Exploit for OS Command Injection in Apache Airflow

Example Build demo stand bash docker-compose up -d...

CVE-2019-25233

CVE-2019-25233 affects AVE DOMINAplus 1.10.x. The connected documents specify cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in this version, enabling attackers to perform administrative actions without user consent. Attackers can craft malicious pages to exploit...

EUVD-2014-5062

Malware in sbrugna...

Apache Subversion Client SEoL (1.10.x)

According to its version, Apache Subversion Client is 1.10.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...

SUSE CVE-2013-4931

epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service loop via a crafted packet that is not properly handled by the GSM RR dissector...

SUSE CVE-2017-7234

A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...

PT-2022-24399 · Ibm · Ibm Cloud Pak For Security

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Security CP4S versions 1.10.0.0 through 1.10.2.0 Description: The issue is due to improper input validation, which could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions...

AVE DOMINAplus 授权问题漏洞

AVE DOMINAplus is an application system from AVE Italy. The best home automation system for next generation houses. A security vulnerability exists in AVE DOMINAplus version 1.10.x and prior versions, which stems from the presence of an authentication bypass vulnerability. An attacker can exploit...

CVE-2015-1866

Cross-site scripting XSS vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2...

CVE-2015-1866

Cross-site scripting XSS vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2...

CVE-2015-7565

Cross-site scripting XSS vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML...

Fedora 24 : botan (2016-7de64a450f)

Botan 1.10.14 - NOTE WELL: Botan 1.10.x is supported for security patches only until 2017-12-31 - Fix integer overflow during BER decoding, found by Falko Strenzke. This bug is not thought to be directly exploitable but upgrading ASAP is advised. CVE-2016-9132 - Fix two cases where in error...

CVE-2016-6186

CVE-2016-6186 is an XSS vulnerability in Django (dismissChangeRelatedObjectPopup in RelatedObjectLookups.js) exploitable via unsafe Element.innerHTML usage. Affected Django versions: before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1. Public advisories in ALT Linux, Fedora, Debian show ...

CVE-2015-5727

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service memory consumption via unspecified vectors, related to a length field...

Design/Logic Flaw

Multiple memory leaks in the x11initprotocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service memory consumption via a crafted packet...

Buffer overflow

Buffer underflow in the ssldecryptrecord function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service application crash via a crafted packet that is improperly handled during decryption of an SSL...

CVE-2015-0560

The dissectwccp2r1addresstableinfo function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service application crash via a crafted...

Wireshark Denial of Service Vulnerability-03 (Sep 2014) - Windows

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

CVE-2014-6431

Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service application crash via a crafted file that triggers writes of uncompressed bytes...

CVE-2014-6424

The dissectv9v10pdudata function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service uninitialized memory read and...