Tintinweb

**Name of the Vulnerable Software and Affected Versions** Nim versions prior to 1.2.10 Nim versions prior to 1.4.4 **Description** The issue affects the Nimble package manager for the Nim programming language. When "nimble refresh" is used, it fetches a list of Nimble packages over HTTPS by default, but falls back to a non-TLS URL `http://irclogs.nim-lang.org/packages.json` in case of an error. An attacker able to perform a Man-in-the-Middle (MitM) attack can deliver a modified package list containing malicious software packages. If these packages are installed and used, the attack can escalate to untrusted code execution. **Recommendations** For versions prior to 1.2.10, update to version 1.2.10 or later to resolve the issue. For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider disabling the use of the `http://irclogs.nim-lang.org/packages.json` URL until a patch is available. Restrict access to the "nimble refresh" command to minimize the risk of exploitation. Avoid using the non-TLS URL in the "nimble refresh" command until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Nim versions prior to 1.2.10 Nim versions prior to 1.4.4 **Description** The issue concerns Nimble, a package manager for the Nim programming language. In affected versions, Nimble's doCmd can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the `packages.json` package list to trigger code execution. **Recommendations** For versions prior to 1.2.10, update to version 1.2.10 or later. For versions prior to 1.4.4, update to version 1.4.4 or later.

Name of the Vulnerable Software and Affected Versions: go-ipfs versions prior to 0.8.0 Description: The issue concerns control characters not being escaped from console output, potentially hiding input from the user. This could result in the user taking an unknown, malicious action. Recommendations: For versions prior to 0.8.0, update to version 0.8.0 to resolve the issue. As a temporary workaround, consider disabling console output or restricting its use until a patch is applied.

Name of the Vulnerable Software and Affected Versions: go-ipfs versions prior to 0.8.0-rc1 Description: The issue is related to path traversal in go-ipfs, which can occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG. Recommendations: For go-ipfs versions prior to 0.8.0-rc1, upgrade to go-ipfs 0.8 or later to resolve the issue. As a temporary workaround, consider avoiding the use of `ipfs get` on affected DAGs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Nimble versions prior to 1.2.10 Nimble versions prior to 1.4.4 **Description** The issue is related to the `nimble refresh` function of the Nimble package manager for the Nim programming language. It is caused by the lack of verification of downloaded packages due to an error in the certificate authentication procedure. This can allow a remote attacker to perform a man-in-the-middle attack or execute arbitrary code by downloading malicious packages. **Recommendations** For Nimble versions prior to 1.2.10, update to version 1.2.10 or later to resolve the issue. For Nimble versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider disabling the `nimble refresh` function until a patch is available. Restrict access to the `httpClient` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nim versions prior to 1.2.6 **Description** The issue is related to the standard library asyncftpclient in Nim, which lacks a check for whether a message contains a newline character. **Recommendations** For versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nim version 1.2.4 **Description** The standard library browsers in Nim mishandle the URL argument to `browsers.openDefaultBrowser()`, allowing an attacker to pass an argument to the underlying open command and execute arbitrary registered system commands. This can occur when the URL argument is a local file path that will be opened in the default explorer. **Recommendations** For Nim version 1.2.4, consider disabling the `browsers.openDefaultBrowser()` function until a patch is available to prevent exploitation. Restrict access to the `browsers` module to minimize the risk of arbitrary command execution. Avoid using the `openDefaultBrowser` function with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Nim version 1.2.4 **Description** The standard library httpClient in Nim fails to properly validate the server response. For instance, `httpClient.get().contentLength()` does not raise an error if a malicious server provides a negative Content-Length. **Recommendations** For Nim version 1.2.4, consider validating server responses manually to ensure the Content-Length is not negative until a patch is available. As a temporary workaround, restrict the use of `httpClient.get().contentLength()` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nim version 1.2.4 **Description** The standard library httpClient in Nim is susceptible to a CR-LF injection in the target URL. This injection can occur if an attacker controls any part of the URL provided in a call, such as `httpClient.get` or `httpClient.post`, the `User-Agent` header value, or custom HTTP header names or values. **Recommendations** For Nim version 1.2.4, consider restricting the use of the `httpClient` module until a patch is available, and avoid using user-controlled input in the URL, `User-Agent` header, or custom HTTP headers to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: cgminer version 4.10.0 bfgminer version 5.5.0 Description: The issue allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the `addpool`, `failover-only`, `poolquota`, and `save` command handlers. Recommendations: For cgminer version 4.10.0, consider disabling the `addpool`, `failover-only`, `poolquota`, and `save` command handlers until a patch is available. For bfgminer version 5.5.0, consider disabling the `addpool`, `failover-only`, `poolquota`, and `save` command handlers until a patch is available.

