Lucene search
K

117 matches found

Vulnrichment
Vulnrichment
added 2023/04/07 2:53 p.m.11 views

CVE-2023-28707 Airflow Apache Drill Provider Arbitrary File Read Vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

7.5AI score0.02062EPSS
Exploits0References3
CVE
CVE
added 2023/04/07 2:53 p.m.68 views

CVE-2023-28707

Apache Airflow Drill Provider (Apache Software Foundation) before 2.3.2 is affected by an improper input validation vulnerability in drill connections (unsanitized host). This can enable reading arbitrary files exposed by the vulnerable component. CVSS v3.1 base score 7.5 (HIGH). Remediation: upg...

7.5CVSS7.5AI score0.02062EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/07 2:53 p.m.13 views

CVE-2023-28707 Airflow Apache Drill Provider Arbitrary File Read Vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

7.5CVSS7.1AI score0.02062EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/07 12:0 a.m.6 views

Apache Airflow 输入验证错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow Drill Provider...

7.5CVSS7.6AI score0.02062EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.7 views

PT-2023-7467

Name of the Vulnerable Software and Affected Versions Apache Airflow Drill Provider versions prior to 2.3.2 Description The issue is related to improper input validation in the Apache Airflow Drill Provider. This can allow a remote attacker to impact the confidentiality of protected information...

8.7CVSS7.1AI score0.02062EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.5 views

SUSE CVE-2020-14060

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...

8.1CVSS8.7AI score0.08607EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.4 views

SUSE CVE-2021-40391

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

9.8CVSS9.6AI score0.02894EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2022/07/10 12:0 a.m.16 views

Fedora: Security Advisory for gerbv (FEDORA-2022-4a3ef86baa)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3AI score
Exploits0References2
Fedora
Fedora
added 2022/07/09 1:24 a.m.56 views

[SECURITY] Fedora 36 Update: gerbv-2.9.2-1.fc36

Gerber Viewer gerbv is a viewer for Gerber files. Gerber files are generated from PCB CAD system and sent to PCB manufacturers as basis for the manufacturing process. The standard supported by gerbv is RS-274X. gerbv also supports drill files. The format supported are known under names as NC-dril...

10CVSS1.7AI score0.02894EPSS
Exploits2
OSV
OSV
added 2022/05/14 3:53 a.m.14 views

GHSA-XP4G-5XJ6-6VPR Apache Drill vulnerable to Cross-site Scripting

In Apache Drill 1.11.0 and earlier, when submitting form from Query page, users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this...

5.4CVSS5.3AI score0.01105EPSS
Exploits3References3
Github Security Blog
Github Security Blog
added 2022/05/14 3:53 a.m.19 views

Apache Drill vulnerable to Cross-site Scripting

In Apache Drill 1.11.0 and earlier, when submitting form from Query page, users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this...

5.4CVSS1.9AI score0.01105EPSS
Exploits3References3Affected Software1
OpenVAS
OpenVAS
added 2022/05/08 12:0 a.m.19 views

Fedora: Security Advisory for gerbv (FEDORA-2022-e819bd191f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.3CVSS6.6AI score0.01084EPSS
Exploits1References2
Fedora
Fedora
added 2022/05/07 5:4 a.m.17 views

[SECURITY] Fedora 36 Update: gerbv-2.8.2-1.fc36

Gerber Viewer gerbv is a viewer for Gerber files. Gerber files are generated from PCB CAD system and sent to PCB manufacturers as basis for the manufacturing process. The standard supported by gerbv is RS-274X. gerbv also supports drill files. The format supported are known under names as NC-dril...

6.3CVSS1.7AI score0.01084EPSS
Exploits1
Talos
Talos
added 2022/02/28 12:0 a.m.39 views

Gerbv RS-274X aperture macro outline primitive out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit d7f42a9a. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a...

9.3CVSS7.6AI score0.01268EPSS
Exploits1
Debian
Debian
added 2021/12/03 7:45 p.m.23 views

[SECURITY] [DLA 2839-1] gerbv security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2839-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky December 03, 2021 https://wiki.debian.org/LTS -...

10CVSS9.5AI score0.02894EPSS
Exploits1
NVD
NVD
added 2021/11/19 7:15 p.m.46 views

CVE-2021-40391

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

10CVSS0.02894EPSS
Exploits1References3
OSV
OSV
added 2021/11/19 7:15 p.m.3 views

DEBIAN-CVE-2021-40391

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

9.8CVSS8.6AI score0.02894EPSS
Exploits1References1
Prion
Prion
added 2021/11/19 7:15 p.m.16 views

Cross site scripting

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

7.5CVSS9.5AI score0.02894EPSS
Exploits1References3Affected Software3
OSV
OSV
added 2021/11/19 7:15 p.m.1 views

UBUNTU-CVE-2021-40391

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

10CVSS7.4AI score0.02894EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2021/11/19 7:15 p.m.26 views

CVE-2021-40391

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

10CVSS7.3AI score0.02894EPSS
Exploits1References5
Rows per page
Query Builder