When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters …
[org.apache.openmeetings:openmeetings-parent] Apache OpenMeetings responds to insecure HTTP methods
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-7685
http://markmail.org/message/uxk4bpq35svnyjhb
http://www.securityfocus.com/bid/99592
http…
[org.apache.nifi:nifi] Improper Authentication In Apache NiFi
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the “anonymous” user.
References
https://nvd.nist.gov/vuln/detail/…
[com.nimbusds:nimbus-jose-jwt] Nimbus JOSE+JWT vulnerable to padding oracle attack
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-12973
https://bitbu…
[pyjwt] PyJWT vulnerable to key confusion attacks
In PyJWT 1.5.0 and below the invalid_strings check in HMACAlgorithm.prepare_key does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string —–BEGIN RSA PUBLIC K…
[puppet] Tarball permission preservation in puppet
When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user’s umask.
When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentia…
[Electron] Electron vulnerable to URL spoofing via PDFium
Electron version 1.7.0 – 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-1000424
https://github.com/electron/ele…
[org.jvnet.hudson.plugins:ssh] Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
References
https://nvd.nist.gov/vuln/detail/CVE-20…
[org.opencastproject:opencast-kernel] Opencast has Incorrect Permission Assignment
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access r…
[org.jboss.ws:jbossws-common] JBossWS vulnerable to uncontrolled recursion
DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOC…