Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:48 a.m.8 views

CVE-2020-17526

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...

7.7CVSS6.6AI score0.23336EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-51640

Malicious code in bioql PyPI...

7.2CVSS9.1AI score0.00346EPSS
Exploits0References4
OSV
OSV
added 2025/07/22 6:30 p.m.3 views

GHSA-H7X8-JV97-FVVM Dagster Local File Inclusion vulnerability

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

6.6CVSS6AI score0.00524EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.4 views

Dagster 路径遍历漏洞

Dagster is a Dagster open source orchestration platform for developing, producing and observing data assets. A security vulnerability exists in Dagster version 1.10.14, which stems from a path traversal sequence in the notebookpath field that can bypass extension-based checks and lead to the...

6.6CVSS6.6AI score0.00524EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/04 11:53 p.m.8 views

CVE-2024-13509

The WS Form LITE and PRO plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS7.4AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/04 12:0 a.m.5 views

WordPress plugin WP24 Domain Check 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.2AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2025/01/28 7:15 a.m.4 views

CVE-2024-13509

The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6AI score0.00346EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.3 views

SUSE CVE-2015-3182

epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service application crash via a crafted packet...

5.5CVSS6.8AI score0.01482EPSS
Exploits0References4
Rosalinux
Rosalinux
added 2021/07/02 6:20 p.m.37 views

Advisory ROSA-SA-2021-1997

Software: wirehark 1.10.14 OS: Cobalt 7.9 CVE-ID: CVE-2015-3814 CVE-Crit: HIGH CVE-DESC: The functions 1 exctfsrequest and 2 exctfsresponse in epan / dissectors / packet-ieee80211.c in IEEE 802.11 dissector in Wireshark 1.10.x through 1.10.14 and 1.12.x through 1.12.5 interpret the null. value as...

9.8CVSS7.3AI score0.03078EPSS
Exploits1
CNVD
CNVD
added 2020/12/22 12:0 a.m.7 views

Apache Airflow Webserver Unauthorized Access Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow Webserver versions prior to 1.10....

7.7CVSS6.5AI score0.23336EPSS
Exploits0References1
PyPA
PyPA
added 2020/12/21 5:15 p.m.5 views

PYSEC-2020-22

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...

7.7CVSS6.6AI score0.23336EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/12/21 12:0 a.m.2 views

PT-2020-6687 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.14 Description: The issue is related to incorrect session validation in the Apache Airflow web server, caused by the use of a default configuration that includes a pre-set secret key. This allows a...

8.3CVSS7.4AI score0.23336EPSS
Exploits0References27
CNNVD
CNNVD
added 2020/12/21 12:0 a.m.7 views

Apache Airflow Webserver 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow Webserver versions prior to 1.10....

7.7CVSS7AI score0.23336EPSS
Exploits0References6
Fedora
Fedora
added 2016/12/22 4:50 p.m.24 views

[SECURITY] Fedora 25 Update: botan-1.10.14-3.fc25

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

9.8CVSS1.8AI score0.01978EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/12/02 12:0 a.m.42 views

CentOS 7 : wireshark (CESA-2015:2393)

Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

7.8CVSS6.2AI score0.046EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2015/11/24 12:0 a.m.41 views

Oracle Linux 7 : wireshark (ELSA-2015-2393)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2393 advisory. - Related: CVE-2015-6244 - Resolves: CVE-2015-3182 - Resolves: CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6248 - Resolves:...

7.8CVSS6.5AI score0.046EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2015/11/19 12:0 a.m.1 views

PT-2016-3604 · Wireshark +2 · Wireshark +2

Name of the Vulnerable Software and Affected Versions: Wireshark versions 1.10.12 through 1.10.14 Description: The issue is related to the DECnet NSP/RT dissector in Wireshark, where it mishandles a certain strdup return value. This allows remote attackers to cause a denial of service, resulting ...

7.8CVSS6.1AI score0.046EPSS
Exploits0References61
OSV
OSV
added 2015/06/03 10:45 a.m.9 views

SUSE-SU-2015:1046-1 Security update for wireshark

Wireshark was updated to 1.10.14 to fix four security issues. The following vulnerabilities have been fixed: CVE-2015-3811: The WCP dissector could crash while decompressing data. wnpa-sec-2015-14 CVE-2015-3812: The X11 dissector could leak memory. wnpa-sec-2015-15 CVE-2015-3813: The packet...

7.8CVSS5.9AI score0.03731EPSS
Exploits0References7
Rows per page
Query Builder