Weekly Update: a new vulnerability is published on the National Vulnerability Database (18 items)

New vulnerabilities from the NVD: CVE-2016-8657 It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted. Published at: July 31, 2018 at 10:29PM View on website August 01, 2018 at 12:39AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8626 A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. Published at: July 31, 2018 at 10:29PM View on website August 01, 2018 at 12:39AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8631 The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site. Published at: July 31, 2018 at 11:29PM View on website August 01, 2018 at 02:39AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8628 Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as. Published at: July 31, 2018 at 11:29PM View on website August 01, 2018 at 02:39AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8624 curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them. Published at: August 01, 2018 at 12:29AM View on website August 01, 2018 at 02:39AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8622 The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer. Published at: August 01, 2018 at 12:29AM View on website August 01, 2018 at 02:39AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8618 The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. Published at: August 01, 2018 at 12:29AM View on website August 01, 2018 at 02:39AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8614 A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. Published at: August 01, 2018 at 12:29AM View on website August 01, 2018 at 02:39AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8613 A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability. Published at: July 31, 2018 at 11:29PM View on website August 01, 2018 at 02:39AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8611 A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. Published at: July 31, 2018 at 11:29PM View on website August 01, 2018 at 02:39AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8621 The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. Published at: August 01, 2018 at 01:29AM View on website August 01, 2018 at 04:40AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8617 The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. Published at: August 01, 2018 at 01:29AM View on website August 01, 2018 at 04:40AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8620 The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. Published at: August 01, 2018 at 09:29AM View on website August 01, 2018 at 02:39PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8619 The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. Published at: August 01, 2018 at 09:29AM View on website August 01, 2018 at 02:39PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8616 A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. Published at: August 01, 2018 at 09:29AM View on website August 01, 2018 at 02:39PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8615 A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. Published at: August 01, 2018 at 09:29AM View on website August 01, 2018 at 02:39PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8608 JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins. Published at: August 01, 2018 at 05:29PM View on website August 01, 2018 at 07:20PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9262 _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. Published at: August 02, 2018 at 02:29AM View on website August 02, 2018 at 05:20AM via National Vulnerability Database