# 202411 ## cve api - [Vulnerability APIs](https://nvd.nist.gov/developers/vulnerabilities) - [NVD公開のREST APIを用いて脆弱性情報を取得する #Python - Qiita](https://qiita.com/riikunn_ryo/items/97e385ed0a78dc28534f) ``` % curl "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47575" | jq . % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4878 100 4878 0 0 2318 0 0:00:02 0:00:02 --:--:-- 2319 { "resultsPerPage": 1, "startIndex": 0, "totalResults": 1, "format": "NVD_CVE", "version": "2.0", "timestamp": "2024-11-04T11:29:46.623", "vulnerabilities": [ { "cve": { "id": "CVE-2024-47575", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-10-23T15:15:30.707", "lastModified": "2024-10-24T18:56:47.930", "vulnStatus": "Analyzed", "cveTags": [], "cisaExploitAdd": "2024-10-23", "cisaActionDue": "2024-11-13", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Fortinet FortiManager Missing Authentication Vulnerability", "descriptions": [ { "lang": "en", "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests." }, { "lang": "es", "value": "Una autenticación faltante para una función crítica en FortiManager 7.6.0, FortiManager 7.4.0 a 7.4.4, FortiManager 7.2.0 a 7.2.7, FortiManager 7.0.0 a 7.0.12, FortiManager 6.4.0 a 6.4.14, FortiManager 6.2.0 a 6.2.12, Fortinet FortiManager Cloud 7.4.1 a 7.4.4, FortiManager Cloud 7.2.1 a 7.2.7, FortiManager Cloud 7.0.1 a 7.0.13, FortiManager Cloud 6.4.1 a 6.4.7 permite a un atacante ejecutar código o comandos arbitrarios a través de solicitudes especialmente manipuladas." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 }, { "source": "psirt@fortinet.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "psirt@fortinet.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-306" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2.0", "versionEndExcluding": "6.2.13", "matchCriteriaId": "D7E60883-7F64-4C22-99F9-802A7623DAE0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4.0", "versionEndExcluding": "6.4.15", "matchCriteriaId": "D2AD66B0-9C99-4F83-80AA-B54E6354ADFD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.0.13", "matchCriteriaId": "37456E27-0EE2-4AF8-B92F-A5284FEC0409" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.2.0", "versionEndExcluding": "7.2.8", "matchCriteriaId": "01E63E1E-4084-4C73-862F-A4CC07914C23" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4.0", "versionEndExcluding": "7.4.5", "matchCriteriaId": "0666260A-1327-4C43-A841-04FB4459449C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0141F06A-F5FE-4DF3-B60E-DD76A1AD8A56" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4.1", "versionEndIncluding": "6.4.7", "matchCriteriaId": "5BB52FA5-7811-4123-8989-59369583F82F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.1", "versionEndExcluding": "7.0.13", "matchCriteriaId": "29B3A5F2-3121-4902-BBB6-8B4D07767F77" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.2.1", "versionEndExcluding": "7.2.8", "matchCriteriaId": "E3A26BF0-DF69-42F6-B9D8-D3BEE3DD352C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4.1", "versionEndExcluding": "7.4.5", "matchCriteriaId": "6E0BCF26-B311-4FFF-866B-3DCA14A26268" } ] } ] } ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423", "source": "psirt@fortinet.com", "tags": [ "Exploit", "Mitigation", "Vendor Advisory" ] } ] } } ] } ``` ``` % cat << EOF | xargs -p -t -I _ curl -s "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=_" | jq '.vulnerabilities[0].cve.descriptions[]|select(.lang == "en")' CVE-2024-47575 CVE-2024-9379 EOF curl -s https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47575?...y curl -s https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-9379?...y { "lang": "en", "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests." } { "lang": "en", "value": "SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements." } ``` ## [FrontPage - PukiWiki](https://home.wakatabe.com/ryo/wiki/) ## [GitHub - matvp91/superstreamer: An open, scalable, online streaming setup. All-in-one toolkit from ingest to adaptive video playback. Built for developers in need of video tooling.](https://github.com/matvp91/superstreamer) ## [AltStore](https://altstore.io/) - [GitHub - altstoreio/AltStore: AltStore is an alternative app store for non-jailbroken iOS devices.](https://github.com/altstoreio/AltStore) ## [Streamlit • A faster way to build and share data apps](https://streamlit.io/) ## [Black Ember FORGE MAX | Laptop Backpack For Men](https://blackember.com/collections/laptop-backpack-for-men//products/forge-max) ## [ss.nb](http://www.takuichi.net/hobby/edu/commu/ss/index.html) - スペクトラム拡散 ## [IPA(情報処理推進機構)が公開している資料が有益すぎる #Security - Qiita](https://qiita.com/KNR109/items/1fa6d697a936c54329c6) ## [Earth-Venus-Earth "Radar" experiment](https://www.qsl.net/dl4yhf/speclab/earth_venus_earth.htm) ## ハロン系消火剤について - ハロン1301 - 一臭化三ふっ化メタン - 窒息消火作用と負触媒作用による燃焼サイクルの抑制がある. - 臭素ラジカルが熱分解されたHやOHに作用し,BrHを形成,より活性なOHとBrHのHが結合し,H2OとBrとなる.Brは再びHと結合しこのサイクルが継続される.(負触媒効果) - つまり生成されるのは水蒸気 - フロンガスなどと同様オゾン層を破壊する特性をもつので,新規に配備される施設は限定されている(通信機器室,サーバ室,など) - 液体の入ったカプセルを投げるだけで消化できる製品もあるが,これの内容物は炭酸カリウムなどであり,このハロン系消火剤と同様の仕組みで消化する. - カリウムが負触媒となる. - ハロンddddとよく呼ばれるが,この数値は元素の数を示していると思われる. - 1234番目の数字がそれぞれC,F,Cl,Brの元素数に対応する. ## MoIPについて - SMPTE ST2110 - 動作仕様上時刻同期(PTP)が必要. - SMPTE ST2022-7 - 冗長性の確保のための規定 - 基本的には冗長系のすべてに対して同様のデータを送出し,早く受信したデータ(?)を採用することで冗長性を担保する. - マルチキャストを用いるケースが増えてきている. - IGMP, PIMなどのプロトコルの理解が必要 ## グライドスロープ,ローカライザ等の計器着陸系のしくみ - GL - LOC - VOR - DME ## [VMware Fusion and Workstation are Now Free for All Users - VMware Cloud Foundation (VCF) Blog](https://blogs.vmware.com/cloud-foundation/2024/11/11/vmware-fusion-and-workstation-are-now-free-for-all-users/) ## [片手で持てる世界一小さいアウトドアヒーター | ギズモード・ジャパン](https://www.gizmodo.jp/2024/11/shank_heater_olive.html) ## みえないトラシューで切り分けしていくコツ - トラブルがないものと比較できる(比較対象が存在する場合)は比較する. - トライアンドエラーするなら小さいドメインからやっていく.いきなり大きく買えると何が変化要因(根本原因)であったかが不明となる. ## [GitHub - cisagov/CSAF: CISA CSAF Security Advisories](https://github.com/cisagov/CSAF) ## [BAOFENG用のBluetoothスピーカーマイクを色々な無線機で利用するプロジェクト | のびぞう工房の物欲の日々](https://gakkun.net/2024/11/24/bangfen%e7%94%a8%e3%81%aebluetooth%e3%82%b9%e3%83%94%e3%83%bc%e3%82%ab%e3%83%bc%e3%83%9e%e3%82%a4%e3%82%af%e3%82%92%e8%89%b2%e3%80%85%e3%81%aa%e7%84%a1%e7%b7%9a%e6%a9%9f%e3%81%a7%e5%88%a9%e7%94%a8/) ## [あなたが癌になった時に最初に知ってほしい事](https://anond.hatelabo.jp/20241128012228) ## [ギロチンカット制約を有する板取り問題への イジングマシンの適用 | 技術開発とイノベーション | AGC](https://www.agc.com/innovation/library/detailhtml/1201558_4283.html) ## [hermitage akihabara [エルミタージュ秋葉原] -アキバ最新情報サイト-](https://www.gdm.or.jp/) ## [自分を必要以上に過小評価することは、あなたを認めてくれている人にとっても失礼だよって話 - そーだいなるらくがき帳](https://soudai.hatenablog.com/entry/2022/10/27/181023)