Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including “$simple{}” in a CamelFileName message header to a (1) FILE or (2) FTP producer.
Ref…
[org.apache.httpcomponents:httpclient] Hostname verification in Apache HttpClient 4.3 was disabled by default
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
References
https://nv…
[mysql-connector-python] Improper Access Control in MySQL Connector Python
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with netwo…
[Microsoft.NETCore.App] Tampering vulnerability in .NET Core
A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka “.NET Core Tampering Vulnerability.” This affects .NET Core 2.1.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-8416
https://access.redhat.com/errata…
[TelerikMvcExtensions] Improper Access Control in Telerik Extensions
Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server’s web directory. NOTE: this product has been obsolete since June 2013.
References
https://nvd.nist.gov/…
[org.jenkins-ci.main:jenkins-core] Missing Authorization in Jenkins
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of…
[org.elasticsearch:elasticsearch] Improper Access Control in Elasticsearch
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security…
[com.itextpdf:itextpdf] Improper Restriction of XML External Entity Reference in iText
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-9096
…
[lxml] Improper Neutralization of Input During Web Page Generation in LXML
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by “j a v a s c r i p t:” in Internet …
[io.undertow:undertow-core] Exposure of Sensitive Information to an Unauthorized Actor in Undertow
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain d…