The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups…
[puppet] Tarball permission preservation in puppet
When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user’s umask.
When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentia…
[SharpZipLib] Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as ‘Zip-Slip’.
Refer…
[io.undertow:undertow-core] Uncontrolled Resource Consumption in Undertow
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-1…
[org.infinispan:infinispan-core] Deserialization of Untrusted Data in Infinispan
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of …
[ipython] Improper Neutralization of Input During Web Page Generation in IPython
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
References
https://nvd.nist.gov/vuln/detail/CVE-2015-4…
[passenger] Phusion Passenger information disclosure
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a…
[org.apache.camel:camel-core] Improper Control of Generation of Code in Apache Camel
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including “$simple{}” in a CamelFileName message header to a (1) FILE or (2) FTP producer.
Ref…
[org.apache.httpcomponents:httpclient] Hostname verification in Apache HttpClient 4.3 was disabled by default
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
References
https://nv…
[mysql-connector-python] Improper Access Control in MySQL Connector Python
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with netwo…