180 matches found
CVE-2021-21316 Arbitrary code execution in less-openui5
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...
GHSA-F62V-XPXF-3V68 Code injection in Apache Ant
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...
Security update for go1.15 (moderate)
openSUSE Security Update: Security update for go1.15 Announcement ID: openSUSE-SU-2021:0192-1 Rating: moderate References: 1175132 1181145 1181146 Cross-References: CVE-2021-3114 CVE-2021-3115 Affected Products: openSUSE Leap 15.2 An update that solves two vulnerabilities and has one errata is no...
SUSE SLED15 / SLES15 Security Update : go1.14 (SUSE-SU-2021:0222-1)
This update for go1.14 fixes the following issues : Go was updated to version 1.14.14 bsc1164903. Security issues fixed : CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic bsc1181145. CVE-2021-3115: Fixed a potential arbitrary code execution in the build process...
SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:0223-1)
This update for go1.15 fixes the following issues : Go was updated to version 1.15.7 bsc1175132. Security issues fixed : CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic bsc1181145. CVE-2021-3115: Fixed a potential arbitrary code execution in the build process...
SUSE-SU-2020:3599-1 Security update for python-pip
This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package bsc1176262, CVE-2019-20916. - Make wheel a separate build run to avoid the setuptools/wheel build cycle...
ant: insecure temporary file vulnerability
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...
EulerOS 2.0 SP2 : ant (EulerOS-SA-2020-2327)
According to the version of the ant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several...
CVE-2020-11979
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...
CVE-2020-11979
CVE-2020-11979 affects Apache Ant 1.10.8. The mitigation for CVE-2020-1945 changed temp-file permissions, but the fixcrlf task deleted the temp file and recreated it without protection, enabling an attacker to inject modified source files during builds. Connected advisories confirm the issue and ...
CVE-2020-11979
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...
EulerOS 2.0 SP3 : ant (EulerOS-SA-2020-2132)
According to the version of the ant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several...
Sensitive Data Exposure in Apache Ant
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...
Huawei EulerOS: Security Advisory for ant (EulerOS-SA-2020-1915)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Insecure Temporary Directory
ant uses an insecure temporary directory. The system property java.io.tempdir causes insecure permissions to be set on a directory, allowing local users to access the temporary directory or write arbitrary files into it. This could also lead to an attacker injecting modified source files into the...
UBUNTU-CVE-2020-1945
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...
CVE-2020-1945
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...
CVE-2020-1945
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...
CVE-2020-1945
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...
Apache Ant leaks sensitive information via the java.io.tmpdir
Apache reports: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back...