A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘.NET F…
[pillow] Buffer Copy without Checking Size of Input in Pillow
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-5311
https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
https://access.redhat.com/er…
[swagger-ui] Improper Neutralization of Input During Web Page Generation in swagger-ui
swagger-ui has XSS in key names
References
https://nvd.nist.gov/vuln/detail/CVE-2016-1000229
https://access.redhat.com/errata/RHSA-2017:0868
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229
https://github.com/advisories/GHSA-h8wp-wgcq-qhrf
[org.jenkins-ci.plugins:script-security] Incorrect Authorization in Jenkins Script Security Plugin
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.
References
https://nvd.nist.gov/vu…
[red-arrow] Missing Initialization of Resource in Apache Arrow
It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized m…
[pyarrow] Missing Initialization of Resource in Apache Arrow
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby an…
[org.elasticsearch:elasticsearch] Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native re…
[org.apache.thrift:libthrift] Loop with Unreachable Exit Condition in Apache Thrift
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it af…
[org.sonatype.nexus:nexus-repository] Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-16530
https://issues.sonatype.org/secure/ReleaseNote.jspa
https://suppor…
[org.jolokia:jolokia-core] Cross-Site Request Forgery in Jolokia
A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote…