The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.
A fix…
[awesome_spawn] OS Command Injection in awesome spawn
Awesome spawn prior to version 1.2.0 contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to …
[flatbuffers] Generated code can read and write out of bounds in safe code
Code generated by flatbuffers’ compiler is unsafe but not marked as such.
See https://github.com/google/flatbuffers/issues/6627 for details.
All users that use generated code by flatbuffers compiler are recommended to:
not expose flatbuffer generated …
[reportlab] XML Injection in ReportLab
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with ‘<span color=”‘ followed by arbitrary Python code.
References
https://nvd.nist.gov/vuln/detail/CVE-2019…
[org.apache.tapestry:tapestry-core] Deserialization of Untrusted Data in Apache Tapestry
By manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the w…
[org.jenkins-ci.main:jenkins-core] Improper Authorization in Jenkins
When creating temporary files, agent-to-controller access to create those files is only checked after they’ve been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-21693
https://www.je…
[org.jenkins-ci.main:jenkins-core] Missing Authorization in Jenkins
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-21689
https://www.jenkins.io/security/advisory/202…
[apache-airflow] Missing Authentication for Critical Function in Apache Airflow
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, infor…
[org.jenkins-ci.plugins:nuget] XML external entity vulnerability in Jenkins Nuget Plugin
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-21658
https://www.jenkins.io/security/advisory/2021-05-25/#SECURITY-2340
http://w…
[System.Drawing.Common] .NET Core Remote Code Execution Vulnerability
A remote code execution vulnerability exists when parsing certain types of graphics files. This vulnerability only exists on systems running on MacOS or Linux. This CVE ID is unique from CVE-2021-26701.
References
https://nvd.nist.gov/vuln/detail/CVE-…