CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

CVE-2024-31446 OpenComputers Denial of Service using xpcall

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

FreeSWITCH Security Breach

FreeSWITCH is a free, open-source communications software program developed by Anthony Minessale, an individual developer in the United States. The software can be used to create audio, video, and SMS products and applications. A security vulnerability exists in FreeSWITCH version 1.10.10, which ...

CVE-2023-40018

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...

CVE-2023-40019 FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

PT-2023-27213 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.10 Description: The issue allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call completes codec negotiation, the codec string...

FreeSWITCH Buffer Error Vulnerability

FreeSWITCH is a free, open-source communications software program developed by Anthony Minessale, an individual developer in the United States. The software can be used to create audio, video, and short message products and applications. A buffer error vulnerability exists in FreeSWITCH versions...

SUSE CVE-2014-6430

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service application crash via a crafted file...

CloudBees Jenkins P4 Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . P4 Plugin is used in one of the Perforce...

GHSA-4MV4-GMMF-Q382 DataTable Vulnerable to Cross-Site Scripting

Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php. Recommendation Update to a version greater than 1.10.8. A fix appears in...

airflow-util-dv (>=1.2.1 <=1.6.2), dbnd-examples (>=0.50.1 <=0.56.7) +2 more potentially affected by CVE-2020-11978 via apache-airflow (>=1.10.1 <=1.10.10)

apache-airflow PYPI version =1.10.1, =1.2.1, =0.50.1, =0.0.1, =10.3.0rc1, =10.3.0rc2 Source cves: CVE-2020-11978 Source advisory: OSV:GHSA-RVMQ-4X66-Q7J3...

airflow-util-dv (>=1.2.1 <=1.6.2), dbnd-examples (>=0.50.1 <=0.56.7) +2 more potentially affected by CVE-2020-11981 via apache-airflow (>=1.10.1 <=1.10.10)

apache-airflow PYPI version =1.10.1, =1.2.1, =0.50.1, =0.0.1, =10.3.0rc1, =10.3.0rc2 Source cves: CVE-2020-11981 Source advisory: OSV:GHSA-976R-QFJJ-C24W...

Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2020-44095)

Apache Airflow is the United States Apache Apache Software Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site scripting vulnerability exists in the Chart page of the...

Design/Logic Flaw

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker Redis, RabbitMQ directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands...

PYSEC-2020-23

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI...

PT-2020-6601 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 1.10.10 and below Description: The issue is related to a command injection vulnerability in Apache Airflow, which can be exploited by a remote attacker to execute arbitrary commands with superuser privileges. This...

CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

PT-2020-20695 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 1.10.10 and below Description: A stored XSS issue was discovered in the Chart pages of the "classic" UI. Recommendations: For Apache Airflow versions 1.10.10 and below, update to a version above 1.10.10 to resolve the...

CloudBees Jenkins P4 plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . P4 Plugin is used in one of the Perforce...

CVE-2020-2141

A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce...