CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

PT-2024-2708 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.8.2 through 2.8.3 Description: The issue is related to improper preservation of permissions in Apache Airflow, which can allow a remote attacker to gain write access to arbitrary files in the file system. This is due...

CVE-2016-15037

A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0...

CVE-2016-15037 go4rayyan Scumblr Task cross site scripting

A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0...

CVE-2016-15037 go4rayyan Scumblr Task cross site scripting

A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0...

PT-2024-10571 · Go4Rayyan · Scumblr

Name of the Vulnerable Software and Affected Versions: go4rayyan Scumblr versions up to 2.0.1a Description: A problematic issue has been found in the component Task Handler, leading to cross site scripting. The manipulation can be launched remotely. It is estimated that some unknown functionality...

Scumblr Cross-Site Scripting Vulnerability

Scumblr is a web application for Netflix-Skunkworks Individual Developers that allows for periodic synchronization of data sources e.g., Github repositories and URLs and performs analysis of the identified results e.g., static analyses, dynamic inspections, and metadata collection. A cross-site...

CVE-2021-4257

A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The...

CVE-2021-4257

A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The...

Cross site scripting

A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The...

CVE-2021-4257

The CVE-2021-4257 entry concerns ctrlo lenio. The vulnerability is in the Task Handler’s views/task.tt, where manipulating the argument path site.org.name/check.name/task.tasktype.name/task.name enables cross-site scripting. A remote attacker could exploit this, with impact limited to client-side...

ctrlo lenio 安全漏洞

lenio is an open source facility management system from ctrlo. A security vulnerability exists in ctrlo lenio, which stems from unknown code in the views/task.tt file of its Task Handler component that operates on the parameters site.org.name/check.name/task.tasktype allowing an attacker to...

CVE-2021-4257 ctrlo lenio Task task.tt cross site scripting

A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The...

PT-2022-11622 · Unknown · Ctrlo Lenio

Name of the Vulnerable Software and Affected Versions: ctrlo lenio affected versions not specified Description: A vulnerability was found in the Task Handler component, affecting the file views/task.tt. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads t...

CVE-2022-4322

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

CVE-2022-4322

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

Design/Logic Flaw

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

PT-2022-26797 · Maku-Boot · Maku-Boot

Name of the Vulnerable Software and Affected Versions: maku-boot versions up to 2.2.0 Description: A critical issue was found in the Scheduled Task Handler component, affecting the doExecute function of the AbstractScheduleJob.java file. This leads to injection and can be initiated remotely. The...

CVE-2022-4322 maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

CVE-2022-4322 maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...