An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper be…
[openssl-src] Read buffer overruns processing ASN.1 strings
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the str…
[org.owasp:csrfguard] Cross-Site Request Forgery in OWASP CSRFGuard
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-28490
https://github.com/reidmefirst/vuln-disclosure/blob/main/2021-01.txt
ht…
[mongors] Exposure of Sensitive Information to an Unauthorized Actor in MongoDB Rust Driver
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user’s logging infrastructure could then potentially ingest thes…
[org.neo4j:neo4j-kernel] Improper Privilege Management in Neo4j Graph Database
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 could allow authenticated users to execute commands with elevated privileges.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-34802
https://neo4j….
[hermes-engine] Use After Free in Hermes
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the applica…
[org.jboss:jboss-ejb-client] Exposure of Sensitive Information to an Unauthorized Actor in JBoss EJB Client
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
References
ht…
[salt] Command Injection in SaltStack Salt
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and…
[@azure/ms-rest-nodeauth] Improper Privilege Management in Azure ms-rest-nodeauth
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
References
https://nvd.nist.gov/vuln/detail/CVE-2021-28458
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28458
https://github.com/advisories/GHSA-qpfw-4m…
[io.fabric8:kubernetes-client] Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threa…