Lucene search
K

263 matches found

Hacker One
Hacker One
added 2024/01/25 12:51 p.m.49 views

Internet Bug Bounty: Denial of Service caused by HTTP/2 CONTINUATION Flood

A denial of service vulnerability was discovered in Apache Tomcat versions 11.0.0-M1 to 11.0.0-M16, 10.1.0-M1 to 10.1.18, 9.0.0-M1 to 9.0.85, and 8.5.0 to 8.5.98. The vulnerability was caused by the way Tomcat processed HTTP/2 requests that exceeded configured limits for headers. A fix was releas...

7.5CVSS7.6AI score0.23072EPSS
Exploits1
OSV
OSV
added 2024/01/16 3:30 p.m.14 views

GHSA-7J98-74JH-CJXH Privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

6.7CVSS8.2AI score0.01552EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2024/01/16 3:30 p.m.30 views

Privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

9.8CVSS7.6AI score0.01552EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2024/01/16 3:15 p.m.19 views

CVE-2023-6395

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

9.8CVSS8.4AI score0.01552EPSS
Exploits1References8
OSV
OSV
added 2024/01/16 3:15 p.m.7 views

AZL-43540 CVE-2023-6395 affecting package python-templated-dictionary 1.1-6

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

9.8CVSS6.2AI score0.01552EPSS
Exploits1References1
Prion
Prion
added 2024/01/16 3:15 p.m.22 views

Design/Logic Flaw

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

7.5CVSS7.8AI score0.01552EPSS
Exploits1References8Affected Software2
UbuntuCve
UbuntuCve
added 2024/01/16 3:15 p.m.18 views

CVE-2023-6395

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

9.8CVSS7.2AI score0.01552EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/01/16 2:33 p.m.28 views

CVE-2023-6395 Mock: privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

6.7CVSS9.8AI score0.01552EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2024/01/16 2:33 p.m.15 views

CVE-2023-6395 Mock: privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

6.7CVSS8AI score0.01552EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2024/01/16 2:33 p.m.22 views

CVE-2023-6395

Removed by vendor...

9.8CVSS7.9AI score0.01552EPSS
Exploits1
OSV
OSV
added 2024/01/16 2:33 p.m.26 views

CVE-2023-6395 Mock: privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

6.7CVSS7.3AI score0.01552EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2024/01/16 2:1 p.m.22 views

CVE-2023-6395

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

6.7CVSS8.2AI score0.01552EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.4 views

PT-2024-1297

Name of the Vulnerable Software and Affected Versions Mock affected versions not specified Description The Mock software contains a vulnerability that could potentially be exploited for privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems...

10CVSS7.3AI score0.01552EPSS
Exploits1References31
Vulnrichment
Vulnrichment
added 2023/11/12 1:12 p.m.27 views

CVE-2023-47037 Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have the...

4.6AI score0.01497EPSS
Exploits0References3
CNVD
CNVD
added 2023/09/25 12:0 a.m.22 views

Apache Airflow Authorization Problem Vulnerability (CNVD-2023-72233)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions prior to 2.7.1 have an authorization issue vulnerability th...

4.3CVSS7AI score0.01305EPSS
Exploits0References1
Veracode
Veracode
added 2023/09/15 9:56 a.m.22 views

Incorrect Authorization

apacheairflow is vulnerable to Incorrect Authorization. The vulnerability is caused by a missing read only validation rule for all the fields e.g: startdate, enddate, runid ,dagid, state except note field while editing/modifying DAG Directed Acyclic Graph run detail values. This can lead to...

4.3CVSS6.7AI score0.01305EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/09/12 12:15 p.m.19 views

Design/Logic Flaw

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to...

4CVSS4.4AI score0.01305EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.3 views

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions prior to 2.7.1 have an authorization issue vulnerability th...

4.3CVSS7AI score0.01305EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.3 views

PT-2023-8623 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions before 2.7.1 Description: The issue allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes, potentially altering details such as configuration parameters and start...

5.3CVSS4.3AI score0.01305EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2023/06/16 12:0 a.m.43 views

Cisco Expressway Series / Cisco TelePresence VCS 14.x < 14.3.0 Privilege Escalation (cisco-sa-expressway-priv-esc-Ls2B9t7b)

The Cisco Expressway Series or Cisco TelePresence Video Communication Server VCS running on the remote host is 14.x prior to 14.3.0. It is, therefore, affected by a privilege escalation vulnerability as described in the cisco-sa-expressway-priv-esc-Ls2B9t7b advisory. Due to an incorrect...

9.6CVSS8AI score0.00656EPSS
Exploits0References3
Rows per page
Query Builder