Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the n…
[opencc] Open Chinese Convert subject to Denial of Service via Out-of-bounds Read
Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file.
References
https:…
[org.apache.struts:struts2-core] Code injection due to conversion error
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
Refe…
[org.eclipse.rdf4j:rdf4j] RDF4J vulnerable to zip slip
RDF4J prior to 2.5.0 allows Directory Traversal via ../ in an entry in a ZIP archive.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-20227
https://github.com/eclipse/rdf4j/issues/1210
https://github.com/eclipse/rdf4j/pull/1211/commits/df15a4d7a8…
[league/commonmark] PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writ…
[com.sonyericsson.hudson.plugins.rebuild:rebuild] Cross-site Scripting in Jenkins Rebuilder Plugin
A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in
RebuildAction/BooleanParameterValue.jelly,
RebuildAction/ExtendedChoiceParameterValue.jelly,
RebuildAction/FileParameterValue.jelly,
RebuildAction/LabelP…
[org.apache.tomee:tomee-webapp] Apache TomEE console vulnerable to Cross-site Scripting
The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles d…
[org.apache.portals.pluto:pluto-container] Exposure of Sensitive Information in Apache Pluto
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attack…
[org.apache.solr:solr-core] Apache Solr Kerberos delegation token functionality flaws
Apache Solr’s Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider…
[org.apache.tomcat:tomcat] Inconsistent documentation in Apache Tomcat
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script t…