[go: up one dir, main page]

Open Source Security Mailing List

Discussion of security flaws, concepts, and practices in the Open Source community

List Archives

Latest Posts

Fwd: wget-1.25.0 released [fixes CVE-2024-10524] Alan Coopersmith (Nov 18)
The JFrog Security Research Team has posted about this vulnerability in:
https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/

They say:

"The vulnerability, later assigned CVE-2024-10524, may lead to various types of
attacks – including phishing, SSRF, and MiTM. These attacks can have severe
consequences such as resource restriction bypass and sensitive information
exposure."

and

"It has been discovered...

CVE-2024-31141: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Greg Harris (Nov 18)
Severity: moderate

Affected versions:

- Apache Kafka Clients 2.3.0 through 3.5.2
- Apache Kafka Clients 3.6.0 through 3.6.2
- Apache Kafka Clients 3.7.0 through 3.7.1

Description:

Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka
Clients.

Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order
to manipulate these...

CVE-2024-52318: Apache Tomcat: Incorrect JSP tag recycling leads to XSS Mark Thomas (Nov 18)
Severity: important

Affected versions:

- Apache Tomcat 11.0.0
- Apache Tomcat 10.1.31
- Apache Tomcat 9.0.96

Description:

Incorrect object recycling and reuse vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.

Users are recommended to upgrade to version 11.0.1, 10.1.33 or 9.0.97,
which fixes the issue.
Note: 10.1.32 includes the fix but was not released

References:...

CVE-2024-52317: Apache Tomcat: Request/response mix-up with HTTP/2 Mark Thomas (Nov 18)
Severity: important

Affected versions:

- Apache Tomcat 11.0.0-M23 through 11.0.0-M26
- Apache Tomcat 10.1.27 through 10.1.30
- Apache Tomcat 9.0.92 through 9.0.95

Description:

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat.
Incorrect recycling of the request and response used by HTTP/2 requests
could lead to request and/or response mix-up between users.

This issue affects Apache Tomcat: from 11.0.0-M23 through...

CVE-2024-52316: Apache Tomcat: Authentication bypass when using Jakarta Authentication API Mark Thomas (Nov 18)
Severity: low

Affected versions:

- Apache Tomcat 11.0.0-M1 through 11.0.0-M26
- Apache Tomcat 10.1.0-M1 through 10.1.30
- Apache Tomcat 9.0.0-M1 through 9.0.95

Description:

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is
configured to use a custom Jakarta Authentication (formerly JASPIC)
ServerAuthContext component which may throw an exception during the
authentication process without explicitly setting an HTTP...

Re: shell wildcard expansion (un)safety Sean Whitton (Nov 17)
Hello,

This essay and related ones on your website are invaluable for people
trying to write POSIX sh. I certainly found them so.

Re: PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21 Solar Designer (Nov 16)
If someone in here contributes to or follows PostgreSQL development or
announcements (which I normally don't), I'd appreciate if if they start
bringing the relevant announcements to here. Ditto for other projects.

Turns out these releases caused two regressions and there "is planning
for an out-of-cycle release on November 21, 2024" to address them:...

PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21 Solar Designer (Nov 16)
Hi,

As announced in:

https://www.postgresql.org/about/news/postgresql-171-165-159-1414-1317-and-1221-released-2955/
https://www.postgresql.org/message-id/173159332163.1547975.13346191756810493274%40wrigleys.postgresql.org

new PostgreSQL updates to all supported versions fix 4 CVEs and 35
non-security bugs.

CVE-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes (CVSS 4.2)
CVE-2024-10977 PostgreSQL libpq retains...

CVE-2024-41151: Apache HertzBeat: RCE by notice template injection vulnerability Chao Gong (Nov 16)
Severity: moderate

Affected versions:

- Apache HertzBeat before 1.6.1

Description:

Deserialization of Untrusted Data vulnerability in Apache HertzBeat.

This vulnerability can only be exploited by authorized attackers.

This issue affects Apache HertzBeat: before 1.6.1.

Users are recommended to upgrade to version 1.6.1, which fixes the issue.

Credit:

Li Yi Wei (finder)
Elin Kai (finder)

References:...

CVE-2024-45791: Apache HertzBeat: Exposure sensitive token via http GET method with query string Chao Gong (Nov 16)
Severity: low

Affected versions:

- Apache HertzBeat before 1.6.1

Description:

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat: before 1.6.1.

Users are recommended to upgrade to version 1.6.1, which fixes the issue.

Credit:

Ícaro Torres (finder)

References:

https://www.cve.org/CVERecord?id=CVE-2024-45791

CVE-2024-45505: Apache HertzBeat (incubating): Exists Native Deser RCE and file writing vulnerabilities Chao Gong (Nov 16)
Severity: moderate

Affected versions:

- Apache HertzBeat (incubating) before 1.6.1

Description:

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat
(incubating).

This vulnerability can only be exploited by authorized attackers.
This issue affects Apache HertzBeat (incubating): before 1.6.1.

Users are recommended to upgrade to version 1.6.1, which fixes the issue....

CVE-2024-47208: Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE Jacques Le Roux (Nov 16)
Severity: important

Affected versions:

- Apache OFBiz before 18.12.17

Description:

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache
OFBiz.

This issue affects Apache OFBiz: before 18.12.17.

Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Credit:

孙相 (Sun Xiang) (finder)

References:

https://ofbiz.apache.org/download.html...

CVE-2024-48962: Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) Jacques Le Roux (Nov 16)
Affected versions:

- Apache OFBiz before 18.12.17

Description:

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization
of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.17.

Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Credit:

Sebastiano Sartor <s () sebsrt...

Re: shell wildcard expansion (un)safety Steffen Nurpmeso (Nov 15)
Solar Designer wrote in
<20241108001759.GA15331 () openwall com>:
|On Thu, Nov 07, 2024 at 10:41:59PM +0100, Steffen Nurpmeso wrote:
|> Steffen Nurpmeso wrote in
|> <20241107210420.v7ZcHYHZ@steffen%sdaoden.eu>:
|>|Solar Designer wrote in
|>| <20241107041658.GA10363 () openwall com>:
|>||On Thu, Nov 07, 2024 at 01:08:19AM +0100, Steffen Nurpmeso wrote:
|>||> To add that the POSIX core developers...

CVE-2024-45784: Apache Airflow: Sensitive configuration values are not masked in the logs by default Ephraim Anierobi (Nov 14)
Severity: moderate

Affected versions:

- Apache Airflow before 2.10.3

Description:

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in
task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration
variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to
compromise the...

More Lists

Dozens of other network security lists are archived at SecLists.Org.