361 matches found
CVE-2020-13347
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...
CVE-2020-13347
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...
CVE-2020-13347
CVE-2020-13347 affects GitLab Runner on Windows when using the Docker executor. The vulnerability is a command injection in the runner prior to versions 13.2.4, 13.3.2 and 13.4.1, exploitable via the DOCKER_AUTH_CONFIG build variable, allowing an attacker to execute arbitrary commands on the Wind...
CVE-2020-13347
Removed by vendor...
PT-2020-13488 · Gitlab · Gitlab Runner +1
Name of the Vulnerable Software and Affected Versions: Gitlab runner versions prior to 13.2.4 Gitlab runner versions prior to 13.3.2 Gitlab runner versions prior to 13.4.1 Description: A command injection issue was discovered. When the runner is configured on a Windows system with a docker...
DEBIAN-CVE-2020-24361
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...
PYSEC-2020-15
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker Redis, RabbitMQ directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands...
PT-2020-6686 · Apache +2 · Apache Airflow +2
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 1.10.10 and below Description: The issue is related to the deserialization of untrusted data in Apache Airflow, which can lead to remote code execution. An attacker, acting remotely, can exploit this issue by inserting...
PT-2020-6688 · Apache +2 · Apache Airflow +2
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 1.10.10 and below Description: The issue allows an attacker to inject commands if they can connect directly to the broker, such as Redis or RabbitMQ, when using CeleryExecutor. This can result in the celery worker...
DEBIAN-CVE-2020-6582
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call...
mesos: docker image code execution
A flaw was found in Docker image running under root user, where it is possible to overwrite the init helper binary of the container runtime or the command executor in Apache Mesos. A malicious user could use this flaw to gain root-level code execution on the host...
com.hindog.grid:grid-executor-examples_2.11 (>=1.1.0 <=2.0.1) potentially affected by CVE-2017-12625 via org.apache.hive:hive (=2.1.1)
org.apache.hive:hive MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive and may be impacted: - com.hindog.grid:grid-executor-examples2.11 =1.1.0, =2.0.1 Source cves: CVE-2017-12625 Source advisory:...
com.hindog.grid:grid-executor-examples_2.11 (>=1.1.0 <=2.0.1) potentially affected by CVE-2018-1284 via org.apache.hive:hive (=2.1.1)
org.apache.hive:hive MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive and may be impacted: - com.hindog.grid:grid-executor-examples2.11 =1.1.0, =2.0.1 Source cves: CVE-2018-1284 Source advisory:...
com.hindog.grid:grid-executor-examples_2.11 (>=1.1.0 <=2.0.1) potentially affected by CVE-2018-1315 via org.apache.hive:hive (=2.1.1)
org.apache.hive:hive MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive and may be impacted: - com.hindog.grid:grid-executor-examples2.11 =1.1.0, =2.0.1 Source cves: CVE-2018-1315 Source advisory:...
ai.deepsense:seahorse-executor-commons_2.11 (>=1.4.2 <=1.4.3), ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3) +505 more potentially affected by CVE-2018-18854 via io.spray:spray-json_2.11 (>=1.2.6 <=1.3.4)
io.spray:spray-json2.11 MAVEN version =1.2.6, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =1.4, =1.0, =0.1.3, =0.1.14, =1.0.0, =0.1.0, =0.5.0, =0.11.1, =0.15.2, =0.5.0, =0.0.8, =0.0.12 and more Source cves: CVE-2018-18854 Source advisory: OSV:GHSA-Q8XJ-8XG3-W432...
PYSEC-2018-92
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...
DEBIAN-CVE-2018-16849
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...
PYSEC-2018-92
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...
PT-2018-13771 · Openstack +1 · Openstack-Mistral +1
Name of the Vulnerable Software and Affected Versions: openstack-mistral affected versions not specified Description: A flaw in openstack-mistral allows the disclosure of the presence of arbitrary files within the filesystem of the executor running the action. This is achieved by manipulating the...
Unsupervised Coverage-Guided Kernel Fuzzer: syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it’s being extended to support other ...