The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs. The path normalization logic implemented in the PathResource class and introduced in Jetty versions 9.3.x can be defeated by requesting malicious URLs containing specific escaped characters. Leveraging on this weakness, a malicious user can gain access to protected resources (e.g. WEB-INF and META-INF folders and their contents) and defeat application filters or other security constraints implemented in the servlet configuration. Versions 9.3.0 through 9.3.8 are affected.
3ad5a064d05179a59a4a0dec382ab56bGaneti, an open source virtualization manager, suffers from multiple issues in its RESTful control interface (RAPI). The distributed replicated storage (DRBD) secret is leaked by the RAPI interface when job results are requested. Leveraging on the knowledge of this secret, a malicious user who had already gained access to the storage network of the cluster can retrieve instance data more easily and reliably. The RAPI interface is also vulnerable to a denial of service condition, triggered via SSL parameter renegotiation issued by a malicious client. The condition leads to resource exhaustion on the master node. Many versions are affected.
cf40eb20cfed9c8df94e59272faa5c8cPyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.
d27e2dac83345eabf472e84ed7130b4aVLC versions 2.2.1 and below suffer from an arbitrary pointer dereference vulnerability.
b675d1c081b164ab9ed97daca168dffdThe FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS. Versions equal to and below 2.2.7 and 3.0.8 are affected.
cafe48b37985ba8edab19c239d413d59A vulnerability has been reported concerning the impossibility for MySQL users (with any major stable version) to enforce an effective SSL/TLS connection that would be immune from man-in-the-middle (MITM) attacks performing a malicious downgrade. Versions 5.7.2 and below are affected.
a6136100e6e6ea5f0710410938e328f3The e2fsprogs package is a set of open source utilities for ext2, ext3 and ext4 filesytems. The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability. Versions prior to 1.42.12 are affected.
e869d40ab54c548d2ad978b7cd2d1ffbThe JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. Versions 1.900.1 and below are affected.
e3087007c53b9ae60d360e8c8ae013cbUnZip versions 6.0 and below suffer from multiple heap-based buffer overflow vulnerabilities.
66cf95c1412baffc97b43c0603b6fd01SoX versions 14.4.1 and below suffer from multiple heap-based buffer overflow vulnerabilities.
ed1384b49a88c40f7d981123c9d8c485The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file, can be used to trigger the vulnerabilities. Versions 1.900.1 and below are affected.
ae9af40b3ff98367b3b41c09d2eaca06The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by two heap-based buffer overflows which can lead to arbitrary code execution. The vulnerability is present in functions jpc_dec_cp_setfromcox() and jpc_dec_cp_setfromrgn(). A specially crafted jp2 file, can be used to trigger the overflows. Versions 1.900.1 and below are affected.
e661c4bbb6e9abe2278116196e0c0c2dThe libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC decoder. Versions 1.3.0 and below are affected.
d6cee771a96d43f4b03022c735b7f36fLibVNCServer versions 0.9.9 and below suffer from memory management handling, buffer overflow, and denial of service vulnerabilities.
3edd9950bea6daeef70506c903175db0Ganeti versions 2.10.0 through 2.10.6 and 2.11.0 through 2.11.4 suffer from an insecure file permission vulnerability that leads to sensitive information disclosure.
ee9d1bce9cd141e0b60cd6046fc494c6Insufficient input sanitization on the parameters passed to the application web gui leads to arbitrary command injection on the LPAR2RRD application server. Versions 4.53 and below and 3.5 and below are affected.
e3919dedeede8255532d7778ccce579aThe Ansible platform suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables. Versions 1.6.6 and below are affected.
32424d10f6db1daafea5df4630bedab2LibYAML versions 0.1.5 and below are affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow.
ac045385785224679f4d12e08802ffedThe Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing (JAXP) which supports a secure processing feature for interpretive and XSLCT processors. The intent of this feature is to limit XSLT/XML processing behaviours to "make the XSLT processor behave in a secure fashion". It has been discovered that the secure processing features suffers from several limitations that undermine its purpose. Versions 2.7.0 and above are affected.
d274ff5f63281d441f0f9514f291ddb7MantisBT versions greater than and equal to 1.1.0a4 and versions equal to and below 1.2.5 suffer from a remote SQL injection vulnerability.
1d5bfa60d9a83d54f7a8e1362951ef74The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user executing the extraction, outside the current working directory. This behavior is triggered when the option 'Keep directory structure' is selected from the application 'Extract' dialog.
d21ae9055b8c07918c41455c9d27f90dA variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue is similar to the one reported in oCERT-2011-003 and concerns the MurmurHash algorithm family. The condition for predictable collisions in the hashing functions has been reported for the following language implementations: JRuby (MurmurHash2), Ruby (MurmurHash2), Rubinius (MurmurHash3), Oracle JDK (MurmurHash), OpenJDK (MurmurHash). In the case of Java OpenJDK the hash function affected by the reported issue is not enabled by default, the default function is however reported vulnerable to oCERT-2011-003.
173a950b56d5f7bd4eef0ced98b0cc28A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.
22dd5e111e5c4f6aa908cc54c3e0e83aThe libavcodec library, an open source video encoding/decoding library part of the FFmpeg and Libav projects, performs insufficient boundary check against a buffer index. The missing check can result in arbitrary read/write of data outside a destination buffer boundaries. The vulnerability affects the Chinese AVS video (CAVS) file format decoder, specially crafted CAVS files may lead to arbitrary code execution during decoding.
5972a65dc973e40b0d9708a977ed364dChyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.
d2e9d03bb363c9b30358d7e88edeeb59
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed