1634 matches found
Sql injection
logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...
CVE-2022-38488
logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...
PT-2022-24424 · Unknown · Logrocket-Oauth2-Example
Name of the Vulnerable Software and Affected Versions: logrocket-oauth2-example versions prior to 2020-05-27 Description: The issue allows SQL injection via the /auth/register API endpoint, specifically through the username parameter. Recommendations: For versions prior to 2020-05-27, as a...
CVE-2022-38488
logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...
The vulnerability of the run_id parameter in the Example Dags function of the Airflow software for data processing tasks allows a attacker to execute arbitrary commands.
The vulnerability of the runid parameter in the Example Dags function of the Airflow software for data processing scenario creation, monitoring, and orchestration is related to incorrect code generation. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary...
Mozilla: Symlinks may resolve to partially uninitialized buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions due to improper validation of user Inputs, densefeatures and examplestatedata, resulting in a CHECK fail in SdcaOptimizer...
GHSA-27RC-728F-X5W2 `CHECK` fail via inputs in `SdcaOptimizer`
Impact Inputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer. python import tensorflow as tf tf.rawops.SdcaOptimizer sparseexampleindices=4 tf.random.uniform5,5,5,3, dtype=tf.dtypes.int64, maxval=100, sparsefeatureindices=4 tf.random.uniform5,5,5,3,...
Mozilla: Symlinks may resolve to partially uninitialized buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is an open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from the fact that entering 'densefeatures' or 'examplestatedata' that is not rank 2 will trigger a 'CHECK' failure in...
Arbitrary Code Execution
apacheairflow is vulnerable to arbitrary code execution. The vulnerability exists in example DAGs of examplebashoperator.py which allows an attacker to execute arbitrary commands via the manually provided runid parameter...
Apache Airflow vulnerable to OS Command Injection via example DAGs
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow versions prior to 2.4.0...
GHSA-6PW3-8H9W-32GC Apache Airflow vulnerable to OS Command Injection via example DAGs
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow versions prior to 2.4.0...
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
Design/Logic Flaw
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
PYSEC-2022-42982
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
Malicious code in react-nesting-example-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0a6877c514ae49fccfe170b75f8405a65c085e2bb1d3d78b1ce4d44bff375d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2022-5600 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.4.0 Description: A vulnerability in Example Dags of Apache Airflow is related to incorrect management of code generation. This issue allows an attacker with UI access who can trigger DAGs to execute arbitrar...
CVE-2022-40127
Apache Airflow before 2.4.0 is vulnerable to remote code execution via the run_id parameter on UI-triggered DAGs. The issue affects the Example Dags component and is triggered by manipulating run_id to execute arbitrary commands. Public references describe RCE on Airflow