collective.task 跨站脚本漏洞

collective.task is Collective open source a Plone task management tool . A cross-site scripting vulnerability exists in collective.task versions prior to 3.0.9, which stems from the function renderCell/AssignedGroupColumn in the file src/collective/task/browser/table.py, which is manipulated to...

PT-2022-27453 · Unknown · Collective.Task

Name of the Vulnerable Software and Affected Versions: collective.task versions up to 3.0.9 Description: A vulnerability was found in collective.task, affecting the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross-site...

Ukraine Topic Summary Report: Cisco Talos Year in Review 2022

Talos ongoing support for Ukraine has been a large focus of our operational efforts this year. Driven by our core mission of protecting the Ukrainian people and infrastructure, Talos launched a task force of 40+ volunteers dedicated to defending our customers and partners within. This team of...

CVE-2022-20475

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

Design/Logic Flaw

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

December 13, 2022—KB5021255 (OS Build 22621.963)

December 13, 2022—KB5021255 OS Build 22621.963 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” release for...

PT-2022-14693 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to a confused deputy in the ResetTargetTaskHelper.java test, which could allow the hijacking of any app that sets allowTaskReparenting to true. This could lead t...

CVE-2022-4322

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

CVE-2022-4322

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

Design/Logic Flaw

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

CVE-2022-4322 maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

CVE-2022-4322 maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

PT-2022-26797 · Maku-Boot · Maku-Boot

Name of the Vulnerable Software and Affected Versions: maku-boot versions up to 2.2.0 Description: A critical issue was found in the Scheduled Task Handler component, affecting the doExecute function of the AbstractScheduleJob.java file. This leads to injection and can be initiated remotely. The...

PT-2024-11848 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc7-00103-gef4d3ea40565 Description: The issue is related to a null pointer dereference bug in the io tctx exit cb function. This bug can cause a kernel panic when the task exits to userspace. The problem...

PT-2022-7676 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the perf pending task function in the Linux kernel, which can lead to a use-after-free condition. This occurs when perf pending task runs after the event is...

Apache Airflow OS Command Injection Vulnerability (CNVD-2022-83588)

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring. Apache Airflow is vulnerable to an operating system command injection vulnerability, which stems from an improper...

Apache Airflow OS Command Injection Vulnerability (CNVD-2022-83589)

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring. Apache Airflow suffers from an operating system command injection vulnerability that stems from an improper neutralization ...

OS Command Injection

apacheairflowprovidersapachepig is vulnerable to os command injection. The vulnerability in due to the application allowing an attacker to control commands executed in the task execution context, allowing an attacker to inject and execute arbitrary OS commands...

GHSA-RMF2-PWFQ-H75J OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider...

GHSA-45R6-J3CC-6MXX OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...