB 11.0	2024-06-30
14	SQL Server 2014 Service Pack 3	2019-07-9		2024-07-9
15	CentOS 7	2020-12-31	2024-07-30

2024-5-18 JST

media_news

No	Name	URL	Excerpt Of Changes	Tag
1	ScanNetSecurity	https://scan.netsecurity.ne.jp/	2024.05.18（土）,SECON 2024 レポート：最先端のサイバーフィジカルシステムを体感,NRIセキュア研修コンテンツ「セキュアEggs」基礎編オンデマンド提供、30日間アクセス可,検診車で実施した胸部レントゲン検診が対象、川口市の集団検診業務委託先へランサムウェア攻撃,検診車で実施した胸部レントゲン検診が対象、川口市の集団検診業務委託先へランサムウェア攻撃,NRIセキュア研修コン ...	Japanese News Information Provision
2	Security Intelligence	https://securityintelligence.com/	Artificial Intelligence,May 17, 2024,How a new wave of deepfake-driven cybercrime targets businesses,5,min read,-,As deepfake attacks on businesses dominate news headlines, detection experts are gathe ...	English News Foreign Country Information Provision
3	TechTarget Japan	https://techtarget.itmedia.co.jp/tt/security/	GoFetch攻撃の手口と対策【後編】,秘密鍵が盗まれる「Appleシリコンの脆弱性」は修正困難……苦肉の策とは？,Macから秘密鍵を盗み取る攻撃「GoFetch」は、SoC「M」シリーズの脆弱性を突くものだ。この脆弱性はマイクロアーキテクチャの欠陥に起因するため、簡単に修正する方法はないという。どのような対策があるのか。,MacやiPhoneを標的にする「Spectre」「Meltdown」の亡 ...	Japanese News Information Provision
4	www.scmagazine.com	https://www.scmagazine.com/	Today’s columnist, David Balaban of Privacy-PC, outlines 10 ways security teams can better manage software supply chain risks. (Adobe Stock),Ten ways to minimize software supply chain risks,David,Bala ...	English News Foreign Country Information Provision
5	ZDNet Japan Security	https://japan.zdnet.com/security/	カスペルスキー、法人向けセキュリティ製品を刷新--EDRを標準搭載,2024-05-17 16:33,Dropbox、所定の監査および審査を経てISMAPに登録,2024-05-17 14:08,「Chrome」に新たなゼロデイ脆弱性、グーグルが修正--「Edge」にも影響,2024-05-17 09:48,企業のセキュリティ対策は生成AI活用などで改善傾向に--Splunk調査,「Chrome」 ...	Japanese News Information Provision
6	CyberSecurity.com	https://cybersecurity-jp.com/	2024/05/17,メール誤送信で380件のアドレス漏えい│生活クラブ埼玉,2024/05/17,アプリ誤設定でグループ会社顧客情報漏えいか│知多メディアスネットワーク,開催日：,6/19(水)本音で語る！セキュリティチェックシートでの情報開示対応と課...,情報漏洩は防げない！株式会社ZenmuTechの秘密分散技術とは？,2024/05/17	Japanese News Company Blog Information Provision

security_company

No	Image	Name	URL	Excerpt Of Changes	Tag
1		NTT DATA INTELLILINK Corporation	http://www.intellilink.co.jp/	2024年5月17日更新,2024年6月10日開催,株式会社NTTデータニューソン×NTTデータ先端技術株式会社共同セミナー「Webサイト運用の成功に向けたSitecore機能・運用方法のご紹介」を開催,2024年6月10日開催,2024.05.17 更新,株式会社NTTデータニューソン×NTTデータ先端技術株式会社共同セミナー「Webサイト運用の成功に向けたSitecore機能・運 ...	Japanese Web Audit Network Audit Major Company Source Code Audit Smartphone Audit Smartphone Audit Consulting Consulting Education Endpoint Detection and Response(EDR) Pentest Security enhancement support Requirements Consulting SOC Support for PCIDSS
2		Cyber Security Cloud , Inc.	https://www.cscloud.co.jp/	2024.05.17,イベント・セミナー,【一般社団法人テレコム協会共催オンラインセミナー】セミナーに登壇します,2024.05.17,プレスリリース,サイバーセキュリティクラウド主催イベント「Cloud Security Day 2024 ～企業のミライに繋ぐこれからのAWSセキュリティ～」が 5月28日に開催	Japanese Tools WAF Cloud

organization

No	Image	Name	URL	Excerpt Of Changes	Tag
1		JPCERT/CC	https://www.jpcert.or.jp/	2024-05-17 14:00,OpenSSLにおけるサービス運用妨害（DoS）の脆弱性（Security Advisory [16th May 2024]）,2024-05-17 12:00,WordPress用プラグインDownload Plugins and Themes from Dashboardにおけるパストラバーサルの脆弱性,2024-05-17 11:00,Rockwell Au ...	Japanese Organization Government Incident Response

vulnerability_notification_site

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Packet Storm	https://packetstormsecurity.com/	Critical Flaw In AI Python Package Can Lead To System And Data Compromise,EU Probes Meta Over Its Provisions For Protecting Children,Google Patches 3rd Chrome Browser Zero Day Inside Of A Week,Microso ...	English News Tools Foreign Country Hacking Exploit
2		Vulnerability countermeasure information database	https://jvndb.jvn.jp/index.html	最終更新日：2024/05/17,現在の登録件数：206971件,2024/05/17,Update,JVNDB-2023-000098,e-Gov電子申請アプリケーションにおける Custom URL Scheme の処理にアクセス制限不備の脆弱性,4.3（警告）,2024/05/17,Update,JVNDB-2021-002264,三菱電機製 MELSEC iQ-R シリーズ CPU ユニッ ...	Japanese News Organization Government Windows Linux/Unix Mac OS Information Provision