An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe…
[numpy] Numpy missing input validation
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-128…
[supervisor] Incorrect Default Permissions in Supervisor
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups…
[puppet] Tarball permission preservation in puppet
When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user’s umask.
When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentia…
Windows LSAの活発な悪用を確認、確認と更新を
米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA:Cybersec…
[SharpZipLib] Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as ‘Zip-Slip’.
Refer…
[io.undertow:undertow-core] Uncontrolled Resource Consumption in Undertow
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-1…
[org.infinispan:infinispan-core] Deserialization of Untrusted Data in Infinispan
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of …
[ipython] Improper Neutralization of Input During Web Page Generation in IPython
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
References
https://nvd.nist.gov/vuln/detail/CVE-2015-4…
[passenger] Phusion Passenger information disclosure
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a…