Lucene search
K

258 matches found

OSV
OSV
added 2024/01/16 3:15 p.m.26 views

CVE-2023-6395

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

9.8CVSS7.7AI score0.01552EPSS
Exploits1References8
Prion
Prion
added 2024/01/16 3:15 p.m.21 views

Design/Logic Flaw

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

7.5CVSS7.8AI score0.01552EPSS
Exploits1References8Affected Software2
UbuntuCve
UbuntuCve
added 2024/01/16 3:15 p.m.15 views

CVE-2023-6395

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

9.8CVSS7.2AI score0.01552EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2024/01/16 2:33 p.m.14 views

CVE-2023-6395 Mock: privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

6.7CVSS8AI score0.01552EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/01/16 2:33 p.m.26 views

CVE-2023-6395 Mock: privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

6.7CVSS9.8AI score0.01552EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2024/01/16 2:33 p.m.22 views

CVE-2023-6395

Removed by vendor...

9.8CVSS7.9AI score0.01552EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2024/01/16 2:1 p.m.22 views

CVE-2023-6395

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

6.7CVSS8.2AI score0.01552EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.4 views

PT-2024-1297 · Mock +1 · Mock +1

Name of the Vulnerable Software and Affected Versions: Mock affected versions not specified Description: The Mock software contains a vulnerability that could potentially be exploited for privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems...

9.8CVSS7.8AI score0.01552EPSS
Exploits1References26
Vulnrichment
Vulnrichment
added 2023/11/12 1:12 p.m.27 views

CVE-2023-47037 Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have the...

4.6AI score0.01497EPSS
Exploits0References3
CNVD
CNVD
added 2023/09/25 12:0 a.m.22 views

Apache Airflow Authorization Problem Vulnerability (CNVD-2023-72233)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions prior to 2.7.1 have an authorization issue vulnerability th...

4.3CVSS7AI score0.01305EPSS
Exploits0References1
Veracode
Veracode
added 2023/09/15 9:56 a.m.20 views

Incorrect Authorization

apacheairflow is vulnerable to Incorrect Authorization. The vulnerability is caused by a missing read only validation rule for all the fields e.g: startdate, enddate, runid ,dagid, state except note field while editing/modifying DAG Directed Acyclic Graph run detail values. This can lead to...

4.3CVSS6.7AI score0.01305EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/09/12 12:15 p.m.18 views

Design/Logic Flaw

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to...

4CVSS4.4AI score0.01305EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.3 views

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions prior to 2.7.1 have an authorization issue vulnerability th...

4.3CVSS7AI score0.01305EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.2 views

PT-2023-8623 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions before 2.7.1 Description: The issue allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes, potentially altering details such as configuration parameters and start...

5.3CVSS4.3AI score0.01305EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2023/06/16 12:0 a.m.43 views

Cisco Expressway Series / Cisco TelePresence VCS 14.x < 14.3.0 Privilege Escalation (cisco-sa-expressway-priv-esc-Ls2B9t7b)

The Cisco Expressway Series or Cisco TelePresence Video Communication Server VCS running on the remote host is 14.x prior to 14.3.0. It is, therefore, affected by a privilege escalation vulnerability as described in the cisco-sa-expressway-priv-esc-Ls2B9t7b advisory. Due to an incorrect...

9.6CVSS8AI score0.00656EPSS
Exploits0References3
0day.today
0day.today
added 2023/05/05 12:0 a.m.230 views

Jedox 2022.4.2 - Code Execution via RPC Interfaces Vulnerability

Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction ================= A Remote...

7.5CVSS7.6AI score0.06741EPSS
Exploits7
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.327 views

Jedox 2022.4.2 - Code Execution via RPC Interfaces

Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction...

7.5CVSS7.6AI score0.06741EPSS
Exploits7
OSV
OSV
added 2023/04/20 3:42 p.m.4 views

USN-6035-1 kauth vulnerability

It was discovered that KAuth incorrectly handled some configuration parameters with specially crafted arbitrary types. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code...

9.3CVSS6AI score0.0235EPSS
Exploits0References2
NVD
NVD
added 2023/04/13 7:15 a.m.26 views

CVE-2022-33258

Information disclosure due to buffer over-read in modem while reading configuration parameters...

8.2CVSS8.2AI score0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/04 4:46 a.m.29 views

CVE-2022-33258 Buffer over-read in Modem

Information disclosure due to buffer over-read in modem while reading configuration parameters...

8.2CVSS8.3AI score0.00354EPSS
Exploits0References1
Rows per page
Query Builder