Name of the Vulnerable Software and Affected Versions: cgminer version 4.10.0 bfgminer version 5.5.0 Description: The issue allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions, which is caused by an absolute directory traversal. Recommendations: For cgminer version 4.10.0, consider restricting access to the remote management interface until a patch is available. For bfgminer version 5.5.0, restrict write access to sensitive directories on the server to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Parity Browser versions 1.6.10 and earlier Description: The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine. This is possible because the current website's token is reused and not bound to an origin. Recommendations: For Parity Browser versions 1.6.10 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Claymore Dual GPU miner version 10.1 **Description** The issue is related to a stack-based buffer overflow in the request handler of the remote management interface. This can be exploited by an unauthenticated remote attacker via a long API request that is mishandled during logging, allowing the execution of arbitrary code. **Recommendations** For Claymore Dual GPU miner version 10.1, consider disabling the remote management interface until a patch is available to prevent exploitation. Restrict access to the request handler to minimize the risk of arbitrary code execution. Avoid using long API requests that could trigger the buffer overflow until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Claymore Dual GPU miner version 10.1 **Description** The remote management interface is vulnerable to an authenticated directory traversal issue. This can be exploited by issuing a specially crafted request, allowing a remote attacker to read or write arbitrary files. The issue can be triggered via ../ sequences in the pathname to `miner file` or `miner getfile`. **Recommendations** For Claymore Dual GPU miner version 10.1, consider restricting access to the remote management interface until a fix is available. As a temporary workaround, avoid using the `miner file` or `miner getfile` parameters in the affected API endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: vBulletin Tapatalk plugin versions 4.9.0 and earlier vBulletin Tapatalk plugin versions 5.x through 5.2.1 Description: The issue allows remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to specific endpoints, including "unsubscribe forum.php" and "unsubscribe topic.php" in mobiquo/functions/. Recommendations: For versions 4.9.0 and earlier, update to a version later than 4.9.0. For versions 5.x through 5.2.1, update to a version later than 5.2.1. As a temporary workaround, consider restricting access to the "unsubscribe forum.php" and "unsubscribe topic.php" endpoints in mobiquo/functions/ until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MiniUPnPc versions 1.4.20101221 through 2.0 **Description** The issue is related to an integer signedness error, which can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. **Recommendations** For MiniUPnPc versions 1.4.20101221 through 2.0, update to a version later than 2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions prior to 7.2p2 **Description** The issue allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the do authenticated1 and session x11 req functions. This is due to the improper handling of CRLF injection vulnerabilities in the session.c file of OpenSSH. An attacker could exploit this to gain access to the target local X server. **Recommendations** For versions prior to 7.2p2, update to version 7.2p2 or later to resolve the issue. As a temporary workaround, consider restricting access to X11 forwarding data to minimize the risk of exploitation. Avoid using the `do authenticated1` and `session x11 req` functions in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PuTTY versions prior to 0.67 KiTTY versions prior to 0.66.6.3 **Description** A stack-based buffer overflow issue exists in the SCP command-line utility, allowing remote servers to cause a denial of service or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request. **Recommendations** For PuTTY versions prior to 0.67, update to version 0.67 or later to resolve the issue. For KiTTY versions prior to 0.66.6.3, update to version 0.66.6.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** vBulletin versions 4.2.2 and earlier vBulletin versions 5.0.x through 5.0.5 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request. This can be achieved by manipulating the client name. **Recommendations** For vBulletin versions 4.2.2 and earlier, update to a version later than 4.2.2 to resolve the issue. For vBulletin versions 5.0.x through 5.0.5, update to a version later than 5.0.5 to resolve the issue. As a temporary workaround, consider restricting access to the `admincp/apilog.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** vBulletin versions 4.2.2, 4.2.1, 4.2.0 PL2, and earlier **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `conceptid` argument in an xmlrpc API request to the "includes/api/4/breadcrumbs create.php" endpoint. **Recommendations** For versions 4.2.2, 4.2.1, and 4.2.0 PL2, and all earlier versions, consider restricting access to the `breadcrumbs create.php` file until a fix is available. As a temporary workaround, avoid using the `conceptid` argument in xmlrpc API requests to minimize the risk of exploitation.