18 matches found
CVE-2020-17526
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
EUVD-2024-51640
Malicious code in bioql PyPI...
GHSA-H7X8-JV97-FVVM Dagster Local File Inclusion vulnerability
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
Dagster 路径遍历漏洞
Dagster is a Dagster open source orchestration platform for developing, producing and observing data assets. A security vulnerability exists in Dagster version 1.10.14, which stems from a path traversal sequence in the notebookpath field that can bypass extension-based checks and lead to the...
CVE-2024-13509
The WS Form LITE and PRO plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress plugin WP24 Domain Check 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-13509
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for...
SUSE CVE-2015-3182
epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service application crash via a crafted packet...
Advisory ROSA-SA-2021-1997
Software: wirehark 1.10.14 OS: Cobalt 7.9 CVE-ID: CVE-2015-3814 CVE-Crit: HIGH CVE-DESC: The functions 1 exctfsrequest and 2 exctfsresponse in epan / dissectors / packet-ieee80211.c in IEEE 802.11 dissector in Wireshark 1.10.x through 1.10.14 and 1.12.x through 1.12.5 interpret the null. value as...
Apache Airflow Webserver Unauthorized Access Vulnerability
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow Webserver versions prior to 1.10....
PYSEC-2020-22
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
PT-2020-6687 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.14 Description: The issue is related to incorrect session validation in the Apache Airflow web server, caused by the use of a default configuration that includes a pre-set secret key. This allows a...
Apache Airflow Webserver 安全漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow Webserver versions prior to 1.10....
[SECURITY] Fedora 25 Update: botan-1.10.14-3.fc25
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...
CentOS 7 : wireshark (CESA-2015:2393)
Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
Oracle Linux 7 : wireshark (ELSA-2015-2393)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2393 advisory. - Related: CVE-2015-6244 - Resolves: CVE-2015-3182 - Resolves: CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6248 - Resolves:...
PT-2016-3604 · Wireshark +2 · Wireshark +2
Name of the Vulnerable Software and Affected Versions: Wireshark versions 1.10.12 through 1.10.14 Description: The issue is related to the DECnet NSP/RT dissector in Wireshark, where it mishandles a certain strdup return value. This allows remote attackers to cause a denial of service, resulting ...
SUSE-SU-2015:1046-1 Security update for wireshark
Wireshark was updated to 1.10.14 to fix four security issues. The following vulnerabilities have been fixed: CVE-2015-3811: The WCP dissector could crash while decompressing data. wnpa-sec-2015-14 CVE-2015-3812: The X11 dissector could leak memory. wnpa-sec-2015-15 CVE-2015-3813: The packet...