Posted by Denis Mironov on May 16
[-] Affected Versions:
Version 2.2.0 is affected, and prior versions are likely affected too.
[-] Vulnerabilities Description:
Vulnerable component is switching to another tab. To exploit
vulnerability, an attacker may send a POST request (with
application/x-www-form-urlencoded content-type) to AJAX endpoint
(usually “/index.php”) with “is_ajax_listing_tabs” parameter set to
“1” and “setting” parameter…
Jakub Wilk discovered a local privilege escalation in needrestart, a
utility to check which daemons need to be restarted after library
upgrades. Regular expressions to detect the Perl, Python, and Ruby
interpreters are not anchored, allowing a local user to escalate
privileges when needrestart tries to detect if interpreters are using
old source files.
Elison Niven discovered that the c_rehash script included in OpenSSL did
not sanitise shell meta characters which could result in the execution
of arbitrary commands.
It was discovered that the Waitress WSGI server was susceptible to
HTTP request smuggling in some scenarios when used behind a proxy.
USN-5311-1 released updates for contained. Unfortunately, a subsequent update
reverted the fix for this CVE by mistake. This update corrects the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that containerd allows attackers to gain access to read-
only copies of arbitrary files and directories on the host via a specially-
crafted image configuration. An attacker could possibly use this issue to
obtain sensitive information.
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
A logged-in and authenticated user with a Reviewer Role may lock a content item.
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
