CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8177 – gluster-swift metadata constraints are not correctly enforced
https://notcve.org/view.php?id=CVE-2014-8177
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined. El paquete gluster-swift de Red Hat, tal como se utiliza en Red Hat Gluster Storage (anteriormente Red Hat Storage Server), permite a usuarios remotos autenticados eludir la restricción max_meta_count a través de múltiples peticiones manipuladas que exceden el límite cuando se combinan. A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage (swiftonfile). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration. • http://rhn.redhat.com/errata/RHSA-2015-1845.html http://rhn.redhat.com/errata/RHSA-2015-1846.html http://www.openwall.com/lists/oss-security/2015/08/27/5 https://bugzilla.redhat.com/show_bug.cgi?id=1257525 https://access.redhat.com/security/cve/CVE-2014-8177 • CWE-284: Improper Access Control •
CVE-2012-5635 – GlusterFS: insecure temporary file creation
https://notcve.org/view.php?id=CVE-2012-5635
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. La funcionalidad GlusterFS en Red Hat Storage Management Console v2.0, Native Client, Server 2.0 permite a usuarios locales sobreescribir archivos arbitrarios mediante un ataque de enlaces simbólicos en varios archivos temporales creados por (1) tests/volume.rc, (2) extras/hook- scripts/S30samba-stop.sh, y posiblemente otros vectores, la vulnerabilidad diferente a CVE-2012-4417. Multiple insecure temporary file creation flaws were found in Red Hat Storage. A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack. • http://rhn.redhat.com/errata/RHSA-2013-0691.html https://bugzilla.redhat.com/show_bug.cgi?id=886364 https://access.redhat.com/security/cve/CVE-2012-5635 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •