Lucene search
+L

180 matches found

Cvelist
Cvelist
added 2021/02/16 5:35 p.m.36 views

CVE-2021-21316 Arbitrary code execution in less-openui5

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

6.3CVSS7.8AI score0.00988EPSS
Exploits0References5
OSV
OSV
added 2021/02/03 7:16 p.m.11 views

GHSA-F62V-XPXF-3V68 Code injection in Apache Ant

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

7.5CVSS6.8AI score0.08235EPSS
Exploits0References22
OPENSUSE Linux
OPENSUSE Linux
added 2021/01/29 12:0 a.m.43 views

Security update for go1.15 (moderate)

openSUSE Security Update: Security update for go1.15 Announcement ID: openSUSE-SU-2021:0192-1 Rating: moderate References: 1175132 1181145 1181146 Cross-References: CVE-2021-3114 CVE-2021-3115 Affected Products: openSUSE Leap 15.2 An update that solves two vulnerabilities and has one errata is no...

7.5CVSS8.4AI score0.06497EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/01/27 12:0 a.m.32 views

SUSE SLED15 / SLES15 Security Update : go1.14 (SUSE-SU-2021:0222-1)

This update for go1.14 fixes the following issues : Go was updated to version 1.14.14 bsc1164903. Security issues fixed : CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic bsc1181145. CVE-2021-3115: Fixed a potential arbitrary code execution in the build process...

7.5CVSS7.7AI score0.06497EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2021/01/27 12:0 a.m.31 views

SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:0223-1)

This update for go1.15 fixes the following issues : Go was updated to version 1.15.7 bsc1175132. Security issues fixed : CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic bsc1181145. CVE-2021-3115: Fixed a potential arbitrary code execution in the build process...

7.5CVSS7.7AI score0.06497EPSS
Exploits0References8
OSV
OSV
added 2020/12/02 12:54 p.m.4 views

SUSE-SU-2020:3599-1 Security update for python-pip

This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package bsc1176262, CVE-2019-20916. - Make wheel a separate build run to avoid the setuptools/wheel build cycle...

7.5CVSS7.5AI score0.03028EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/11/05 6:47 p.m.5 views

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS7.2AI score0.01808EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/11/03 12:0 a.m.44 views

EulerOS 2.0 SP2 : ant (EulerOS-SA-2020-2327)

According to the version of the ant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several...

6.3CVSS7.2AI score0.01808EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/10/01 8:15 p.m.40 views

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

7.5CVSS7.1AI score0.08235EPSS
Exploits0References2
CVE
CVE
added 2020/10/01 7:24 p.m.319 views

CVE-2020-11979

CVE-2020-11979 affects Apache Ant 1.10.8. The mitigation for CVE-2020-1945 changed temp-file permissions, but the fixcrlf task deleted the temp file and recreated it without protection, enabling an attacker to inject modified source files during builds. Connected advisories confirm the issue and ...

7.5CVSS6.9AI score0.08235EPSS
Exploits0References19Affected Software1
Debian CVE
Debian CVE
added 2020/10/01 7:24 p.m.52 views

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

7.5CVSS7.7AI score0.08235EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/09/28 12:0 a.m.42 views

EulerOS 2.0 SP3 : ant (EulerOS-SA-2020-2132)

According to the version of the ant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several...

6.3CVSS7.2AI score0.01808EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2020/09/14 6:13 p.m.65 views

Sensitive Data Exposure in Apache Ant

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS2.7AI score0.01808EPSS
Exploits0References54Affected Software1
OpenVAS
OpenVAS
added 2020/09/04 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for ant (EulerOS-SA-2020-1915)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS7.1AI score0.01808EPSS
Exploits0References2
Veracode
Veracode
added 2020/05/15 5:16 a.m.39 views

Insecure Temporary Directory

ant uses an insecure temporary directory. The system property java.io.tempdir causes insecure permissions to be set on a directory, allowing local users to access the temporary directory or write arbitrary files into it. This could also lead to an attacker injecting modified source files into the...

6.3CVSS4.1AI score0.01808EPSS
Exploits0References91Affected Software4
OSV
OSV
added 2020/05/14 4:15 p.m.10 views

UBUNTU-CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS6.7AI score0.01808EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/05/14 3:57 p.m.33 views

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

7AI score0.01808EPSS
Exploits0References52
AlpineLinux
AlpineLinux
added 2020/05/14 3:57 p.m.54 views

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS7.2AI score0.01808EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/05/14 3:57 p.m.31 views

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS7AI score0.01808EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/05/14 12:0 a.m.34 views

Apache Ant leaks sensitive information via the java.io.tmpdir

Apache reports: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back...

6.3CVSS2.2AI score0.01808EPSS
Exploits0References1
Rows per page
Query Builder